Skip to content

Is Your Password Long and Complex Enough?

Longer passwords make brute force attacks more difficult. Brute force attacks involve malicious actors using powerful computers to guess your password. As you can see in the following chart provided by researchers at Hive Systems, the best protection against Brute Force attacks are complex passwords containing at least 13 upper and lower case letters.

It is estimated that passwords of this moderate complexity will take 241 million years to crack.

Adding numbers to the moderate complexity password containing 13 upper and lower case letters increases the password resilience against compromise to 2 billion years.

An even more secure password that adds symbols, would increase the 13 character password resilience to 11 billion years.

For extreme protection, particularly to guard against improvements in processing power of computers, an 18 character password containing numbers, upper and lower case letters, and symbols would take an estimated 19 quintillion years to compromise.

It is important to note that password complexity protects against automated guessing. A 13 character password that contains mixed case words may be difficult for a computer to compromise. However, access to personal information may enable a person to guess a password much more easily than a computer. Consider the implications of family names, birthdates, and occasions being shared on social media and how this information provides some contextual information that could assist someone in their password guessing attempts.

Source: Hive Systems https://www.hivesystems.io/password


This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu


IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu