The leap in the brute force time going from 11 character passwords to 12 character passwords is huge, especially for passwords with numbers, lowercase and uppercase letters. Even without the special characters, the increase is from 10 months to 53 years.
That is a very interesting table. Thanks for posting it.
I use complex, long passphrase for the most important things. My LastPass passphrase with mixed numbers and punctuation is 23 characters long, so it looks like I am safe for more than 26 trillion years!
Of course, Google’s quantum computer breakthrough is going to change all of this at some point.
The big problem I have is my wife who has almost zero tolerance for complexity. Getting her off “abc123” was hard (just kidding). I got her to use a short passphrase and append some numbers and characters. But she just cannot grok number/letter substitutions like using a “3” for letter “E” or using “@” for letter “a.” If a passphrase has three letter “a” in it, I’ll use the “@” substitution in just one or two of them. That randomization adds more complexity.
I remember when the auto manufacturers were moving to encrypted keys and they calculated how much computing power it would take a thief to crack the encryption and how long to crack it. They set the bar just high enough such that a car thief would have to invest a lot in computers and take a long time.
Of course, Kia never thought about that.
Yikes!
Good to know how long it takes brute force to get past my passwords