Password Security: longer or more complex?
When entire businesses are operated solely online, passwords become a critical piece of cybersecurity. So, when creating a password, what is more secure – length or complexity?
Passwords are insecure by nature, so your company needs to be savvy about creating them. They need to look beyond the basics because simple passwords are too easy for hackers to figure out.
Your staff may know to create strong passwords, change them often and intermix characters, letters and symbols. They might know not to share their login credentials with other employees.
However, with the trend of critical businesses information being stored in the cloud, you’re losing control of your intellectual property to the point where every login and password could be the weak point in your digital security. Sometimes many employees have to use the same login credentials, which is a security breach just waiting to happen.
Table of Contents
Passwords: Size x Complexity
If you think a random combination of letters, numbers, and symbols will protect your business, you would be wrong. Even with numbers and letters interspersed, if a password is short, accessing a company computer by brute force can take just a few minutes.
These days your company passwords need more than just complexity. They need length. Due to the trend of hackers using brute force to hack their way into your digital life, a longer password is always more secure than a shorter one. Always.
However, issuing a long, complex password to employees like Hsjk$dbaV#Ygwu%e782% will not only keep hackers out but will, most likely, be forgotten by the user. Remembering the above password is like a game of memory, where there are thousands of cards face down and your user has no idea where to start.
Passwords: 2 points of attention for password creation
There are two things to remember when creating a password: How easy is it for a computer to decipher and how easy is it for the user to recall?
The good news is that there’s no need to create a long complex password like the one above. Using a passphrase or password manager are two simple ways to manage and secure your company’s login credentials.
How to add length to your Password
Use a phrase as a password
A passphrase is a bunch of words fused together to form a unique password memorable to each user. For a simple example, one employee might use, ‘my awesome granny is called susu.’
Obviously the more unrelated the words, the harder it will be for a dictionary based password tool to crack, however, even a simple sentence like the one above is stronger than a short complex password.
Let’s compare c0MpuT4r% against the longer passphrase, ‘my awesome granny is called susu’. Although the second example may seem simple in comparison and easier to guess, it’s actually harder because there are many more characters. Meanwhile, it’s much easier for the user to remember.
Think about it, does it go against everything you thought you knew about passwords?
Hold on a minute, does this go against everything you thought you knew about passwords? You thought complexity brings security, and that password seems too simple.
Let’s break it down.
Susu is not a common English word, therefore the password becomes harder to crack and by default more secure. A longer password, even if it’s a list of easy words with no meaning, is actually more secure than a shorter complex password using random symbols, numbers, and letters.
Passwords: Length + Complexity
You can always make your password more secure. <strong>Length combined with complexity wins. The simple passphrase can be further enhanced by the use of upper and lowercase letters, symbols and misspelled words.
For example, ‘mY Awsum! gR4n IS calLd Susu’, has now become a very strong password.
By adding more characters the passphrase becomes even harder to crack without making it so complex that it’s hard to remember. Dictionary based tools used by hackers are not savvy at detecting wrongly spelled words, so misspelling or using uncommon English words are simple ways to enhance the security of your password.
Good passwords/passphrases contain:
– Symbols and numbers.- Upper and lower case.
– Misspelled words.
– Uncommon words.
Use a password manager
Passwords can be stolen and forgotten. They give access and therefore the power to those who use them, regardless of their intentions and can also bypass other security systems such as firewalls. Passwords need to be heavily managed, strengthened, etc, to be of any use.
Passwords are insecure by default, so the less that you need to deal with them and risk your digital security, the better.
A password manager is a software that stores and organizes company passwords and user credentials. Passwords are stored encrypted, and usually require one master key to access the entire database. A password manager can even generate and renew user passwords automatically, taking human error right out of the equation.
Using a platform like VaultOne allows you, the owner of your company and intellectual property, to dictate how privileged accounts are accessed and managed. It also allows you to be completely in control of your security. You can give a user access through Vault One to a certain part of your business without them ever actually sighting a password.
To sum up, shorter passwords are easier to crack. So, the longer and more complex you can make your password, without making it completely unusable, the better. Adding spaces, symbols, misspellings, and upper case letters to a phrase is a great way around tortuous memory issues.
However, the best way to guarantee the security of your digital property is to use a password manager and take human error out of the equation.
Find out how we can improve the security of your company, talk to our experts at VaultOne today.