Password Length vs Password Complexity

by Safe Password Management on March 22, 2011

Password length trumps password complexity. So, what does this mean? If you were a hacker and wanted to “guess” somebody’s password, it would be much easier for you to do it for a shorter rather than longer password. It’s really just a numbers game. As you get into ten plus digits for your password, even if using all lower-case, non dictionary terms, you’d be safer than having a “complex” (i.e., containing mixed case, numbers and special characters) that was only five characters long. As the author says in the post, “For everyone using six- to nine-character passwords with ‘complexity,’ I appreciate it. I get paid to break in to systems for a living, and you make my job easier.”

Safe Password Length

Safe Password Length

Safe Password Length explained…  Character-for-character, password length is more important for security than complexity. According to experts, a high quality three character password can be figured out in less a second while a fourteen character password might take two million years. Now, for these examples, we’re talking about high quality passwords (that used mixed case, alpha numeric, and non dictionary terms). If your long password is myfavoritehobbyistraveling (dictionary terms), all bets are off and your password can be hacked more easily.

If you [as the user] can’t guarantee true password complexity (and you probably can’t) length is your best bet. I’d guess that a typical good, knowledgeable password hacker can crack up to nine-character passwords within normal levels of ability and resources. At 10 characters, it becomes very hard to crack, regardless of complexity.

In other words, never never use a short password. Regardless of whether it uses high quality characters or not. You are asking for trouble. Safe password length is provided by increasing the number of possible passwords the attacker has to guess. Always focus on at least 10 characters using lower and uppercase as well as numerals and symbols. A moderately complex password of 14 or 15 characters is much better than one of 5 or 6 or even 9 characters. Follow some safe password length tips on our home page and you should be fine.




Related posts:

Leave a Comment

Next post: