31 October 1985 when “RAMESES II” was an acceptable password for the world’s smartest man. But it was not secure. It is definitely not secure in 2023. (Moore & Gibbons, 1986)
This is the second part of our “Back to Basics” mini-series, where we are looking at the essential steps, that are often overlooked by the user but exploited by the hacker with respect to your password.
Before we start
I just said “password” but I mean “passwords” – we will cover that in part 4!
Your Password Size Counts
This seems almost too obvious to cover, but longer passwords are more secure than shorter ones. There – article finished – your takeaway is use long passwords.
Why should I use a long password?
It is all a matter of resisting a brute force attack on your password security. A brute force attack is when a set of password permutations are tried against your account to see if the password can be cracked. When security experts talk about cracking, what we really mean is “guessing”. If you have a long password it is harder to guess than a short one.
In the example I quoted at the top of the article, that password was guessed, using visual clues left around the computer in question. In the real world, cracking is carried out by powerful computers, that can try millions of password combinations in fractions of a second.
Surely though this article is irrelevant – no one uses a short password
Not so – a recent report about weak password use found that 88% of the passwords in custom brute force/hybrid dictionaries, used against Windows RDP, were of 12 characters or less (Specops. 2023). If these short passwords were not proving successful, the hackers would not waste attack cycles and compute time using them.
People – including IT professionals – are using short passwords. Do not do it or do not let your team do it.
Brute force password help is on it way…
Windows 11 is about to introduce a limit on the number of password attempts allowed and a lock-out on Windows RDP. So unless the hacker gets very lucky with their first few guesses you should be safe… from that attack.
Next
Even more about password discipline.
References
Moore, A., & Gibbons, D. (1986). Watchmen. DC Comics.
Specops. (2023). Specops Software 2023 weak password report. Specops Software. https://specopssoft.com/our-resources/most-common-passwords/