Password Complexity vs Length

Long passphrases that are easy to remember are far superior to complex or often changing passwords. Longer than 12 characters is critical to prevent password cracking. Correct horse battery staple is a far better password than Tr0ub4dor&3 or any other complex hard to remember password. 2-factor authentication is also crucial with today's cloud applications.

Password Complexity vs Length
Nick Gibson
Nick Gibson
January 1, 2022
Security Tips

How to create a content plan

Lorem ipsum dolor sit amet consectetur adipiscing elit. Diam quis tellus ut sem ac malesuada ipsum tellus vitae odio nulla sociis mauris consectetur ac enim condimentum sagittis nulla sed volutpat imperdiet habitant aenean ut turpis lectus pulvinar mattis fames suscipit aliquet pellentesque enim massa vitae pharetra amet.

  1. Vitae et erat tincidunt sed orci eget egestas facilisis amet ornare
  2. Sollicitudin integer  velit aliquet viverra urna orci semper velit dolor sit amet
  3. Vitae quis ut  luctus lobortis urna adipiscing bibendum

What is a content plan and why it is so important?

Lorem ipsum dolor sit amet consectetur adipiscing elit eu vestibulum massa volutpat vitae blandit aliquet rhoncus tempor, nunc id aliquam quis eget lobortis massa non est aliquam vel gras proin urna nec metus faucibus turpis nunc tellus.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

What are the best tools to create content plans easily?

Viverra in nulla natoque non ultrices eget neque rhoncus potenti ultrices lectus sit dis sed ornare nunc sociis et est arcu egestas dis non sit felis, praesent cras convallis egestas risus sed turpis lectus donec eu lectus maecenas quis odio quis ornare magna pulvinar commodo risus eget imperdiet senectus turpis iaculis maecenas velit sagittis neque tempor in volutpat  condimentum diam enim hendrerit ut.

3 tips to create a content plan that drives engagement and growth

Eu risus sed turpis lectus donec eu lectus maecenas quis odio quis ornare magna pulvinar commodo risus eget imperdiet senectus turpis iaculis maecenas velit sagittis neque tempor in volutpat, condimentum diam enim hendrerit ut.

  • Dolor duis lorem enim eu turpis potenti nulla semper velit sed
  • Lorem a eget blandit ac neque amet amet non dapibus pulvinar
  • Pellentesque non integer ac id imperdiet blandit sit bibendum
Eu risus sed turpis lectus donec eu lectus maecenas quis odio quis ornare magna pulvinar commodo risus eget imperdiet.
Identify the content that is performing best, and stick with it

Egestas orci purus sed at quisque lacus tempus cursus facilisi scelerisque tellus nunc scelerisque ornare id id nullam sit gravida habitant donec amet amet sit elementum cras tellus at elementum sit Id sit sagittis dolor nibh elit magna tortor accumsan consectetur sit fames amet aliquet amet nunc scelerisque nulla massa scelerisque gravida neque ultrices sed eu nulla diam sapien ac enim.

Password Complexity vs Length

This is a debate as old as computers themselves. The popular choice for the past ten years or so has been to choose a moderate length complex password. Even Microsoft tries to force domain users in default group policies to use a "complex" password. I agree using more characters is generally a good idea, but I recommend a longer password over a complex one. At Security Ideals we crack a lot of passwords for our customers and from our experience, the longer concatenated words or phrases take us longer to crack. The computing horsepower these days is such that even a 7 or 8 character complex password with numbers and symbols doesn't take very long to break.  Especially when utilizing cloud computing platforms with GPU based cracking techniques.

Users are less likely to write the password down on a sticky note stuck to their monitor when it's less complex.  And a 15 or 16 character password even without symbols is nearly impossible to crack given time and speed constraints.

These are the Golden Rules for Passwords:

  • Choose words that won't be in a basic dictionary. If necessary modify words that are. Think "appple" over "apple."
  • String multiple words or phrases together with numbers.
  • Keep it longer than 12 characters
  • Do not post your password requirements online. It makes it infinitely easier for an attacker to tailor an attack to your environment if they know your company's requirements and recommendations.
  • Consider your password reset mechanism; many attackers target the reset options because they are simpler than the passwords themselves.

Comic courtesy of xkcd.com

Latest posts

Browse articles
Reasons Your Company Needs an IT Risk Assessment
Security Tips

Reasons Your Company Needs an IT Risk Assessment

In today’s business world, nearly all companies rely on some form of technology. From using email to communicate with clients to storing sensitive data in the cloud, technology is a necessary part of day-to-day operations. However, with this reliance on technology comes an increased risk of cyberattacks and data breaches. That’s why it’s so important for companies to conduct regular IT risk assessments. Here are four reasons your company needs an IT risk assessment.

September 27, 2022
Read more
Cloud Security Tips
Security Tips

Cloud Security Tips

Data security is one of the main concerns for IT professionals and business owners. Learn some cloud security tips that will help you succeed in this area.

September 27, 2022
Read more