Password Security: Longer or more complex?
When entire businesses are online, passwords had become a critical piece of cybersecurity, so when creating one, which is more secure, longer or complex?
Passwords are insecure by nature, so your company needs to be savvier about them, beyond the basics.
Your staff may know to create strong passwords, change them often and intermix characters, letters and symbols. They might know to not share their login credentials with other employees.
However, with the trend of critical businesses information being stored in the cloud, you’re losing control of your intellectual property to the point where every login and password could be the weak point in your digital security. Sometimes many employees have to use the same login credentials, which is a security breach just waiting to happen.
If you think a random bunch of letters, numbers, and symbols, such as c0MpuT4r%, will protect your business, you would be wrong. Even with numbers and letters interspersed, if a password is short, accessing a company computer by brute force can take just a few minutes.
These days your company passwords need more than just complexity. They need length.
Due to the trend of hackers using brute force to hack their way into your digital life, a longer password is always more secure than a shorter one. Always.
However, issuing a long, complex password to employees such as Hsjk$dbaV#Ygwu%e782% will keep not only a hacker out but also users as their memory fails them. Remembering the above password is like a game of memory, where there are thousands of cards face down and your user has no idea where to start.
There are two things to remember when creating a password. How easy it is for a computer to guess, versus how easy it is for a human to remember.
The good news is that there’s no need to create a long complex password like the one above. Using a passphrase or password manager are two simple ways to manage and secure your company’s login credentials.
How to add length to your password
1. Use a Passphrase
A passphrase is a bunch of words fused together to form a unique password memorable to each user. For a simple example, one employee might use, ‘my awesome granny is called susu.’
Obviously the more unrelated the words, the harder it will be for a dictionary based password tool to crack, however, even a simple sentence like the one above is stronger than a short complex password.
Let’s compare c0MpuT4r% against the longer passphrase, ‘my awesome granny is called susu.’. Although the second example may seem simple in comparison and easier to guess, it’s actually harder because there are many more characters. Meanwhile, it’s much easier for the user to remember.
Hold on a minute, does this go against everything you thought you knew about passwords? You thought complexity brings security, and that password seems too simple.
Let’s break it down.
Susu is not a common English word, therefore the password becomes harder to crack and by default more secure. A longer password, even if it’s a list of easy words with no meaning, is actually more secure than a shorter complex password using random symbols, numbers, and letters.
However, you can always make your password more secure. Length combined with complexity wins. The simple passphrase can be further enhanced by the use of upper and lowercase letters, symbols and misspelled words.
For example, ‘mY Awsum! gR4n IS calLd Susu’, has now become a very strong password.
By adding more characters the passphrase becomes even harder to crack without making it so complex that it’s hard to remember. Dictionary based tools used by hackers are not savvy at detecting wrongly spelled words, so misspelling or using uncommon English words are simple ways to enhance the security of your password.
Good passwords/passphrases contain:
– Symbols and numbers.
– Upper and lower case.
– Misspelled words.
– Uncommon words.
2. Use a password manager.
Passwords can be stolen and forgotten. They give access and therefore the power to those who use them, regardless of their intentions and can also bypass other security systems such as firewalls. Passwords need to be heavily managed, strengthened, etc, to be of any use.
Passwords are insecure by default, so the less that you need to deal with them and risk your digital security, the better.
A password manager is a software that stores and organizes company passwords and user credentials. Passwords are stored encrypted, and usually require one master key to access the entire database. A password manager can even generate and renew user passwords automatically, taking human error right out of the equation.
Using a platform like Vault One allows you, the owner of your company and intellectual property, to dictate how privileged accounts are accessed and managed. It also allows you to be completely in control of your security. You can give a user access through Vault One to a certain part of your business without them ever actually sighting a password.
To sum up, shorter passwords are easier to crack. So the longer and more complex you can make your password, without making it completely unusable, the better. Adding spaces, symbols, misspellings, and upper case letters to a phrase is a great way around tortuous memory issues.
However, the best way to guarantee the security of your digital property is to use a password manager and take human error out of the equation.