Quote from alanm:
Quote from MR.NBBO:
An eight character maximum can be fairly easily hacked, how about 15-20+ character maximum.
Can you help me understand how?
With about 100 possible characters, an 8 char password is 1x10^16 combinations. Assuming a brute-force attack gets there an average of half-way through the total, and 1 second per try/fail (it's actually a bit worse than that with TWS, much higher with AMS), I get about 0.5x10^11 days to crack. This assumes that there is no lockout mechanism after a certain number of unsuccessful attempts (is there, IB?).
A PC (or string of networked in-line computers), can attempt millions of brute force tries per second.
IF you use all possible characters types allowed, an 8 character password shouldn't get broken. This does take some work, actually, creating a good password with only 8 maximum characters. Most people aren't nearly safe enough with 8.
It completely depends on how you use the characters allowed.
Using only lower case, alphanumeric, you can crack 8 characters in several seconds on a good machine.
Upper and lower case, alphanumeric, 8 character password (52 possible characters in it ea.), it can take a few days to a few weeks.
Upper and lower case, alphanumeric, AND FULL ASCII character set used in creating a 8 character password (94 possible characters in ea. place), it can take many millenia to crack.
I've seen no lockout on TWS for failed attempts.
I'd venture that 80%+ of standard 8 character passwords take only seconds, to several days to crack. Everything is exponential, whether it is the processing power of the computer(s) or the length of the password, or the number of different types of characters used in password creation.
Here's a quick google of a really old article about cracking on on old 400+mhz machine (But there is good general advice to be found here as well for the average joe, about passwords).
http://geodsoft.com/howto/password/cracking_passwords.htm