Longer Passwords are Stronger Passwords

password on computer screen

Gone are the days of requiring password complexity over length. You know what I mean, right?  We were often expected to come up with complex passwords that were at least 10 characters and included uppercase letters, lowercase letters, symbols, and numbers.  Perhaps something that looked like this 10 character password:

EgebDff79+

These days, NIST (National Institute for Standards and Technology) recommends password length over complexity. In fact, the longer the password, the longer it will take for the cyber criminals to crack. The other beautiful benefit is that longer, less complicated passphrases are often easier to remember. Additionally, many sites and applications now allow for spaces in your passphrase. So consider stringing together a few unrelated words, or creating a sentence that’s not commonly used or easy to guess.  Perhaps something like this 16 character passphrase:

Cats eat waffles 

Without a doubt this 16 character passphrase is easier to remember than our 10 character complex password example, and according to LastPass’ password tester, it’s also a very strong password.

Our first example (EgbDff79!+), did not fare as well…

With all of this said, we’re happy to announce that this month Princeton University has revised their password policy from a 10 character minimum requiring 4 character sets (uppercase letter, lowercase letter, number, and symbol) to a 16 character minimum with no complexity requirements. Although a password change is not required at this time, we strongly encourage you to take this opportunity to visit the Princeton Service Portal (select Password Reset > My Princeton Account from the top navigation menu) and change to a longer, stronger passphrase.  Remember to make your passphrase unique. If you reuse passwords or passphrases, you are putting yourself at risk for a security incident.  If one of the other sites you access with the same password or passphrase experiences a security breach, you are putting yourself at risk for a significant security incident.

And if you’re looking for help managing all of your passwords or passphrases, don’t forget that LastPass password manager is free for students, faculty, and staff.  You can learn more about it by visiting our LastPass web page

Reference

NIST: https://pages.nist.gov/800-63-3/sp800-63b.html#appA

Post by Tara Schaufler, Awareness & Training Program Manager

This entry was posted in Uncategorized. Bookmark the permalink.