Get Started!

YES!!  Longer passwords are better.

It is always easier to increase password combinations when increasing the power, not the base, of the exponential function. This is a mathematical argument for the new NIST Digital Identity Guidelines for the United States federal government that favors longer passwords over complex ones.   If you don’t want to read the guidelines, let’s discuss why longer passwords are stronger and if formed correctly can be easier to remember.

Imagine you have a password with eight characters and only letters – uppercase and lowercase. That gives you 52 letters per character. The total number of all the combinations you can make out of those letters is 52 to the power of 8, or 53,459,728,531,456.

XtonTech Xton Technologies Privileged Account Manager Password Complexity

Let’s try to make this password stronger. The first idea is to require numbers and special characters in the password but keep the length at eight8. It will be harder to remember such a password. There are more chances that the user will just write it down somewhere. This is not a good strategy but, still, let’s see whether it will make the password any stronger. So the total number of combinations to crack in this case is 72 (52 letters plus 10 numbers plus 10 special characters) to the power of eight, or 722,204,136,308,736.

Let’s see whether we can do any better. This time, we’ll keep the characters as only upper case and lowercase letters (total 52) but let’s require a couple of more characters in the password (10 instead of eight). It is not much harder to remember 10 letters vs eight – just pick a phrase that combines two words. So the total number of combinations to crack in this case is 52 in power of 10. 144,555,105,949,057,020. Adding two additional characters is almost 1,000 times better than adding numbers and characters for the same length without the risk that the password will become impossible to remember.

Add two more characters to the password with only letters. The length of the password becomes 12 and the number of combinations becomes 390,877,006,486,250,200,000. It is one million times better than 8-character password with special symbols. Still, a 12-characters password that contains only letters sounds like a reasonable thing to remember.

In summary, longer passwords are better.  Try extending the length of your passwords to more than 12 characters by combining words rather than adding numbers and special characters that are harder to remember.

About us

Xton Access Manager is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort. Xton Access Manager automatically generates very long passwords for privileged accounts and keeps them in its secure identity vault.

Please fill out this form to receive a download link to get started today with free 60 days trial. Documentation is available to help. You can email or call us to request a trial extension, ask questions and share your feedback. We would love to talk to you.

Please fill out the form below to download Xton Access Manager.

What interests you most about Xton Access Manager?

Trial registration may take up to 30 seconds to complete. Please do not Refresh this page after submitting.

 


Mark Klinchin

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

1 Comment

Help Me to Forget Root Password | Xton Technologies · August 28, 2017 at 10:03 am

[…] Modern privilege elevation software is much more sophisticated than early versions of sudo or rhosts technologies. First, it applies to different operating systems, not just to Unix or Windows. The software elevates privileges of an authorized natural person’s account by establishing sessions to network resources. The software can optionally record and monitor sessions as well as to restrict operations that the account can perform on the remote device.  In addition to providing access to network resources without asking for credentials, Privilege Account and Access Management System stores all privileged accounts in one easy to access place usually called Identity Vault. Identity vault releases password by request to the qualified IT personnel and then comes back and resets this password. Since nobody needs to remember privileged passwords anymore the identity vault picks long hard to crack passwords. […]

Comments are closed.

Related Posts

Industry

Infographics: Six Signs You Need a Privileged Account and Access Management System

Hacker Image Diluted We imagine a hacker as a mad scientist processing in his brain a stream of zeros and ones jumping on a scary green screen in search of security holes never seen before. Yet, Read more…

Industry

Infographics: Ten Functions of Privileged Account Management

My auto-mechanic recently told me that they do not start the service with opening the hood anymore. They start it with connecting a car to a computer to get a picture of what is going Read more…

Industry

Infographics: Simple Way to Secure Privileged Accounts

IT admins love privileged accounts. Security departments hate them. Privileged account and access management (PAM) practice is a good way to reconcile this. We created a simple infographics with steps to take to gain control Read more…

Copyright © 2017 Xton Technologies, LLC. All rights reserved.