Microsoft's Strike on Cybercriminals and SFX backdoor- April 1st-April 7th - This Week in Security

Hello Everyone, this week your editor is Dharminder. I am back again with another edition of This Week in Security, This week I have looked at a study on how fast AI powered tool can crack...
Published Apr 12, 2023
Version 1.0
security
twis
Dharminder's avatar
Icon for SIRT rankSIRT
Security Engineer, Current holder of SANS GCIH, GWAPT, F5 Security Solutions, Certified Kubernetes Administrator, Certified Kubernetes Security, CISM certifications.
View Profile
AaronJB's avatar
AaronJB
Ret. Employee
Apr 14, 2023

Really nice article, Dharminder!

On the subject of password strength, I think I'd be fine with 12+ mixed case letters - I'm not going to be around in ~300 years.. of course there is the argument that compute speed is going to continue to improve, and 289 years could quickly become 5 minutes but then where do you draw the line? 2Bn years could become a week, etc.. I think it's too soon to say how fast crack time is going to decrease.

One thing that is indisputable though - 8 characters with a mandate for a single number and punctuation character definitely isn't enough in 2023.