Statistically speaking, your banking password probably can be hacked

Return To Article
Add a comment
  • jtweav Rexburg, ID
    Jan. 17, 2013 9:31 a.m.

    Password is dead, see wired magazines: Kill the Password: "Why a String of Characters Can’t Protect Us Anymore". All they have to do is crack into one website you're linked to. In the last days our sins will be shouted from the roof tops. Everything is online and the only protection is to be self sufficient without money and passwords online should they become compromised.

  • srw Riverton, UT
    Jan. 16, 2013 12:30 p.m.

    "But if a password has 10 characters, it has 8,836 more possible combinations than an eight-character password and would take a password-cracking machine more than five years to crack."

    I see that statement in the Deloitte report, but it's not correct. A 10-character password has 3,844 *times as many* possible combinations as an 8-character password, which is a *lot* more than "8,836 more" combinations. (I assumed only lowercase and uppercase letters and numerals; with other symbols included the number is even greater.) It doesn't take five years to try 8,836 extra combinations.

    From what I've read elsewhere, even 10 characters isn't enough to be safe. We should shoot for 15 or more. They don't need to be cryptic ("!3(o4B?aJ,5nV"), they just need to be long ("tHis9is9very9hard9to8guEss").