Length vs complexity

Is length important when choosing a password or complexity with several symbols? In this blog we will look at the importance of choosing the right password. But before we do, I would like to revisit the term Brute Force Attack, since it is still one of most popular methods of hacking into someone’s account. This is simply an attacker using super computers with algorithms that are very fast at guessing several consecutive passwords to find the correct one. These super computers would save all different possibly combination of passwords and use trial and error to login in a short period of time.

Let’s look at the following three passwords: ‘Password1’ vs ‘P@$$w0rd’ vs ‘2 Pizza$ & 3 Wing$:-)’

On using http://www.passfault.com/ site to test how secure these are, we can see:

Password1, time to crack less than one day, English word, up to 710 thousand patterns or guesses, certainly not secure.

P@$$w0rd, time to crack less than one day, English word and well-known replacing letters with numbers and symbols, up to 3 million guesses, still risky.

2 Pizza$ & 3 Wing$:-), time to crack 37427369 centuries, pretty much forever, up to 2 Octillion guesses, sure sounds secure.

In conclusion, to be utmost secured one should choose a password with both length and complexity. When choosing a password, one should use a sentence or phrases that can help you remember your login and at same time protect your account. Some additional tips would be to check with your IT or Systems Administrator to ensure:

  • Account lockout policy is applied to your computer to prevent an attacker from acquiring a password through a brute force attack.
  • Length and complexity policy is applied to force 15 or so characters (two to three pass phrases preferred), along with password history to remember at least six passwords to reduce reusing old passwords so accounts stay secure.


p.s. I will be changing my password to ‘I like this coo! blog:-)’.