Get Started!

YES!!  Longer passwords are better.

It is always easier to increase password combinations when increasing the power, not the base, of the exponential function. This is a mathematical argument for the new NIST Digital Identity Guidelines for the United States federal government that favors longer passwords over complex ones.   If you don’t want to read the guidelines, let’s discuss why longer passwords are stronger and if formed correctly can be easier to remember.

Imagine you have a password with eight characters and only letters – uppercase and lowercase. That gives you 52 letters per character. The total number of all the combinations you can make out of those letters is 52 to the power of 8, or 53,459,728,531,456.

XtonTech Xton Technologies Privileged Account Manager Password Complexity

Let’s try to make this password stronger. The first idea is to require numbers and special characters in the password but keep the length at eight8. It will be harder to remember such a password. There are more chances that the user will just write it down somewhere. This is not a good strategy but, still, let’s see whether it will make the password any stronger. So the total number of combinations to crack in this case is 72 (52 letters plus 10 numbers plus 10 special characters) to the power of eight, or 722,204,136,308,736.

Let’s see whether we can do any better. This time, we’ll keep the characters as only upper case and lowercase letters (total 52) but let’s require a couple of more characters in the password (10 instead of eight). It is not much harder to remember 10 letters vs eight – just pick a phrase that combines two words. So the total number of combinations to crack in this case is 52 in power of 10. 144,555,105,949,057,020. Adding two additional characters is almost 1,000 times better than adding numbers and characters for the same length without the risk that the password will become impossible to remember.

Add two more characters to the password with only letters. The length of the password becomes 12 and the number of combinations becomes 390,877,006,486,250,200,000. It is one million times better than 8-character password with special symbols. Still, a 12-characters password that contains only letters sounds like a reasonable thing to remember.

In summary, longer passwords are better.  Try extending the length of your passwords to more than 12 characters by combining words rather than adding numbers and special characters that are harder to remember.

About us

Xton Access Manager is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort. Xton Access Manager automatically generates very long passwords for privileged accounts and keeps them in its secure identity vault.

Please fill out this form to receive a download link to get started today with free 60 days trial. Documentation is available to help. You can email or call us to request a trial extension, ask questions and share your feedback. We would love to talk to you.

Please fill out the form below to download Xton Access Manager.

What interests you most about Xton Access Manager?

Trial registration may take up to 30 seconds to complete. Please do not Refresh this page after submitting.


Mark Klinchin

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

1 Comment

Help Me to Forget Root Password | Xton Technologies · August 28, 2017 at 10:03 am

[…] Modern privilege elevation software is much more sophisticated than early versions of sudo or rhosts technologies. First, it applies to different operating systems, not just to Unix or Windows. The software elevates privileges of an authorized natural person’s account by establishing sessions to network resources. The software can optionally record and monitor sessions as well as to restrict operations that the account can perform on the remote device.  In addition to providing access to network resources without asking for credentials, Privilege Account and Access Management System stores all privileged accounts in one easy to access place usually called Identity Vault. Identity vault releases password by request to the qualified IT personnel and then comes back and resets this password. Since nobody needs to remember privileged passwords anymore the identity vault picks long hard to crack passwords. […]

Comments are closed.

Related Posts


10 Questions to ask Privileged Access Management Vendors

According to Forrester 80% of security breaches involve privileged credentials. Verizon Data Breach Investigations Report, has reported that “privileged misuse” is the second most common category of security attack. If a hacker gets access to Read more…


Access Manager is Self-Hosted or Cloud Datacenter Gateway

Xton Access Manager (XTAM) is a self hosted Jump server also called “Bastion Host”, “Remote Gateway” or “Jump host”. XTAM is a solution to access Windows or Unix servers, network devices or Cloud (AWS or Read more…


Periodic Table of PAM Elements

Periodic table of Privileged Account Management elements is a fun way to learn the language of modern information security, its challenges and priorities. Navigating through Privileged Account Management can be tough, but the right tools Read more…

Copyright © 2018 Xton Technologies, LLC. All rights reserved.