Why does Kevin Mitnick recommend 20+ character passwords?

radeon_city.jpgThe background is based on current state-of-the-art password cracking technology.

In short, hackers penetrate the network, get access to a domain controller and pull the file with all user names and passwords out.

Next, they load this file in a dedicated passwords cracking machine using hashcat. This hardware that can crack any Windows 8-character password in just a few hours.

Kevin owns one of these rigs and uses it during his penetration test jobs. Using passwords or pass-phrases of 20+ characters makes this several orders of magnitude harder. 

Here is an Arstechnica article that explains the technical background in detail:

Topics: IT Security, KnowBe4

Subscribe To Our Blog

Free Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews