Long passwords are best practice: easily use and remember long, strong passwords

Intricate keys neatly organized on a yellow surface.
Photo by Alp Duran / Unsplash

Password managers are the best tool you can use to solve this common problem of username-password pairings: weak, reused passwords.

Weak passwords are those passwords which can be guessed with the help of computers. The weakest passwords are shorter than 16 characters. Have a look at the chart below.

Matrix showing length of password against composition of password, resulting in time taken to guess.
Remember that this chart shows only the effect of length. Passwords that are not generated randomly will be must faster to guess.

Reused passwords are passwords which are used in more than one credential.

For example, one day you create a password for your supermarket loyalty program signup. At some point later, you use the same password to sign up for a new video chat service. You have just reused a password. When the supermarket loyalty program gets breached, your password could be discovered, then used by thieves. They would try your discovered password, in tandem with your known email address, on other services, hoping that you have reused it, thus allowing them to unlock a more valuable login.

📣 CRA hacks happened because people reuse passwords-here’s how to stop
Many of us are not only using the same lock and key everywhere, it’s a lock and key we bought at the dollar store.
Don't reuse passwords. Period.

Always use unique passwords. Don't allow yourself to be victimized by credential stuffing.

Replace your existing system with a password manager

⚡️ Quickstart: Fix your password habit with Bitwarden on desktop
Getting started with Bitwarden as your password manager can be easy.

Longer passwords are better passwords, all else being equal. Length is important because modern computers are powerful enough to guess shorter passwords.

When relying on our memory to track passwords, we make a tradeoff between password length vs password complexity. The more complex (usually taken to mean variety of symbols, numbers, and letters used) a password is, the shorter the password must be for a human to reliably remember it. Use a password manager.

The maximum length of a password is set by the developers of whichever service you're creating credentials for. Modern services do not have a limit that most of us will come up against. Certain other services, in Canada they're often banks, used to have absurdly low maximum lengths. You should be concerned if you're still forced to use passwords less than 16 characters in length. Talk to your customer support and ask them to have their product team to fix the limitation.

Transitioning to a password manager

None of us are starting with a clean slate. We all have accounts already. How to transition without losing our minds?

⚡️ Switch to a password manager: the easy way
Switch to a password manager, but do it gradually. Improving your operational security doesn’t have to be a huge chore.


Helpful words