Is !password20231# a Complex Password? The Answer Might Surprise You. 

Clarity Blog Header (sm) (4)

When it comes to preserving your identity and privacy, almost nothing is as important as a strong and complex password. It does not matter if you’re talking personal or business–complex passwords are a must. 

Gone are the days of using your pet’s name or a child’s birthday. Today’s world of cybersecurity requires a level of complexity that meets standards for length, complexity, and uniqueness. True online security is becoming harder and harder to come by. 

Let’s take a look at what makes for a complex password and how you can have the strongest passwords for your personal and business use. 

What Makes a Complex Password? 

According to recent reports, 83% of compromised passwords met complexity and length requirements. So how did they get cracked?  

In many cases, what starts as a user’s intention to have a long, complex password, often ends up simpler. !adfak&35.234# and !password20231# both meet length requirements, but one is clearly more complex than the other. 

Why do users do this?  

Simple: it’s difficult to remember and generate passwords that meet full length and complexity requirements. Using easy-to-remember words like ‘password’ makes it easier to remember. In short, what is happening is called user password fatigue

In fact, according to the Specops 2023 Password Report, the words “password” and “welcome” are some of the most commonly used and most easily guessed terms. When a user uses these words, personal or organizational security is lowered. 

NIST Password Requirements 

Following a growing prevalence of breaches nationwide, in 2020, the National Institute of Standards and Technology (NIST) recommended updated changes to current password policy practices. Here are the general recommendations for organizations:  

  • Do away with regular password change requirements unless a user requests one or if a breached password has been found. 
  • Eliminate password complexity requirements; focus on overall password length (12 characters, for example). 
  • Mandate screening of new passwords against commonly used dictionary terms, including custom word lists and previously compromised passwords. 

We also put together our recommendations for password best practices as a top-managed IT service provider here.  

The Future of Passwords and Security 

While the future of passwords is unsure, one thing is for sure: the cybersecurity landscape will continue to evolve and change rapidly. 

Currently, there are proactive steps your organization can take to protect itself when it comes to password use and policies. Both in business and personally, using multi-factor authentication and using a password manager are vital practices to protect your online security.  

If your organization is looking to reduce your risk around cybersecurity breaches and downtime, we can help. With experience serving small to medium-sized businesses in the Greater Madison, WI Area, we can support your business regardless of industry and scope. Schedule a free assessment with Clarity Technology Group today.