Online Passwords: Changing with the Times

November 15, 2019

If you’ve spent any time around computers and the internet, you’re familiar with passwords. For many years, the best practice was to go for complex passwords with a mix of character types. However, new kinds of hacking require a different approach to security.

In the past, many websites required passwords to be 8 characters long with an uppercase and lowercase letter, a number, and often a special character. These passwords held up the best because they were complex and protected against the guesswork types of hacking that were once popular.

Now, hackers have access to stronger computing power and are using brute force password attacks. In brute force attacks, hackers simply try every possible password. The most effective protection against this kind of attack is to increase password lengths: a 3-digit numbers-only password has only 1,000 possibilities, while a 4-digit numbers-only password has 10,000 possibilities. Having two character types greatly increases security as well; a 13-character password with 2 types of characters would take about 41,000 times longer for a computer to crack than a 13-character password with only one kind of character.

Consider this real-life example*:

  • R4nd0m!@ would take less than one day for a hacker to crack with modern computing power.
  • I work at hbt would take up to 34,000 years for a hacker to crack. Despite appearing simpler, this password contains 5 additional characters that add considerable protection against a brute force password attack.

So what does all of this mean for you? You can expect to see many companies changing their password requirements, like Heartland Bank already has. For questions regarding Heartland Bank's Online Banking access, please contact your local branch or our Customer Care Center.

*This example assumes a computer that can guess 100,000,000,000 passwords per second.

This content is for informational purposes only. Readers should under no circumstances rely upon this information as a substitute for their own research or for obtaining specific advice from their own counsel.