Does your password requires at least the following?

• Must be a minimum of 8 characters
• Must contain at least 1 number
• Must contain at least one uppercase character
• Must contain at least one lowercase character
• Must contain at least one special character (!@#$%^&*)

Research recently showed this password is cracked in 39 minutes! Yes... you took a risk for brain damage in order to come up with a password like this or let your password manager did the job en still it can be cracked so so fast.

In 2020 this password was cracked in 8 hours. That's just 12 times slower then what it is now, imagine how fast it will be within the next 2 years from now.

Password on steroids

Best possible way to come up with a password is according to the Diceware-method https://diceware.dmuth.org/

Experts use this to add randomness to the words your password contains. Every 5 numbers you throw in a row belongs to a word. Repeat this process until you have at least 7 words and create a passphrase:

CannonVirtuousMovableUnnerveRectifiedCreasing

Safety vs userfriendly

One problem is this won't be acceptable by our minimal requirements like we said in the beginning. Of course we can add a number and exclamation mark or whatever, but this isn't the best solution.

Also this is pretty harshe to ask everyone to do for "just a password". This also depends on what the value is of what you are trying to secure. But since people are lazy, lets come up with a solution that works for everyone.

What we can do is higher the least minimal of characters used. If you go from 8 to 12, this means it can be cracked in 3000 years(!) in 2022. Still in 2020 this was 34000 years, so what will it be within the next 2 years? But this takes waaayyyy more time to crack so hopefully the hackers decides to target an easier victim.

Source: https://www.hivesystems.io/blog/are-your-passwords-in-the-green?utm_source=tabletext