The Average American's Password Could Be Hacked in Under One Hour

[numike]

Content source

https://www.safety.com/digital-safety/average-americans-password-could-be-hacked-in-under-one-hour/

A recent study conducted by security firm Hive Systems found that passwords below ten characters in length could often end up hacked in under an hour (and this length of time is shrinking as computer hardware processing power improves).

According to their study, passwords that were at least 12 characters long, even if only lowercase letters, would take upwards of a year to crack, with passwords at least 15 characters long taking upwards of 1,000 years. Comparing their research with the Safety.com survey data, the average U.S. resident’s password could be hacked in under an hour, with many more potentially being hacked instantly.

How to stay safe online: CNET's security checklist

Safeguard your personal information against the most common Internet perils by taking these security measures.

www.safety.com

 

[shmu26]

It doesn't matter. No hacker is going to spend an hour on cracking your password, when he can buy a million passwords for a few dollars.

 

[SumTingWong]

my password length is 69 letters long so good luck with that

 

[Viking]

Most of mine are 75 characters long.

It would take a computer about 37 million quadragintillion years

 

[AG3S]

I believe the problem is not only the passwords. When Quantom computers come, even the most difficult passwords will be hackable. To avoid such situations the sevice providers should harden their services.

For example they should push for 2FA and more complex security measures in identifying the user. A good challange would be when the IP address of the user is changes completelly to a new IP range no matter the country. Then the user should be asked for the code which is sent to the email or his/her mobile phone.

I know it seems to be a little extreme but this is the future that we have to leave in!

 

[ForgottenSeer 85179]

It doesn't matter. No hacker is going to spend an hour on cracking your password, when he can buy a million passwords for a few dollars.

Right. Longest password doesn't help if database gets hacked and is insecure which is mostly the case.

I believe the problem is not only the passwords. When Quantom computers come, even the most difficult passwords will be hackable. To avoid such situations the sevice providers should harden their services.

For example they should push for 2FA and more complex security measures in identifying the user. A good challange would be when the IP address of the user is changes completelly to a new IP range no matter the country. Then the user should be asked for the code which is sent to the email or his/her mobile phone.

I know it seems to be a little extreme but this is the future that we have to leave in!

All these problems can be fixed with FIDO 2 hardware keys which exists for some time already.
But only very few services (like Microsoft) support that password-less authentication. That can also be combined with any 2FA

 

[Cortex]

My passwords are one hundred billion characters long !

 

[Thales]

It is about convenience and ignorance.
I don't even try to help anymore because average Joe doesn't want to replace his password which is usually looks like this "Joe1990".
.

 

[AG3S]

Server-side solutions aside, I believe the best thing would be to kind of force the users to use password managers. I know this also needs so much effort but when they get used to it, it will be easier to ask them to use stronger passwords.

 

[Digmor Crusher]

As someone already said, doesn't matter how long it is, the server of your bank, income tax records, email, credit card etc will eventually be hacked anyways.