Most sites impose PasswordsPasswords of at least eight characters, but that wouldn’t be enough, according to a new report from cybersecurity firm Hive Systems. To secure passwords in the event of a data leak, sites do not save them as such, but an encrypted version by a hash functionhash function.
To decipher such a password, you must use the Brute forceBrute force. A slow technique, but which is becoming faster and faster with technological advances. Thus, a “strong” password of only eight characters protected by the function MD5MD5and composed of uppercase, lowercase, numbers, and symbols, can be discovered in just 59 minutes with a Graphic cardGraphic card Nvidia RTX 4090.
Passwords of at least 16 characters
If the site uses a more secure hash function, like bcrypt, this time increases to 99 years. But this is the amount of time needed with a single graphics card. With sufficiently resourced access, this time can be reduced to five days. And this is a maximum because passwords using common words are much quicker to crack.
It is therefore strongly recommended to switch to passwords of at least 16 characters, composed of numbers, letters and symbols, and generated randomly. And of course, use a different password for each site. Since it is almost impossible to remember this type of password, it is better to turn to a password manager like Bitwarden, 1Password, Dashlane or LastPass.
