My password is bigger than your password. And that’s a good thing.

According to researchers at Georgia Tech, GPU-accelerated brute-force password cracking techiques are getting really good:

“Right now we can confidently say that a seven-character password is hopelessly inadequate,” said Mr [Richard] Boyd, “and as GPU power continues to go up every year, the threat will increase.”

Instead, Boyd recommends “a 12-character combination of upper and lower case letters, symbols and digits.”

That’s good advice. But alas, we live in a world where 75% of the population uses the exact same password for their email and social networking accounts, and the 5 most popular passwords go like this:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou

Personally, I use 1Password[1. There are many other tools that do this. See: RoboForm, KeePass, MyPasswordSafe, Password Agent, Password Safe, Sxipper, Passpack, TurboPasswords, etc.] to generate and manage strong passwords, and I love it. I have to say, there’s a special warm, fuzzy, geeky feeling that goes along with knowing you’re using good passwords. It’s not unlike the feeling I get when I know my family photos are redundantly backed up.

My next CBC tech column (Tuesday on CBC R1 afternoon shows across Canada) is all about generating good passwords. It’s good advice to hear anytime, but if you use the same password for more than one site, seriously, change it now.