Password Security: Is Length or Complexity More Important?

Hey, welcome! Today I want to talk about a topic that affects all of us who use the internet: password security. We all know that passwords are important for keeping our online accounts secure, but how do we choose a good one? Should we go for a long password or a complex one? Or both? Let’s find out!

First, let’s define what we mean by length and complexity. Length is simply how many characters your password has. Complexity is how unpredictable your password is, based on factors such as using different types of characters (letters, numbers, symbols), mixing upper and lower case, and avoiding common words or patterns.

Password security: hackers use sophisticated tools to crack passwords

Now, you might think that the more complex your password is, the better. After all, a password like “Qw3rty!@#” seems harder to guess than “password123”. But that’s not necessarily true. In fact, length matters more than complexity when it comes to password strength, National Institute of Standards and Technology (NIST) advises.

Why is that? Well, because hackers don’t usually try to guess your password by typing random characters. They use sophisticated tools that can crack passwords by trying millions of combinations per second. These tools can easily break short and complex passwords, especially if they are based on common patterns or words.

But what if your password is long and simple? For example, what if your password is “ilovechocolatecake”? That’s 18 characters long, but it only uses lower case letters and it’s a common phrase. Surely that’s easy to crack, right?

Wrong. Actually, a password like that is much harder to crack than a short and complex one. Why? Because the longer your password is, the more possible combinations there are for the hacker to try. Even if they know you only use lower case letters, they still have to try 26^18 possible passwords. That’s a huge number!

To put it in perspective, let’s compare how long it would take to crack these two passwords using a tool that can try 100 billion passwords per second:

• Qw3rty!@#: 0.000000000000000000000000000000000000000000000001 seconds
• ilovechocolatecake: 1,157,920,892,373 years

Short and complex password can be cracked in an instant

As you can see, the difference is staggering. The short and complex password can be cracked in an instant, while the long and simple one would take longer than the age of the universe.

Of course, this doesn’t mean you should use “ilovechocolatecake” as your password. That’s still a bad idea, because it’s a common phrase that might be in a hacker’s dictionary. A better idea is to use a passphrase: a random sequence of words that makes sense to you but not to anyone else.

For example, you could use something like “purplemonkeydishwasher” or “fluffyunicorndancing”. These are long and simple passwords that are easy to remember but hard to crack. You can also add some numbers or symbols if you want to make them even stronger.

So, the bottom line is: when choosing a password, go for length over complexity. Use passphrases instead of passwords—Bitwarden recommends using 14 or more characters. And avoid common words or patterns that hackers might guess. By doing this, you’ll make your online accounts much more secure and protect yourself from cyberattacks.

So far so good, right? But wait, there’s more! Before we wrap up, I want to share with you some common password mistakes that you should avoid at all costs. These are things that can make your password weak and vulnerable, no matter how long or complex it is.

Common password mistakes

Here are some of them:

• Using the same password for multiple accounts. This is a big no-no, because if one of your accounts gets hacked, the hacker can access all your other accounts with the same password.
• Using personal information in your password. Things like your name, birthday, address, phone number, pet’s name, etc. are easy to guess or find out by hackers or people who know you.
• Writing down your password or storing it in an insecure place. This includes writing it on a sticky note on your monitor, saving it in a text file on your computer, or using an online service that is not encrypted or reputable.
• Sharing your password with anyone else. Even if you trust them, you never know who might get access to their devices or accounts. Plus, they might not be as careful as you with your password.
• Not changing your password regularly. Even if you have a strong password, it’s still a good idea to change it every few months or whenever there is a security breach on any of the services you use.

By avoiding these mistakes, you’ll make your password even more secure and protect yourself from cyberattacks.

Are there any tools to help create strong passwords?

Yes, there are several tools available to help you create strong passwords. Here are some of the best password strength checkers:

1. Bitwarden Password Strength Testing Tool: This free tool allows you to test the strength of your password by evaluating it against a set of known criteria, such as length, randomness, and complexity. It also provides an estimated time for hackers to crack your password.
2. Kaspersky Password Checker: This tool is developed by Kaspersky Lab, a cybersecurity firm known for its VPNs, anti-virus solutions, and similar security products. It evaluates your password based on its length and complexity and provides a score between 0 and 100.
3. LastPass: This freemium password manager can also be used to check the strength of your password. It evaluates your password based on its length, complexity, and uniqueness and provides a score between 0 and 100.
4. NordPass: This is a freemium secure solution for passwords, passkeys, credit cards, and more.
5. University of Illinois Password Checker: This tool evaluates your password based on its length, complexity, and uniqueness and provides a score between 0 and 5.

Are there any free password managers?

Yes, there are several free password managers available. Here are some of the best (and reputable) ones: Google Password Manager, Bitwarden Password Manager, NordPass, KeePass, Dashlane, and LastPass.

While password managers are widely regarded as safe, there are some risks associated with using a free password manager. One of the main risks is that free password managers may not be as secure as paid ones. This is because free password managers may not have the same level of encryption or security features as paid ones.

Another risk is that free password managers may sell your data to third-party advertisers. This is because free password managers need to make money somehow, and selling user data is one way to do that.

Finally, free password managers may not offer the same level of customer support as paid ones. This means that if you have any issues with your password manager, you may not be able to get the help you need.

Thanks for reading my article! I hope you learned something new today. If you liked this article, please share it with your friends and leave a comment below. And don’t forget to come back for more tips on how to stay safe online!