How long should my password be?

Some people roll their eyes. Some people groan out loud.

Coming up with a new password can take top spot in some people’s Most Annoying Tasks list.

So, just how long does it really need to be?

Watch here:


How Long?

Doug needs another cup of coffee.

He has to come up with yet another password for yet another account.

And he’s about to give up and go with “12345.”

But wait —  security experts say you should make your password at least three times as long to keep the bad guys from breaking in.

Shoot for at least 15 characters.

And more is even better. Some security experts use 30-character passwords.

Cracked in Seconds

Attackers can use automation to keep guessing your password until they nail it.

If you use common passwords like “cheese” or “banana,” well, they’re probably already in your account.

And if you use the same password on many accounts, you’re making the bad guys very happy.

Research shows they can crack a five character-password in seconds, and an eight-character password —— depending on the complexity — in a matter of hours.


Alphabet combination lock representing password security
An 8-character password can be cracked in seconds to hours, depending on its complexity. Image: Gino Crescoli

What to Do

Some experts recommend you come up with five random words.

We’ll choose, just for example:






Put them together to make a 32-character password, servingsweetcrustymustard pretzel, that would take two octillion years to crack, according to

Having trouble? You can use a random word generator to come up with those random words, if that works best for you.

Next Level Passwords

Some experts say you should mix in capitals, special characters and numbers, too.

That could turn:




This password would take 65 quindecillion years to crack, according to

Overkill? Maybe. But it’s an easy way to keep your accounts safe.

Password Security

It’s a good idea to avoid personal info, like your name, your kids’ names, your pets’ names, the name of your city and your birthday.

Attackers will be looking for you to follow that very common pattern of including personal details in your password.

Store your passwords in a password manager so you don’t have to remember them.

Now, Doug can stay secure without losing his mind — or his lunch.


See more answers from Archer News:

What is a honeypot?

What is Shodan?

What is ICS?

What is a DDoS?


Main image: Giraffe. Image: Melanie van de Sande

Leave a Reply