When it comes to passwords, length is what matters


Ever heard the rumor that you need upper case letters, lower case letters, symbols, and numbers in your passwords? This is called “password complexity.” If you have to keep password complexity for compliance reasons, you have no choice, but otherwise—make your life easier—just switch to passwords that are 15 characters or longer—commonly referred to as passphrases.

If you make your passphrase something like “remember to finish the security project by next month,” you can write it down on a piece of paper and stick it on your monitor. If someone sees that stuck to your monitor, they will think it is just a reminder note (which it is). Another example of a passphrase that would be hard to break is “take the family to go snow skiing in Colorado at night.” That password is much more secure than “@ppl3E5.”

Of course, if you save a file on your hard drive with all your passwords, nothing can help you if a criminal, or even a worker in your own office, finds the file.


5 Responses to “When it comes to passwords, length is what matters”

  1. Mike,

    When I read this it reminded me of an old “blonde” joke, which isn’t so “blonde” any more…

    During a recent password audit, it was found that a blonde was using the
    following password:

    MickeyMinniePlutoHueyLouieDeweyDonaldGoofy

    When asked why such a big password, she said that it had to be at least 8
    characters long.

  2. Mike Foster says:

    While length is preferably 15 characters, but Windows operating systems older than Windows Server 2003 cannot handle passwords longer than 14 characters. Windows Server 2003 and later supports passwords up to 127 characters in length. If you want to use GPO’s to enforce a passphrase of 15 characters, you will need to use a custom password filter to replace PASSFILT.DLL.

  3. […] if you use a unique passphrase instead of a common word, then the chance of the password being cracked is much more unlikely. An […]

  4. […] to do if someone steals your identityWhen firing an employee – involve your IT departmentWhen it comes to passwords, length is what mattersWhen the economy is slow, stay secure!When to update and when to upgradeWhen will people learn to […]

  5. […] When setting passwords, make them long. Learn more about password security on this post. […]

Leave a Reply