Secure your small business:
Apps → Data →

Password Complexity

Password complexity is a measure of how difficult a password is to guess in relation to any number of guessing or cracking methods.

In some cases, the term is also used to refer to requirements for password selection that are designed to increase password complexity in the interest of better security.

Password complexity is important because guessed passwords are a common avenue for attack, and thus, for data breaches. When passwords can be guessed, individuals other than the owner of an account or resource are able to access that account or resource without permission.

Password complexity has become more important in recent years because of the rise of so-called "brute force" attacks, in which computer software is used to try to guess a password, often by trying thousands or even millions of combinations of common words, names, and already known passwords from previous data breaches.

Password complexity guidelines often require users to create passwords according to particular rules—for example, the inclusion of a minimum number of special characters, numbers, lowercase and capital letters, and so on. These requirements, however, often have the effect of making passwords very difficult for users to remember and enter, which may have the paradoxical effect of reducing security as users seek to find ways to remember their passwords—for example, by writing them down or saving them in a convenient place.

The US National Institute for Standards and Technology (NIST) has determined most password complexity guidelines to be outdated for this reason, and does not endorse most password complexity requirements. Instead, many experts now recommend the use of passphrases—very long passwords that are easier for users to remember, such as "YellowBoatCubumberNevadaIceCream" or "SevenSharkFitnessFandom" for example.

By virtue of their length, passphrases remain difficult to "brute force," but by avoiding the most onerous complexity requirements, passphrases enable users to remember passwords without storing and retrieving them in insecure ways.

2FA/MFA Rapid Reference

Authentication at a glance

Download the 2FA/MFA Rapid Reference now:

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms

 

2FA/MFA Rapid Reference

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms
Save PDF  

Downloadable References

PDF
Sample, shareable addition for employee handbook or company policy library to provide governance for employee AI use.
PDF
Generative AI is exploding, but workplace governance is lagging. Use this whitepaper to help implement guardrails.
PDF
Cheat sheet for basics to stay secure, their ideal deployment order, and steps to take in case of a breach.
PDF
Real-time, continuous authentication using behavioral biometrics and machine learning.
 
 
 
 
 

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.