As processing power ever increases, the time it takes to brute force passwords reduces significantly. As an example, two years ago it took eight hours to hack an eight-character password with numbers, uppercase, lowercase letters and symbols, it now takes 39 minutes. Nine-character passwords reduced from three weeks to two days. Scary stuff.
See the table below to see just how quickly a password can be guessed:
If you use the same password in multiple places and one of those websites is compromised (more common than you may think!), your known password gets added to a hacker’s dictionary which is then used to hack into other accounts with the same username (usually your email address). If this is the case, the time it takes to break into your account would be very different.
If you want to check if your accounts have been part of a known data breach, visit https://haveibeenpwned.com/ and search both your work and personal email accounts.
Our Technical Services team recommends following the below for your password requirements:
- Minimum of 12 characters
- Lowercase, uppercase, symbols and numbers
- Must be a unique password for that account
Of course, setting up passwords that are difficult to crack is only one element of protecting yourself against cyber criminals. We recommend that all businesses no matter how small seriously consider implementing key solutions as per the Cyber Essentials guidelines, even if you do not wish to get certified, although if you have Government contracts there are some changes to awards in the new year.
The five key controls all businesses should consider are:
- Firewalls and internet gateways
- Secure configuration
- User access control
- Malware protection
- Patch management
Our advice is don’t leave any element of your security to chance.