The Imperva Application Defense Center has released some interesting stats on passwords and password hacking in a new study analyzing password strength. Since hackers and hacking software are becoming increasingly sophisticated, it has become necessary to buttress personal security by upgrading old passwords.

In fact, a breach in Dec 2009 led to the capture of 32 million passwords which were subsequently posted to the internet – fortunately with no identifiable information.

Imperva has released new suggested protocols for passwords that I wanted to pass along.

1. Passwords should be a minimum of eight characters.
2. Passwords should contain a mixture of special characters, numbers, and both upper and lower case letters.
3. Passwords should not be words found in the dictionary.
4. Passwords should contain no personal information.

Additionally, Imperva is suggesting a shift in thinking from having a password to having a truncated passphrase such as:

“This little piggy went to market.” Which might become “tlpWENT2m!.”

Click Here to download the report.