Which Is More Important: Password Complexity, Or Length?

Which Is More Important: Password Complexity, Or Length?

For years we’ve been hearing that a random jumble of letters, numbers and symbols is the recipe for a strong password. But is there more password security than a few dollar signs and ampersands?

Many sites only require a six character minimum, but more importantly, some place character limits on passwords that can restrict them to as few as eight characters. A recent article published by ArsTechnica.com explores the effects of these password length restrictions on hackability, with some interesting results.

When subjected to two different hacking methods (we won’t go into detail, but for the nerds out there they employed a modified mask attack and a publicly available Weir algorithm), the longer passwords held up better than the shorter, more complex ones.

While there are several interpretations of the study to be made, suffice it to say that a good password needs to be both long and complex. We recommend using Keeper’s random password generator as a starting point with 10 random characters. Tack on six more of your own choosing, and you’ve got yourself a great password: long and strong.


[Source: “Password complexity rules more annoying, less effective than lengthy ones,” by Casey Johnston via Ars Technica.

Link: harstechnica.com/security/2013/06/password-complexity-rules-more-annoying-less-effective-than-length-ones/]