The Longer the Better! Why to Ditch Your Short, Complex Passwords

You’ve probably heard a lot of password advice over the past decade, but how much of it is actually good advice that you should listen to? These days, with advanced automated threats able to crack incredibly complex passwords with ease, you can’t be too careful. You might even need to take a different approach entirely… which brings us to the OG password advice: just make it longer.

We’re here to challenge the notion that complex passwords are secure and offer actionable advice on how to craft a long password that will keep you secure for the long haul.

Why the Complexity Myth Needs to Die

Complexity can improve your password security, but it should never be a replacement for length.

A password like “P@ssw0rd1!” uses predictable patterns that hackers can leverage against you. Criminals will use dictionary attacks and pattern masks to look for common letter substitutions, which means these efforts to power up your password with special characters are likely having little impact on their own. The problem lies in that these types of passwords are often shorter, somewhere between eight-to-10 characters, which means the combination is comparatively small versus a much longer password.

If you mandate that any passwords implemented on your infrastructure be longer than eight characters, you’re exponentially increasing your security measures without lifting a finger.

Inject Entropy Into Your Passwords

One of the more interesting and somehow fun aspects of password creation is called “entropy,” which basically means you’re using randomness and length to create an uncrackable password.

Every single character you add to your password makes it significantly harder to crack. A long password made up of simple words is going to be far more difficult to break into than a short password with complex symbols. If an eight-character complex password is a high-quality padlock on a thin wooden door, then a 16-character simple passphrase is like a 10-foot thick wall of solid reinforced concrete.

Remember, you’re not trying to outsmart a human in most cases; you’re trying to outsmart a computer that relies on a mathematical algorithm to guess your passwords, and every password should make this as difficult as possible.

Use Passphrases to Make Security More Human-Friendly

But what happens when you start to add words that don’t make sense next to each other in combination with special characters?

Passphrases have become the go-to recommendation for security, and it’s all because they tap into human memory. A string of random words is memorable often because it’s absurd and funny to visualize. The real kicker is the length; if you throw four words together, chances are your password will crack 20+ characters.

A passphrase effectively solves two problems for your business. It makes your passphrases mathematically uncrackable while eliminating the frustrations of forgotten passwords.

If your business is struggling to make the jump to more secure password strategies, Managed IT Force can offer guidance, support, and solutions to help your staff make it effortless. Learn more today by calling us at 724-473-3950.