A minimum size and complexity password policy that is enforced is a basic principle of information security. This is doubly important for all administrative users’ passwords. Many times Hackers will gain access to a local users account and sniff the encrypted hashes of other users. Today’s powerful computers can crack an encrypted Windows hash of a password relatively quickly. Each additional character in a password increases its complexity and the time it takes to crack the account. The payment card industry requires seven character passwords that change frequently, but this is way too short for service and administrative accounts.
For instance, a seven-character, all lower-case alphabetic password would have over 8 billion possible combinations. At a conservative 1,000,000 attempts per second (a capability of many password-cracking utilities), it would only take 133 minutes to crack. By adding case sensitivity to a seven character password has as over 1 trillion combinations. The combinations associated with a seven-character case-sensitive alphanumeric password without punctuation might seem to be a large number, but at 1,000,000 attempts per second it would take only 11 days to try all possible passwords. Remember, these times will significantly increase for passwords that use alternative characters and other special keyboard characters such as "!" or "@". Proper use of the password settings can help make it difficult to mount a brute force attack.
Our security team can test the strength of your passwords by utilizing popular password cracking tools and multiple high speed computers. In our report, we will identify our password findings that you can use to manage your users password. Our security professionals can assist you with setting a proper password policy and introduce addition security concepts such as two factor authentication, single sign on, and other techniques.