Why Password Length Matters
According to the Verizon Data Breach Investigations Report, compromised passwords are responsible for 81% of hacking-related breaches. It’s for this reason that leading cybersecurity experts recommend strong passwords. One cybersecurity framework to consider for current password guidance and best practices is the National Institute of Standards and Technology (NIST). In the NIST Special Publication 800-63B, password length is found to be a primary factor in password strength.
Passwords protect sensitive data and prevent unauthorized access. A strong password doesn’t guarantee protection, as it can still be hacked, but the stronger your password, the better your defense. One way to reduce the risk of breached credentials is to increase the length of your password. In fact, length is now considered the most important factor contributing to password strength. At Nucleus, we are recommending all our clients create passwords that are 14 characters in length. Each character increases the complexity exponentially. The longer the password, the harder it is to decrypt and the longer it takes to crack. Curious to learn how long a password could take to crack? Check out this password table at: https://www.hivesystems.io/password-table
NIST also provides insight into additional password best practices:
- Check passwords against breached password lists
- Block passwords contained in password dictionaries
- Prevent the use of repetitive or incremental passwords
- Avoid context-specific words as passwords
How do I remember a 15-character password?
We get this question all of the time when speaking with our clients about good password hygiene. Our reply is simple: you cannot remember multiple 15-character complex passwords. It is for this reason that we recommend small businesses adopt password management tools. A password manager will mean that you don’t have to remember your credentials and generators can easily generate new secure passwords when required.
No password manager?
If your organization has not yet adopted a password manager, users will have to generate their own passwords. Here are some tips to create a strong password:
- Avoid using incremental or decremental sequences of numbers or letters
- Complexity on 3 or 4 character types
- Use a combination of letter, numbers and symbols
- Do not include your birth year or date in your passwords
- Combine different random words in your password or passphrase
- Do no use names or words found in the dictionary
- Do not reuse your passwords
- Non-multifactor authentication environment
- Password expiry every 90 days
- Account lockout after 5 attempts
- Automatically suspend the account after 45 days without a valid login
To learn more about the NIST guidelines, Nucleus best practices or password complexity in general contact us.