Accession Number:

AD1004021

Title:

Password Complexity Recommendations: xezandpAxat8Um or P4$$w0rd!!!!

Descriptive Note:

Technical Report

Corporate Author:

DEFENCE RESEARCH AND DEVELOPMENT CANADA VALCARTIER (QUEBEC) VALCARTIER Canada

Personal Author(s):

Report Date:

2014-10-01

Pagination or Media Count:

34.0

Abstract:

The password-cracking world is in turmoil. Many new technologies, such as graphic cards e.g. NVidia CUDA or ATIAMD GPUs, make easily available computing power that was previously reserved to very rich organizations. Many efficient tools followed using these technologies, for better or for worse. This report illustrates the type of performance one can obtain from a generic 2,000 computer and the lessons to learn on password length for different web sites and software programs. The larger conclusion is that an 11-character password, containing uppercase-lowercase-digits-symbols, is the ideal length for the foreseeable future when no other information is available. More characters are always better less can be dangerous in the current state of the technology. The use of a password manager, a program that generates and manages strong, complex passwords, is strongly recommended.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE