When it comes to passwords, length is what matters

by | Nov/18/2009

Ever heard the rumor that you need upper case letters, lower case letters, symbols, and numbers in your passwords? This is called “password complexity.” If you have to keep password complexity for compliance reasons, you have no choice, but otherwise—make your life easier—just switch to passwords that are 15 characters or longer—commonly referred to as passphrases.

If you make your passphrase something like “remember to finish the security project by next month,” you can write it down on a piece of paper and stick it on your monitor. If someone sees that stuck to your monitor, they will think it is just a reminder note (which it is). Another example of a passphrase that would be hard to break is “take the family to go snow skiing in Colorado at night.” That password is much more secure than “@ppl3E5.”

Of course, if you save a file on your hard drive with all your passwords, nothing can help you if a criminal, or even a worker in your own office, finds the file.