As we all know about Yahoo’s recent announcement about a massive data breach of around 500 million passwords getting hacked by some hacktivists which shook everyone as if this big firm’s servers are not safe then where else we can expect that our passwords won’t get compromised?
According to a recent report it was found out that the passwords that were in long strings and were alphanumeric with special characters in it were near to impossible to crack and only those that are weak, resemble any particular common word or about a person’s life or their mobile numbers etc gets cracked easily.
According to Mr. Jarno Niemela lead researcher at F- String, “the password length should be at least 20 characters, but preferably 32.”
He further added, “Humans in general are really bad password generators. No matter how unique you think your password is, its components are still likely to be in some dictionary, and a powerful cracking cluster will come up with the exactly right combination.”
And he seems to be right too as looking at the recent iOS 10 vulnerability and the tool that is able to generate 6 million passwords to crack one password for that vulnerability clearly states how easy it is to get that one “particularly hard” password you just made for securing some really important and secretive part of your life.
He also stated that these long passwords should also be accepted from the developer’s as well as site’s end and they should store the password with the “Hash tag” algorithm.
Hashtag algorithm is a method that makes the server save all the passwords in different combinations and saves it from being there in clear text.
He also stated that, “So, you, as a customer, cannot affect what kind of password storage the service providers are using, But you can still frustrate all but the most advanced attacker’s efforts by using long enough random passwords.”
We must take online privacy really serious and try to avoid making short and easy passwords that are pretty easy to crack.