Legal Tech: How long should your password be?

By Peter LaSorsa I have been asked a few times by attorneys, clients and just friends who know I handle technology issues the same question — how long should my password be?  The answer is... it depends on whether you want a guaranteed secure password or one that is probably secure.  At one time, if you had a six-to-eight string of numbers and letters, your password was considered secure. However with the increase in computer processing and the advances in cryptic code-breaking software the new six-to-eight is 12. Why 12? Well, recently researchers at the Georgia Institute of Technology focused on the issue of password security and they determined that with current technology it would take the bad guys 17,134 years to break a password of 12 characters. Bad news if you are planning on living for 18,000 years but good news for the rest of us. In case you are wondering, an 11-character password can be broken in 180 years. And you can imagine how drastically it decreases from there. I know, 180 years is plenty so why the overkill. Technology is increasing at a rapid pace and although the numbers I am giving are true today, they will come down severely in the next few years. So the idea is to build in room for new technology and advances by the bad guys. The researchers believe the best password is an entire sentence, preferably one that includes numbers or symbols. Why an entire sentence? I know many people have been taught that words are weak for passwords but here is the logic. A sentence is both long and complex, and also easy to remember. Remember it doesn’t do any good to have a password you have to write down or that you forget. So a password like RedsoxRule11 is a very strong password that would be impossible to break. And because I am a Red Sox fan it would be easy for me to remember. It also has capitals, and numbers which make it even stronger. The one down side to a 12-character password is some applications won’t let you create one that strong. I believe in the near future that will change and if your application will allow it, I suggest getting ahead of the curve and start using a 12-character password. Peter LaSorsa can be reached at lasorsalaw.com. He also publishes a blog at www.illinoissexualharassmentattorneyblog.com
Posted on April 14, 2011 by Chris Bonjean
Filed under: 
Topic: 

Login to post comments