Longer passwords yes, but more complex password are better

Office for Mere Mortals helps people around the world get more from Word, Excel, PowerPoint and Outlook. Delivered once a week. free.

Will Dormann in exposing the half-measure Outlook patch also shows that more complex passwords with mixed-case letters plus digits and symbols is better than a simple long password.

The highest length of time to crack an 8 character password from NTLMv2 hash with a mere single mid-range GPU.

longer passwords yes but more complex password are better 18356 - Longer passwords yes, but more complex password are better

Longer passwords are better but you don’t need to go overboard.  Adding just one more character to make a 9 char mixed-case, letters, digits and symbols increases the maximum time to solve from a year to 84 years!

That’s for a ‘brute force’ attack which tries all possible combinations.

Longer but not predictable

Any hacker will first try the still too common passwords like ‘password‘, ‘1234567890‘ or other combinations.

In practice, you should have a properly unique password with a Mixed-case letters, numbers and a symbol or two for example ‘St*ar*256

Two factor is even better

Office-Watch.com has strongly pushed the use of two-factor authentication for the important accounts like email and banking including Microsoft, Google and Facebook logins.

Two-factor authentication is a better choice than a longer or more complex password.

Both our Office 2016 and Windows 10 books have chapters devoted to Microsoft Account security and especially step-by-step setup of two-factor authentication.

Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.