Even long passwords can be cracked in minutes now.

http://www.salon.com/2013/09/02/no_password_is_safe_from_new_breed_of_cracking_software_partner/

http://www.zdnet.com/password-breaker-successfully-tackles-55-character-sequences-7000019891/

Until recently a popular password cracking tool could only handle up to 15 characters and compared to the newer version was pretty slow. New techniques used by password crackers in combination with this new tool now makes even long passphrases much less secure.

There is a technique call dictionary attack where a range of popular words are tried before moving on to “brute force” attacks. The dictionary attack tries words like 12345678, monkey, password, qwerty and many other variants. The 15 character limit however kept long passphrases out of reach so “Thequickbrownfoxjumpsoverthelazydog” would have been a pretty decent passphrase.

With the 15 character limited passed, crackers could pull popular phrases from books, wikipedia entries, songs and movie quotes to bring even the following quote from a H.P. Lovecraft story “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn1,” to it’s knees in minutes.

Now more than ever, we need to strengthen our passwords by using tools like lastpass.com and start using 2 factor authentication when it is offered.