The Longer the Better! Why to Ditch Your Short, Complex Passwords

You’ve probably heard a lot of password advice over the past decade, but how much of it is actually good advice that you should listen to? These days, with advanced automated threats able to crack incredibly complex passwords with ease, you can’t be too careful. You might even need to take a different approach entirely… which brings us to the OG password advice: just make it longer.

We’re here to challenge the notion that complex passwords are secure and offer actionable advice on how to craft a long password that will keep you secure for the long haul.

Why the Complexity Myth Needs to Die

Complexity can improve your password security, but it should never be a replacement for length.

A password like “P@ssw0rd1!” uses predictable patterns that hackers can leverage against you. Criminals will use dictionary attacks and pattern masks to look for common letter substitutions, which means these efforts to power up your password with special characters are likely having little impact on their own. The problem lies in that these types of passwords are often shorter, somewhere between eight-to-10 characters, which means the combination is comparatively small versus a much longer password.

If you mandate that any passwords implemented on your infrastructure be longer than eight characters, you’re exponentially increasing your security measures without lifting a finger.

Inject Entropy Into Your Passwords

One of the more interesting and somehow fun aspects of password creation is called “entropy,” which basically means you’re using randomness and length to create an uncrackable password.

Every single character you add to your password makes it significantly harder to crack. A long password made up of simple words is going to be far more difficult to break into than a short password with complex symbols. If an eight-character complex password is a high-quality padlock on a thin wooden door, then a 16-character simple passphrase is like a 10-foot thick wall of solid reinforced concrete.

Remember, you’re not trying to outsmart a human in most cases; you’re trying to outsmart a computer that relies on a mathematical algorithm to guess your passwords, and every password should make this as difficult as possible.

Use Passphrases to Make Security More Human-Friendly

But what happens when you start to add words that don’t make sense next to each other in combination with special characters?

Passphrases have become the go-to recommendation for security, and it’s all because they tap into human memory. A string of random words is memorable often because it’s absurd and funny to visualize. The real kicker is the length; if you throw four words together, chances are your password will crack 20+ characters.

A passphrase effectively solves two problems for your business. It makes your passphrases mathematically uncrackable while eliminating the frustrations of forgotten passwords.

If your business is struggling to make the jump to more secure password strategies, White Mountain IT Services can offer guidance, support, and solutions to help your staff make it effortless. Learn more today by calling us at (603) 889-0800.

White Mountain IT

Related Posts

Your First Line of Defense Against Data Leaks and Compliance Fines

The AI Revolution is no longer a futuristic headline, it’s quickly becoming the operating system of the modern economy. As a business owner, you’ve likely already identified the AI tools you want to implement to stay ahead. The hard truth is that the best AI strategy in the world will fail if your team doesn't know how to use it safely and effectively. Many leaders view AI training as a nice-to...

Cover Your Security Bases with These Four Best Practices

Over 25 percent of data breaches target small businesses, and the impact can be huge. To protect your business, you need the right technology and smart strategies. In today’s blog, we go through some key steps to help safeguard your business from digital threats. Use Security Software You’ll want to invest in security tools like firewalls, antivirus programs, and encryption. Keeping these upda...

Don't Get Hooked: Spotting Phishing Emails Before They Reel You In

From the classic Nigerian Prince emails to the cleverly crafted fake invoice, malicious digital correspondence is a constant threat to a business. It's not just about losing a few bucks, either. A successful phishing attack can cripple your operations, compromise sensitive data, and even lead to your company's demise. So, how do you spot these digital dangers? Here are some of the most obvious ...

The Dos and Don’ts of Creating an Effective Business Continuity Plan

Disruptions, from natural disasters to cyberattacks, can hit any business. A strong business continuity plan (BCP) is essential to protect your company, employees, and customers. It’s an investment that helps you handle the unexpected and get back on your feet quickly. Here are the key dos and don'ts for building your plan. The Dos Here are five things you should consider doing to enhance you...