Are Longer Passwords Better, Even If They’re Simpler? – Ask Leo!

Just another Ezefidelity site

Are Longer Passwords Better, Even If They’re Simpler? – Ask Leo!


When it comes to passwords, size really does matter.

(Image: canva.com)

A longer password of repeating characters is more secure than a short complicated password — but there’s more to security than cracking.

I’ve tried to move many of my passwords to passphrases or use just the first letters of words in a passphrase. Why could you not, for example, just use the letter “w” twenty times. Would this be better than a complicated password of ten letters, numbers and symbols, etc. I’m assuming the technique used to crack the password cannot tell when each character was correctly chosen. I’m sure though, that I’m oversimplifying this. 

Twenty w’s — wwwwwwwwwwwwwwwwwwww — does seem like a “simple” password, doesn’t it?

Might it be too simple? Could it really be stronger than, say, yjckD$3t77?

The answer, as clickbait headlines would say, will surprise you.




When it comes to passwords, longer is better. When faced with the choice of longer versus more complex, choose length. In order to be cracked, a password must be completely correct — there’s no movie-like incremental guessing. Keep your guard up, though, as cracking is only one way passwords can be compromised.

Size matters

It’s simple: longer passwords are better.Tweet this! Length is the easiest way to make a password more secure.

When you’ve got a choice between making a password longer or keeping it the shorter but making it more complex, length wins. A password of 20 “w’s” would be much more secure than a 10-character password of random characters.

Twenty “w’s” is a lot easier to remember. On the other hand, somebody shoulder surfing might see what your password is, so you might want something not quite so simple.

But in general, for attacks where passwords are being cracked, a longer password always wins.

TVs and movies lie

If you watch police shows or spy thrillers carefully, you’ll often see that when cracking a password, the letters of the password will suddenly appear one at a time. It’s typically some sort of race against time for that last character to appear and the entire password to get cracked, so as to avoid the explosion or other serious consequence.

That is not how it works.

You have to get the entire password right at once. There is no way to discover a password character-by-character.

So, in the case of a 20-character password, they’d have to get all 20 correct at the same time. ANY error — even if just one character is wrong — doesn’t give the hacker any information about whether or not any of the other characters were correct. It’s all or nothing.

That’s why longer is better. The only way to crack it is by brute force. Trying all possible 8-character passwords can be done in a reasonable amount of time. All possible 20-character passwords? That would take centuries.

There’s more to compromise than cracking

Don’t drop your guard just because you have a 20-character password. There are plenty of ways having nothing to do with length with which the password could still be compromised.

  • Malware such as a keylogger can capture a password of any length.
  • A service that stores passwords improperly could expose your actual password.
  • Hackers have lists of “popular” passwords and previously compromised passwords that they’ll try first.

This is why it’s important to maintain proper security, as well as using a unique password for each account you have.

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay — and yes, that means you can get this report completely free if you so choose. Get your copy now!







This post was written by Leo Notenboom and was first posted to AskLeo.com

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *