My password is bigger than your password

Posted: August 16th, 2010 | Author: | Filed under: CBC, tech | Tags: , , , | 4 Comments »

My password is bigger than your password. And that’s a good thing.

According to researchers at Georgia Tech, GPU-accelerated brute-force password cracking techiques are getting really good:

“Right now we can confidently say that a seven-character password is hopelessly inadequate,” said Mr [Richard] Boyd, “and as GPU power continues to go up every year, the threat will increase.”

Instead, Boyd recommends “a 12-character combination of upper and lower case letters, symbols and digits.”

That’s good advice. But alas, we live in a world where 75% of the population uses the exact same password for their email and social networking accounts, and the 5 most popular passwords go like this:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou

Personally, I use 1Password1 to generate and manage strong passwords, and I love it. I have to say, there’s a special warm, fuzzy, geeky feeling that goes along with knowing you’re using good passwords. It’s not unlike the feeling I get when I know my family photos are redundantly backed up.

My next CBC tech column (Tuesday on CBC R1 afternoon shows across Canada) is all about generating good passwords. It’s good advice to hear anytime, but if you use the same password for more than one site, seriously, change it now.

  1. There are many other tools that do this. See: RoboForm, KeePass, MyPasswordSafe, Password Agent, Password Safe, Sxipper, Passpack, TurboPasswords, etc.

4 Comments on “My password is bigger than your password”

  1. 1Paul Mcgrath said at 6:38 am on August 17th, 2010:

    although I don't use software, having a system is pretty indispensable when trying to remember hundred of different passwords for different sites.

    what frustrates me to no end is sites that force us to make passwords less secure, for instance banking sites that don't accept special characters, or limit the number of characters. not only does is this a nuisance, but it makes the whole customer base an attractive target to hackers.

    how come you don't use the firefox password manager?

  2. 2alanna cavanagh said at 3:38 pm on August 18th, 2010:

    hi dan
    congrats on being knighted the new tech columnist!
    heard you on tuesday.
    sounded good.
    alanna

  3. 3Dan Misener said at 5:41 pm on August 18th, 2010:

    I would use the FF manager, except I'm often using other browsers: FF and IE at work, then Safari, FF, and Chrome at home. I love that 1Password can sync everything up, like magic.

  4. 4Dan Misener said at 5:45 pm on August 18th, 2010:

    Thanks, Alanna. I'm really enjoying the new gig.

Leave a Reply