KeriBlog

Cars, Security & a Peek into my Life

Why an 8-Character Password is Not Enough

Take a common password8 characters in length, composed of 1 word, 1 numbers and 1 punctuation mark:

The Attack

Using a script (a program that automatically executes tasks instead of a human), the script starts to guess all possible 8-character password combinations. This will take about 3 days.

This is a brute force attack – very little elegance, just plain old grinding it out.

The More Sophisticated Attack

Using a dictionary attack, again the attacker runs a script, but this time instead of random guessing, dictionaries of words are tried first, specifically, the most common password words are tried.

See yours in here?

The Defence

Choose 3 obscure words, string them into a sentence separated by punctuation and numbers.

***

This post has been brought to you by Nuix and KeriBlog. Meet Nuix here.