Why does Kevin Mitnick recommend 20+ character passwords?



radeon_city.jpgThe background is based on current state-of-the-art password cracking technology.

In short, hackers penetrate the network, get access to a domain controller and pull the file with all user names and passwords out.

Next, they load this file in a dedicated passwords cracking machine using hashcat. This hardware that can crack any Windows 8-character password in just a few hours.

Kevin owns one of these rigs and uses it during his penetration test jobs. Using passwords or pass-phrases of 20+ characters makes this several orders of magnitude harder. 

Here is an Arstechnica article that explains the technical background in detail:
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/


Topics: IT Security, KnowBe4

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews