Security News The Inconvenient Truth About Your Eight-Character Password

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
October is National Cyber Security Awareness Month (NCSAM), which means it’s time to talk about passwords for the umpteenth time. Why beat this dead horse again? Because just about everyone still uses passwords, and even the most recent password security recommendations do not make them any stronger.

This year, the recommendation was eight characters — but how many people actually think an eight-character password is sufficiently secure? The majority most likely only use one because they have been told that a password with eight characters is stronger than one with six.

Sorry to be the bearer of bad news, but the truth is that eight characters are not enough.
How to Truly Strengthen Your Password Security
While these findings are alarming, there are several simple actions users can take to truly strengthen their password security:

  1. Ensure that all the passwords you use across websites are unique. This is the first and most important step you should take.
  2. Use a password manager to track and change passwords between sites and systems.
  3. Use fake information for password reset questions and birthdates and ensure this is stored in your password manager.
  4. Use passwords that are 12 characters or longer. Since most of us remember eight-character passwords, why not bring together two of them? Ensure this password is used for your password manager.
  5. Change your passwords at least annually, but preferably quarterly, and absolutely after any notification of a breach.
  6. Back up your passwords. Keep an off-site hard copy that is protected in case a cloud service fails.
  7. Ensure that all passwords in your password manager are randomly generated (most password managers include this functionality).
  8. Change the password to your password manager at least annually or whenever it has been compromised.
... ... ...
 
L

Local Host

Talk about being paranoid, anyway the number of characters in a password is irrelevant (not totally of course). What you want is high bit rate password, that is influenced by characters used and length (not the length of the PW alone).

With 8 character (letters, numbers, special characters) password, you can have an average of 64 bits password (which is good enough for me).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Nowadays there are billions of log-ins that have been posted on the net, stolen from hacked sites. I don't think it pays for a hacker to brute-force an 8 character password, unless you are a high-value target.
The one important thing is to use unique passwords for sensitive sites. That way, a hacked website will hardly affect you.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
My password manager deals with passwords so they are long but not too long in the case i have to type them for some reason. This whole remembering thing is idiotic as none can remember a lot of long passwords.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top