How long should a password be?

  • Between 5 and 8 characters

    Votes: 2 3.4%
  • Between 8 and 12 characters

    Votes: 22 37.9%
  • Between 15 and 20 characters

    Votes: 17 29.3%
  • 20 characters or more

    Votes: 14 24.1%
  • Length doesn't matter

    Votes: 3 5.2%
  • Total voters


Level 28
Content Creator
This is getting bothersome, another service asking me to change my unanimous password, like 5th one this year alone.
I like my Password123, it is unique, even though I have received several attempts to login to my "useless" accounts. 😹



Level 7
My (limited) understanding is that hackers can access websites using one of 4 main techniques...

1. Social engineering methods (no hacking required).

2. Trying out previously compromised login credentials (which can be purchased on the dark web) on multiple websites in the hope that some will work. This is why unique passwords for each site are important.

3. Using brute force techniques to try to guess passwords (which is why length and complexity are important). This is also why its good to avoid dictictionary words or common phrases.

4. Directly hacking websites to find databases containing the login credentials of each user. This is out of the control of the user as you just have to trust the security policies of the website holding your password. Whether a stolen password database is of any use to the hacker depends on how it is stored. Plain text would be very easy to exploit, whereas 'salted' hash values would be very difficult to exploit. However, if the database contains unsalted hash values (as many apparently do) then it is open to attack using Rainbow Tables. In that case, it doesn't matter how long or complex a password is- every account is potentially at risk of being breached- even if a password is a 128 character long string of random chacaracters.

Please can someone tell me if I am correct about this ?

Have I got anything wrong ?