LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What's the recommended minimum password length, and why does length matter more than complexity?

At least 12 characters. Length beats complexity because each extra character multiplies the search space.

Entropy vs length for 26/62/95-char alphabets, with a 5-word diceware passphrase (~65 bits) reference.

* Entropy grows linearly with length — length outpaces a bigger charset. *

The math:

  • An 8-character password from a 70-char alphabet → 70⁸ ≈ 5.8 × 10¹⁴ combinations
  • A 12-character password from the same set → 70¹² ≈ 1.4 × 10²² — about 24 million times larger
  • A high-end GPU around 2026 can do on the order of ~100 billion NTLM hashes/second — so the 8-char space falls in ~1 hour, but the 12-char space takes ~4,500 years at the same rate

Why length wins:

Adding one character multiplies the search space by the alphabet size (~70). Adding one type of character (e.g. symbols) only widens the alphabet a bit. So correcthorsebatterystaple (25 lowercase chars) is vastly stronger than Tr0ub4dor&3 (11 chars with all the "complexity").

Visualizer: https://www.security.org/how-secure-is-my-password/ — try comparing 8-char complex vs 16-char passphrase.

Tip: Famous XKCD on this — https://xkcd.com/936/.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 05, 2026