How to Create a “Super” Password.

Say goodbye to those wimpy, eight-letter passwords.

The 12-character era of online security is upon us, according to a report published by Georgia Tech.

The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.

But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.

“The length of your password in some cases can dictate the vulnerability,” said Joshua Davis, a research scientist at the Georgia Tech research Institute.

It’s hard to say what will happen in the future, but for now, 12-character passwords should be the standard, said Richard Boyd, a senior research scientist who also worked on the project.

The researchers recommend 12-character passwords — as opposed to those with 11 or, say, 13 characters — because that number strikes a balance between “convenience and security.”

They assumed a sophisticated hacker might be able to try 1 trillion password combinations per second. In that scenario, it takes 180 years to crack an 11-character password, but there’s a big jump when you add just one more character — 17,134 years.

Passwords have gotten longer over time, and security experts are already recommending that people use full sentences as passwords.

Here’s one suggested password-sentence from Carnegie Mellon University:

“No, the capital of Wisconsin isn’t Cheeseopolis!”

Or maybe something that’s easier to remember, like this:
“I have two kids: Jack and Jill.”

Even though advances in cheap computing power are making long, complicated passwords a necessity, not all websites will accommodate them, Boyd said.

It’s best to use the longest and most complex password a site will allow, he said. For example, if a website will let you create a password with non-letter characters — like “@y;}v%W$5” — then you should do so.

There are only 26 letters in the English alphabet, but there are 95 letters and symbols on a standard keyboard. More characters means more permutations, and it soon becomes more difficult to for a computer to generate the correct password just by guessing.

Some websites allow for super-long passwords. The longest one Boyd has seen is at, a financial site that lets users create 32 character passwords.