For literal decades, we heard that a good password required a few key traits to be secure: a capital letter, a number, and eight characters. How times have changed, right?

Now, the baseline standards are similar… just multiplied to the nth degree. Let’s discuss why this is, what modern businesses now need to do, and how we can help to maintain password security moving forward.

First and Foremost, Why Do Passwords Need to Be So Much More Complicated?

In short, the bad guys have better tools than they once did.

Quantum computing is coming, and once they have access to it, a hacker will be able to crack these codes exponentially faster by trying multiple keys at once.

Of course, modern hackers don't need bleeding-edge equipment at all. Modern graphics cards can crack passwords that adhere to the old eight-character standard in under a minute.

This is Why NIST Says the Longer, the Better

The National Institute of Standards and Technology has gone on record to say that longer passwords are more effective than those that simply focus on adding symbols and numbers—for instance, “s89fnuHJHJN8dkm??jndfmk” as compared to “45rut@beg@47.”

Why? Simple: every additional character added to a password makes it exponentially more difficult to crack. This is true whether the attacker is using a run-of-the-mill rig to crack passwords or has access to quantum capabilities. Increasing from an eight-character password to a sixteen-character password racks up the number of possibilities from 6.6 quadrillion to 3.4 unvigintillion.

For reference, that’s 6,600,000,000,000,000 and 3,400,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, respectively.

For Now, the Passphrase is Your Safest Bet

The web comic xkcd provides an excellent explanation of why a passphrase is a better option than a password, but in essence, a passphrase can be much more variable than a password while still being far easier to remember, even with a bit of alphanumeric switching added.

Passwords May Soon Be Obsolete, Regardless

Passwords, as a whole, are woefully insecure compared to other options, which is why we wholeheartedly endorse the use of phishing-resistant multi-factor authentication. This means the use of cryptographic passkeys and biometrics in addition to (or in favor of) more traditional passwords.

While we haven’t quite reached the point where this is the norm, reach out to us to find out how we can help you lock down your user authentication.

We’ll Help You Secure Your Business So You’re Ready for the Future

We can help you implement a variety of tools and safeguards—including a password manager—to ensure your business remains secure and productive. Find out more about what we can do by giving us a call at (571) 470-5594.

‍