Book Demo!

YES!!  Longer passwords are better.

It is always easier to increase password combinations when increasing the power, not the base, of the exponential function. This is a mathematical argument for the new NIST Digital Identity Guidelines for the United States federal government that favors longer passwords over complex ones.   If you don’t want to read the guidelines, let’s discuss why longer passwords are stronger and if formed correctly can be easier to remember.

Imagine you have a password with eight characters and only letters – uppercase and lowercase. That gives you 52 letters per character. The total number of all the combinations you can make out of those letters is 52 to the power of 8, or 53,459,728,531,456.

XtonTech Xton Technologies Privileged Account Manager Password Complexity

Let’s try to make this password stronger. The first idea is to require numbers and special characters in the password but keep the length at eight. It will be harder to remember such a password. There are more chances that the user will just write it down somewhere. This is not a good strategy but, still, let’s see whether it will make the password any stronger. So the total number of combinations to crack in this case is 72 (52 letters plus 10 numbers plus 10 special characters) to the power of eight, or 722,204,136,308,736.

Let’s see whether we can do any better. This time, we’ll keep the characters as only upper case and lowercase letters (total 52) but let’s require a couple of more characters in the password (10 instead of eight). It is not much harder to remember 10 letters vs eight – just pick a phrase that combines two words. So the total number of combinations to crack in this case is 52 in power of 10. 144,555,105,949,057,020. Adding two additional characters is almost 1,000 times better than adding numbers and characters for the same length without the risk that the password will become impossible to remember.

Add two more characters to the password with only letters. The length of the password becomes 12 and the number of combinations becomes 390,877,006,486,250,200,000. It is one million times better than 8-character password with special symbols. Still, a 12-characters password that contains only letters sounds like a reasonable thing to remember.

In summary, longer passwords are better.  Try extending the length of your passwords to more than 12 characters by combining words rather than adding numbers and special characters that are harder to remember.

About us

Xton Access Manager is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort. Xton Access Manager automatically generates very long passwords for privileged accounts and keeps them in its secure identity vault.

Please fill out this form to receive a download link to get started today with free 60 days trial. Documentation is available to help. You can email or call us to request a trial extension, ask questions and share your feedback. We would love to talk to you.

    Please fill out the form below to download Xton Access Manager.

    What interests you most about Xton Access Manager?

    Trial registration may take up to 30 seconds to complete. Please do not Refresh this page after submitting.


    Mark Klinchin

    I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

    1 Comment

    Help Me to Forget Root Password | Xton Technologies · August 28, 2017 at 10:03 am

    […] Modern privilege elevation software is much more sophisticated than early versions of sudo or rhosts technologies. First, it applies to different operating systems, not just to Unix or Windows. The software elevates privileges of an authorized natural person’s account by establishing sessions to network resources. The software can optionally record and monitor sessions as well as to restrict operations that the account can perform on the remote device.  In addition to providing access to network resources without asking for credentials, Privilege Account and Access Management System stores all privileged accounts in one easy to access place usually called Identity Vault. Identity vault releases password by request to the qualified IT personnel and then comes back and resets this password. Since nobody needs to remember privileged passwords anymore the identity vault picks long hard to crack passwords. […]

    Comments are closed.

    Related Posts


    Improving Database Security with Privileged Access Management

    Cybercriminals and hackers want access to your most sensitive information and systems. Customer data, PPI, and company secrets are often kept in databases. With cyber threats on the rise, database security has never been more Read more…


    The Challenge with Jump Servers and Privileged Accounts

    A lot of companies rely on jump servers as part of their security strategy.  It’s common for a company to create a jump server for IT administrators to connect to SSH and RDP as part Read more…


    Insider Abuse, Google and Privileged Users

    Recent news reports found that Google fired dozens of employees from 2018 -2020 for abusing their access to company data. While insider abuse is not new, it is a growing threat and one that companies Read more…

    Copyright © 2020 Xton Technologies, LLC. All rights reserved.