A password is the linchpin for access to most modern technology. A common best practice is to require users of sites and services to have passwords of at least seven characters. Many companies also ask users to include special characters. Yet these practices are not the best way to construct a secure password.
In a video with eSecurityPlanet, Trustwave Senior Security Consultant Garret Picchioni demonstrates how easy it is to use a brute force attack method to crack a seven character password with special characters.
"If you have a seven character password, we'll run through it in about three minutes," Picchioni said.
A passphrase is a far more secure form of security than a password, Picchioni said. He noted that a password that has seven characters, including special characters, is actually less secure than a 13 character password that doesn't have special characters. As more characters are added, the total possible combinations for brute force cracking goes up exponentially.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
A passphrase could be as simple as "myhometownissanfrancisco," which is difficult for common brute force password crackers to break. Going a step further, Picchioni demonstrates how the passphrase of "thisismypasswordnoreallyitis" is more secure than the type of password that most users have today.
"I'll take this password over a seven or eight character password, all day long," Picchioni said.
Watch our full video interview below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.