not sure what are all those dismissive comments are about. the news here is that it become exceptionally EASY to brute-force an 8 character password. 8char passwords did provide the security for a while, but it seems they don't anymore. Equipment built from off the shelf components (and not too many of them) can break such passwords today. I'm sure it will soon be used not just by NSA but by almost anyone, including some 'recovery' businesses.
This is idiocy. There is no system in existence that I know of where you will be allowed to sit and try millions of passwords.<p>About the only place I can think of is encrypted partitions, when you somehow obtained the physical drive. But that usually has other, additional security mechanisms in place.<p>After failure number 5 most systems just lock the account. All the requirements on password complexity are sheer idiocy.
Worst researched article ever.<p><i>A website called Password Safe will store a list of passwords for you, but Boyd and Davis said it may still be possible for a hacker to obtain that list.</i><p>PasswordSafe is a software program (created by Bruce Schneir) that stores your passwords on your own computer. It is not a website for storing passwords.
<i>But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.</i><p>I love how they position this as some sort of strenuous discovery and not simple math.