Generate strong passwords/passphrases

Hi. Craig Peterson here with a blink into secure passwords.
 
Many businesses insist that their eight character passwords are secure because they force complexity requirements, and frequent password updates.
 
Not true. 
 
These old password policies are all about making passwords hard to guess and the hashes hard to crack.
 
Length trumps complexity.
 
A password that is nine characters long will take about two hours to brute force crack. Adding one more character extends it to a week. 
 
Passphrase are even stronger than passwords. Stringing a few words together to use as a password, can increase the time to crack to years or even centuries.
 
It only takes a quarter of a second to crack a 7-character password consisting of all lowercase letters. However; it would take nearly 200 years to crack a 12-character passphrase.
 
Strong passwords will not only protect your devices and systems from being accessed if a smartphone or laptop is lost or stolen, protecting your business from hackers. 
 
Remember that it’s also critical to have a different password for every account you create at home, at the office, or on the web. 
 
And the best way to create and securely store passphrases and passwords is to use a password manager like 1password or LastPass. I’ve got some more recommendations on my web site.
 
 

Password Tips

1. Longer passwords, even those consisting of simpler words or constructs, are far better than short passwords that rely on numbers and special characters.

2. We recommend combining multiple words into a long string of at least 16 characters.

3. Using a passphrase makes it easier to remember.

4. A longer password takes longer to crack and requires the use of more computational resources to break it.

5. When hackers break-in and steal or acquire your encrypted password from the dark web, the computing resources required to crack that password prevents them from using it because they don’t have access to these services.

6. NIST came up with new password recommendations in 2017. In this, they outlined best practices for password construction. They recommended to programmers that all websites and web services change their credential acceptability of passwords with a length of up to 64 characters.

To Check if Your Email Address is available to hackers and cybercriminals go to Have I Been Pwned 
 
To Check if Your Password is available to hackers and cybercriminals go to Have I Been Pwned/Passwords 
Malcare WordPress Security