Passwords have been employed by many since the days of the Roman Empire, and they quickly became omnipresent as we approached the digital age. However, rapid changes in the security landscape have forced us to evolve what our passwords look like and how they are used. At times, this has led to conflicting advice and confusion on what proper password management looks like. By clarifying how to best create and use passwords, we can make it easier for people to stay safe online.
With that in mind, as a part of Cybersecurity Awareness Month, I am going to answer some of the questions you may have when it comes to passwords.
Is it better to have a long password or a complex password?
A few years ago, you may have been told that if you want to make your password game better, you need to start using complex passwords. Using mixed-case characters, numbers, and special characters makes your password less guessable to a human, which used to be enough, but with machines that’s a different story. In 2012, a nine-character password with numbers, mixed-case letters, and symbols would take 12 years to crack. In 2022 though, that same password can be deciphered in two days. And if you are just like everyone else and replace your “a” with “@” and your “s” with “$”, your password is very likely already in a dictionary, increasing the likelihood of an attacker figuring out your password.
When comparing these two password attributes there is not one clear winner. The best passwords are longer while still being complex. As we can see with the table below from Hive Systems, even complex passwords can be cracked in nearly no time if they are shorter than 10 characters. Contrarily, a full-lowercase password that is 18 characters long will only take two million years to figure out. But in less time than you’d