Why Password Length is More Important Than Complexity

With automated threats on the rise and taking over the cyberthreat landscape, you need as many ways to stay safe online as possible. Naturally, one of the most talked about topics is login security. There’s a lot of good password advice out there, but the most helpful piece isn’t repeated often enough: just make it longer.

Are complex passwords as secure as people think, and is a complex password more important than a long password? That’s what we’re exploring today.

Complexity Over Length is Just Not Good Password Advice

While complexity can improve your password security, it’s no substitute for a long password.

Think about it this way: A password like “P@ssw0rd1!” follows predictable patterns that hackers can use against you. A hacker can use dictionary attacks and pattern masks to find common letter substitutions in common password elements, undermining the effort you made to create a complex password. Now, complex passwords tend to be shorter, and that’s because they are easier to remember, but if you compare the level of security you get from a long, complex password, you get a credential that is exponentially more secure.

So if you take any piece of advice from this article at all, it’s that you should implement a minimum of eight-character passwords.

Sprinkle In a Little Chaos

Passwords don’t have to be boring. They can even be fun if you add a little entropy to your credentials.

In this use case, entropy means adding an element of randomness to your passwords, effectively making them both longer and more difficult to crack. A long password made up of simple words is going to be far more secure than a simple password with complex symbols. Imagine how much more secure your passwords will be if you opt for something that’s 16 characters long and made up of a simple passphrase!

It’s helpful to remember that you’re trying to outsmart an algorithm, not a human. The algorithm relies on mathematical computations to determine the most likely combination of characters, so if you’re using things that don’t make sense, you’re actually the one outsmarting the logic-driven machines.

Passphrases Make Security More Human-Friendly

When you start adding in words that don’t make sense next to each other, in combination with special characters and a longer password length, you create something magical.

Passphrases are the go-to standard for cybersecurity for a reason, and that’s because they can tap into human memory. A string of random words can be memorable when you make it absurd and fun to picture in your head. This, again, adds to the length of the password. If you create a passphrase that is four or more words, you will have a password that’s 20 or more characters long.

The passphrase actually solves two problems: your passphrases are effectively bulletproof while becoming easier to remember.

Does your business need help with its password management? Phantom Technology Solutions can equip you with technology to make using long, complex passphrases effortless. Learn more today by calling us at (800) 338-4474.