Home » Cybersecurity » Careers » Password Security: Complexity vs. Length [Updated 2018]

Password Security: Complexity vs. Length [Updated 2018]

When it comes to user authentication, the password is, and has been, the most used mechanism; passwords are used to access computers, mobile devices, networks or operating systems. In essence, they are part of our everyday lives. Through time, requirements have evolved and, nowadays, most systems’ password must consist of a lengthy set of characters often including numbers, special characters and a combination of upper and lower cases. The strength of a password is seen as a function of how complex and/or long it is; but, what matters most, size or complexity?

Any systems, regardless of which method is used for identification and/or authentication is susceptible to hacking. Password-protected systems or collection of data (think bank accounts, social networks, and e-mail systems) are probed daily and are subject to frequent attacks carried forward not only through phishing and social engineering methods, but also by means of passwords cracking tools. The debate is always open, and the length vs. complexity issue divides experts and users. Both have pros and cons as well as their own supporters.

Let’s face it, most users tend to create terrible passwords and seldom change them. Today, every system, device, account we need daily has its own password-creation rules, and it is becoming difficult (maybe impossible) to keep track of all access keys. Writing down passwords, re-using the same one for all systems, using easy-to-remember words or phrases or creating shorter access keys are problems that are a direct consequence of the overload of passwords we are all ask to use on a regular basis. With too many keywords to remember, people often choose weaker passwords that are less secure, online and offline.

Weak and insecure passwords are a security concern and a gateway to breaches that can affect more than just the targeted users. It is (Read more...)