The short answer, longer passwords are more un-hackable, so they better protect our data. Unfortunately, short passwords are easier to hack. Today’s hackers have plenty of fancy hacking tools, so password complexity often turns hacking into a numbers game.

Nowadays, password length matters just as much as, if not more than, the characters used to create the password combination. For example, imagine a 4-digit PIN typically associated with debit cards and mobile devices, usually four numbers, each between 0 and 9. Using multiplication, this results in 10 x 10 x 10 x 10 possible PIN combinations. Anyone trying to crack this PIN would be doing so out of 10,000 possible combinations:

E.g.,
10 ^ 4 = 10,000

Granted, PINs are just numbers while passwords can have numbers AND letters. Also, because passwords are case-sensitive, letters can alternate between upper- and lower-case. Creating an 8-character password, this easily grows in complexity, resulting in trillions more possible combinations:

E.g., 
10 + 26 + 26 = 62

62 ^ 8 = 218,340,105,584,896

The passwords are un-hackable now, right? Probably, but not necessarily. Hackers still have some very impressive hacking tools. These newfangled hacking tools can brute force crack some 8-character passwords with a bit of time. With that in mind, most security teams recommend adding an extra character or two, and maybe a few special characters. For example, a 10-character password results in many, many more possible combinations:

E.g., 
10 + 26 +26 + 6 = 68

68 ^ 10 = 2,113,922,820,157,210,624

Still, sometimes with enough time, some 10-character passwords can still be hacked. The time needed to crack a password is the gamble. Short passwords could probably be cracked in minutes, if not seconds. Medium length passwords may take longer to crack, possibly hours to days. Longer passwords, hackers could toil away trying to crack them for months or years. Just a thought, but why not make a hacker’s life a bit more difficult, and challenge them to crack a 15-character password:

E.g., 
10 + 26 + 26 + 6 = 68

68 ^ 15 = 3,073,503,348,387,795,563,479,826,432

Conclusion:
Longer and more complex passwords are harder to crack which better secures our data. This is even more necessary when considering many people likely aren’t using multi-factor authentication (MFA).

Quick tip though, longer passwords don’t have to be crazy looking just to be more secure. Sure, something like this would be tough to crack: Y0p123jmZs840_!

Unfortunately, it would also be tough to remember. Alternatively, because spaces count as special characters, a simple phrase also works as an ultra-secure, strong password. Something like this would be an acceptable 15-character password: 2021 Champions!

Although it appears simple, it’s long and complex enough. There are numbers (2021), special characters (space and exclamation mark), and a combination of upper-case and lower-case letters.

“The humanity of all Americans is diminished when any group is denied rights granted to others.”

Julian Bond

#BlackLivesMatter