Last Updated on November 3, 2025 by Dave Farquhar
In case you missed it, a researcher has built a system that can crack every possible 8-character password in less than six hours. 8-character passwords are obsolete.
If he’s got it, so do the bad guys.
In fact, that’s why security researchers build this kind of stuff. By exposing that security practices are obsolete and need to change, hopefully they can get people to change old habits before the bad guys manage to exploit the obsolescence too badly.
So, use longer passwords. Don’t use dictionary words. And consider getting a password manager like Password Safe and switching to completely random, long passwords. Because chances are your clever formula has been exposed in one of the big password thefts that’s happened over the last year or two. The problem is that any password that’s easy for a human to remember is also easy for a computer to generate. When you can try 350 billion passwords per second, “easy” becomes much more relative.
This summer I heard more than one security professional say antivirus is broken. But passwords are even more broken, and there are more ways to compensate for ineffective antivirus than there are for ineffective passwords.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.