Cracking the Code on Password Protection

Passwords are often overlooked, which is unfortunate because poor password protection is like handing over your house keys to a thief.

Posted by Joe Gerard in Corporate Security on February 23rd, 2011

To add to my collection of corporate security tips, I’ve been looking for specific information pertaining to password protection. Passwords are often overlooked, which is unfortunate because poor password protection is like handing over your house keys to a thief. John, one of our IT guys pointed me in the direction of a recent article from Bloomberg Businessweek, “The Problem With Passwords“. The article contains data compiled from Gartner, Forrester, Duo Security, Imperva and LastBit Software, comparing and contrasting different password lengths. The data included in the article also reports that the most common passwords are 123456, password, 12345678, qwerty and abc123.

Password Problems:

Here’s some more interesting information from the article:

Time it takes a hacker’s computer to randomly guess your password:

Length: 6 characters –  Lowercase only: 10 minutes,  Lowercase and Uppercase: 10 hours, Lowercase, Uppercase, Nos. & Symbols: 18 days

Length: 7 characters –  Lowercase: 4 hours, Lowercase and Uppercase: 23 days, Lowercase, Uppercase, Nos. & Symbols: 4 years

Length: 8 characters – Lowercase: 4 days, Lowercase and Uppercase: 3 years, Lowercase, Uppercase, Nos. & Symbols: 463 years

Length: 9 characters – Lowercase: 4 months, Lowercase and Uppercase: 178 years, Lowercase, Uppercase, Nos. & Symbols: 44,530 years

Average amount it costs a business to field a phone call requesting a password reset: $10
Proportion of help desk calls that are password-related: 30%
Users who choose a common word or simple key combination for a password: 50%

Employee Education

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Based on this information, organizations might want to make it mandatory that all employees must create a password that’s 9 characters long and contains lowercase and uppercase letters, numbers and symbols. You’ll probably be safe with one that’s 8 characters long, but go with 9 for good measure, because 44 530 is a pretty long time. This data tells it like it is and shows you just how quickly computers and other systems with poor passwords can be hacked. You can’t afford to have employees make these mistakes within your organization. The information from this article has been printed and hangs in a central location in our office as a reminder for employees.

It might be a good idea for your company to do the same thing. Employees need to be educated about password protection because a password like 12345678 isn’t going to cut it when it comes to protecting files containing confidential information. Hopefully this information serves as a wakeup call for those who don’t take time to consider the importance of their password choices – or those who stick to the same password for everything.


Joe Gerard
Joe Gerard

VP Sales & Marketing

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit My Website