The Bitwarden Blog
Is the Longest Password Always the Best
July 21, 2022
A few weeks ago, a question popped up in Reddit: “Is the longest possible password always better?”.
Some say size matters when it comes to password strength and best password length. The longer a password is, the harder it is to crack using brute force algorithms. However, good password length is only one factor contributing to password security.
Hardening password security also involves using strong, unique passwords. One way to create a strong password is by using several characters. The more characters used, the harder a password is to crack.
The four character sets are:
- Numerical characters such as 12345
- Lowercase characters such as abcde
- Uppercase characters such as ABCDE
- Special characters such as !$%&?
A password consisting exclusively of numerical characters has only ten possible options for each character (0 – 9). If a password is six numerical characters in length, a hacker can attempt one million possible combinations (10 x 10 x 10 x 10 x 10 x 10).
However, a six-character password consisting of numbers and lowercase letters has thirty-six options for each character (0 – 9 plus a – z). Now, rather than one million possible combinations, 2,176,782,336 possible combinations exist for a six-character password.
A password’s overall randomness also contributes to better password security, and passphrases are an easy way to achieve that. Using a passphrase helps as it combines memorable words or phrases known to the user but less recognizable by hackers.
Another way to increase password strength is to avoid commonly-used dictionary words or repeated or sequential characters, such as “secret”. Likewise, some very long passwords appear in password dumps with remarkable frequency.
One such password is
1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/, which, despite being thirty-four characters in length, would be among the first couple of thousand attempts by a brute force hacker (you will see why if you look at your keyboard).
Lots of math can come into play, but longer and more unique characters create better passwords. You can easily build better passwords by using the Bitwarden Password Generator or try theoretical passwords or test existing credentials with the Bitwarden Password Strength Testing Tool. Bitwarden provides these features for free, including the Password Generator within all Bitwarden Clients, plus an option for password vault health reports in the premium and business plans.
Brute force attacks are not the only reason for account hacking. Successful phishing attacks are a common cause of data breaches, and the easier it is to remember a password, the easier it is to disclose it to an unauthorized party. Further exacerbating this threat is if the same password is used for multiple accounts to save someone from remembering various log-in credentials. A recent report further supports this issue showing that nearly 9 out of 10 users reuse passwords.
A password manager helps generate and store unique and complex passwords for each account. The benefit of storing passwords in a password manager is that they are encrypted, hashed, and salted to prevent authorized access – which is a far safer option than storing passwords in plain text format in Word documents or Excel spreadsheets!
Editor's Note: This article was originally written on April 27th, 2021 and was updated on July 21st, 2022.
Back to Blog