Longer passwords yes, but more complex password are better


Will Dormann in exposing the half-measure Outlook patch also shows that more complex passwords with mixed-case letters plus digits and symbols is better than a simple long password.

The highest length of time to crack an 8 character password from NTLMv2 hash with a mere single mid-range GPU.

Longer passwords are better but you don’t need to go overboard.  Adding just one more character to make a 9 char mixed-case, letters, digits and symbols increases the maximum time to solve from a year to 84 years!

That’s for a ‘brute force’ attack which tries all possible combinations.

Longer but not predictable

Any hacker will first try the still too common passwords like ‘

1
password

‘, ‘

1
1234567890

‘ or other combinations.

In practice, you should have a properly unique password with a Mixed-case letters, numbers and a symbol or two for example ‘

1
St*ar*256

Two factor is even better

Office-Watch.com has strongly pushed the use of two-factor authentication for the important accounts like email and banking including Microsoft, Google and Facebook logins.

Two-factor authentication is a better choice than a longer or more complex password.

Both our Office 2016 and Windows 10 books have chapters devoted to Microsoft Account security and especially step-by-step setup of two-factor authentication.


Want More?

Office Watch has the latest news and tips about Microsoft Office.  Delivered once a week.