Skimming the news today, I "Stumbled" upon a very interesting article on cnn.com. The basic summary of the article is that researchers now want users of the internet to update their passwords up longer than 12 charters with multiple numbers and capitalization. The researchers at Georgia Institute of Technology have stated that the 8 character standard on password won't stand up to the high tech hacking that is occurring today. Now, I have two thoughts on this. 1. I remember when four characters was the standard and that was only six years ago. 2. If we have tripled the number of characters needed in six years, and the advancement of technology is exponential; in just a few years we will all need to have 36 character long passwords in only three years!
Their comes a point in time when convince is going to be more valuable than security of the information that you have on the internet. Trying to remember a 36 characters long password will be like remember a sentence. Now if you think that will be easy, think about this. With in the next 10 years, at this rate, a secure password will have to be about 75 characters long. Within 20 years, a secure password will be around 120 characters long. That's is the same as the space allowed for a text message!! When was the last time you could remember a text message character for character. Try it tonight and I bet you will find it very difficult to remember that structure tomorrow, or even a week from now.
If you don't believe me, you do your own math. Below I will post the article that I used as my source, and all the information that you will need to redo my own algorithm.
CNN Article:
How to Create a 'super password'
Formula Notes:
I used 2002 as my start year. It is the place where I had first real data. So 2002 = 0 on a graph.
Data points I used to create the formula: (-10,0), (0,4), (6,12), (9,24), (10.5,48)
Note: I had 1992 as 0 because internet password security was not a real concern for many users using the internet.
f(x)= (0.2037x)^2+(1.7953x)+1.2948
f(x) fits the data points very well, If anyone else has better data, just comment on the post and I'll try to rework my formula.
I agree that password strength is getting a little out of hand. It can be frustrating when you are trying to create an account on a website and they have a system where if your password is not a certain length or does not have numbers or capital letters in it, that it will be rejected. Some people use a certain password as their universal password for everything and if it does not fall under the specific guidelines, it can be frustrating to come up with a new one for just that one website. On the topic of future passwords getting longer and longer, I think that future technology will replace passwords with some higher level technology that acts as a password. Otherwise we will have to memorize a short paragraph as you pointed out.
ReplyDelete