- Keeping your crypto safe should be your highest priority
- Exchange and wallet passwords should be unique and suitably complex
- Brute force attacks now render anything less than 16 characters unsafe
When choosing a password to protect our various cryptocurrency exchange, wallet, and tax software accounts (what do you mean you don’t use tax software?!), we like to think our well thought out string of seven or eight letters and numbers that refer to our cat’s birthday is strong enough. And we’d be wrong – a hacker could now brute force this password in a little over half an hour. In fact, recent research suggests that the minimum we should be looking at for sensitive accounts is a random combination of 16-18 upper- and lower-case letters, numbers, and symbols. Is it time to give your passwords a makeover?
Brute Force Attacks Still Popular
A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys, where the hacker tries multiple usernames and passwords, often using a computer to test a wide range of combinations, until they find the correct login information.
The name “brute force” comes from attackers using excessively forceful attempts to gain access to user accounts. Despite being an old cyberattack method, brute force attacks are tried and tested and remain a popular tactic with hackers.
Passwords Shouldn’t be Less Than 12 Characters
Over the years, brute force hackers’ resources have grown tremendously, growth that has accelerated even in the last year. According to cybersecurity solutions firm Hive Systems, a nine-character upper- and lower-case password that would last year have taken brute force hackers 19 hours to break through now takes only one hour:
Check out the reduction in brute force attack time on passwords since last year. Looks like 16-18 characters should be the absolute minimum. pic.twitter.com/8JX0YMwaMs
— Ezra Bowman (@ezrabowman) April 10, 2022
As we can see, numbers-only passwords should be a thing of the past for everyone, and even lower-case characters only should not be countenanced under 12 characters. Of course by now most of us should be using a password manager which allows suitably long and random combinations to be inputted, but for those who like passwords they can memorize, an 11-digit combination of upper-case and lower-case letters and numbers is the minimum you should be looking at, and that could even become more dangerous next year.
For most people, setting your password manager default to 16 characters with both letter types, numbers, and symbols should be a good way to futureproof your accounts, and you should take this opportunity to review your most sensitive accounts (at the very least) and carry out a password upgrade.