You Think Your 16 Character Password is Secure? Think Again…

hacker on duty

Cracking 16 Character Passwords in Less then an Hour!

So you think using a 16 character strong password is enough to keep hackers out of your website?  Well thanks to a new program that’s simply not the case.  A team of hackers using nothing more then an over the counter gaming computer with a single AMD Radeon 7970 graphics card was able to crack 14,800 random 16 character passwords from a list of 16,449 passwords that were converted into hashes using the MD5 cryptographic hash function.

The problem is the weak method of encrypting passwords called hashing.  Hashing takes a users regular text password and then runs it through a mathematical function which creates a unique string of numbers and letters called a hash.  Pretty much all your passwords are encrypted this way before being transmitted online.  If a hacker is able to intercept that transmission he can then run your encrypted password through a program and hammer your site with guesses until he gets it right.

To understand the power of these methods it’s worth noting that these programs can process 350 billion guesses per second.

However don’t despair.  It’s actually not too difficult to protect yourself.  Brute force attacks on websites are common but they are easily stopped by simply limiting the number of times a user can login with the wrong password before shutting down the access completly.

So if you limit your login attempts to say 5 tries a user only has 5 chances to guess your password before being locked out.  You could even go a step further and ban any login attempts from IP addresses that have failed to login after a set number of tries.

Just one of the many methods taught in Total WordPress Security.  If you haven’t downloaded the free report yet just fill in the form in the sidebar and you can check it out for free.

As always I’d love to hear your comments….


Thoughts and Comments