Old Password Length Standards Don’t Cut It Anymore

The short answer for why your login needs to be more complex is that hackers leveled up.

While the ongoing development of quantum computing is a real threat—since it’s capable of testing nearly infinite keys simultaneously—you do not need a supercomputer to break a weak password today. A modern graphics card, the kind found in a standard gaming PC, can shred a basic 8-character password in under sixty seconds. If a hobbyist can do it, imagine what a professional syndicate can do.

Why Length Trumps Complexity

The National Institute of Standards and Technology (NIST) has shifted its stance: Complexity is out; length is in. A string of random characters like P@$! is actually easier to crack than a long, simple phrase.

This comes down to pure math. Every single character you add increases the difficulty for an attacker exponentially.

• 8 Characters - roughly 6.6 x 10^{15} (6.6 quadrillion) possibilities.
• 16 Characters - roughly 3.4 x 10^{66} (3.4 unvigintillion) possibilities.

To put that in perspective, that is the difference between a single pebble and the mass of the entire observable universe.

Enter the Passphrase

If you want to keep your sanity and your security, stop thinking about passwords and start thinking about passphrases. Using a string of four or five unrelated words, such as BasketballProgramOrangeKelp, is notoriously difficult for a computer to guess, but incredibly easy for a human to visualize and remember.

The Move Toward Passwordless

Even a great passphrase has its limits. That is why the industry is moving toward a passwordless future. We are huge advocates for phishing-resistant tools, including:

• Biometrics - Fingerprints and facial recognition.
• Cryptographic Passkeys - Security keys that live on your device and cannot be stolen by a fake login page.
• MFA - Robust multi-factor authentication that ensures you and only you are granting access.

Secure Your Business for the Future

You do not have to navigate this transition alone. From implementing company-wide password managers to deploying advanced biometric safeguards, we specialize in keeping your team productive and your data locked down.

If you would like to talk to one of our knowledgeable IT technicians about your organizational cybersecurity, give us a call today at (516) 403-9001.