Are Long Passwords Keeping You Protected? Probably not.

Free cybersecurity data security firewall illustration

How long is your average password – 8, 10, maybe 12 characters in length? In an age where digital security is very important, the strength of your passwords can mean the difference between safety and vulnerability. Recent research sheds light on a surprising reality – even long passwords with impressive lengths can be compromised. Verizon found that 86% of attack access is gained through stolen credentials. It’s time to have a conversation about password security.

Looking at the Research – Long Passwords Are Not Good Enough

Specops, an Outpost34 company, recently conducted research and found that password length is not enough to prevent your account from being compromised.

The below table shows how many compromised passwords they found above five given lengths. If we’re counting 12 and over as a ‘long password’ then 121.5 million compromised passwords were found to be long. As you can see, the number of compromised long passwords does decrease as character length increases, but there are still 31.1 million compromised passwords over 16 characters in length.  

long passwords are no longer good enough.
Credit: Specops.

Length vs. Strength

While it’s a common belief that longer passwords are inherently more secure, the facts suggest otherwise. Astonishingly, an eight-character password stands out as the most commonly compromised password length. However, those who opt for 15-character passwords aren’t entirely immune either. They too find themselves among the top ten most compromised lengths.

So, what’s the catch? The security of a password isn’t solely determined by its length; other factors play a pivotal role. The content of the password and whether you use the same password across multiple sites are equally important considerations.

For instance, the notorious “password” ranks as the most compromised eight-character password, while “Sym_newhireOEIE” is the unexpected leader among the most compromised 15-character passwords. It’s evident that mere length doesn’t necessarily equate to security.

The content of the password and whether you use the same long password across multiple sites are equally important.
The content of the password and whether you use the same password across multiple sites are equally important.

The Rising Importance of Cybersecurity

This concern isn’t confined to individuals alone. Businesses, just like yours, are increasingly at risk of cybersecurity threats. Startling statistics reveal that a significant 86% of all cyberattacks commence with the theft of credentials. In simpler terms, nearly nine out of every ten attacks can be traced back to this root cause. This paints a stark picture of the challenges businesses face in safeguarding their digital assets.

While longer passwords may provide better resistance to brute force cracking, it’s crucial to remember that they alone cannot protect against stolen credentials resulting from phishing attacks.

Do you have confidence in your cybersecurity tech stack?

Are you certain your tech stack is protecting your employees and endpoints? Dark Blue Technologies combines security solutions from leading cybersecurity partners to provide organizations with best-in-class coverage for all attack surfaces. We provide businesses with cutting-edge XDR, cybersecurity awareness training, hardware and cloud optimizations, and more. Get in touch with us to find out if we can help improve your business security.

The Multi-Faceted Approach to Enhanced Security

To bolster your organization’s defenses, implementing a robust business password manager is a prudent step. Such tools not only generate lengthy, randomized passwords but also store and autofill them securely during login procedures.

Additionally, embracing two-factor authentication offers an extra layer of security. This method entails generating a unique code on a separate device to verify your identity. Even if cybercriminals manage to crack your password, they will remain unable to access your data without this second authentication factor. In an era where attackers are increasingly targeting businesses, adopting a comprehensive security strategy is paramount. If you require guidance in fortifying your business against evolving cyber threats, reaching out to experts is a wise move.

Ready to talk about IT Solutions?

Fill out our online form with information about your next project or technical needs and we will be in touch within one business day.