Security experts issue new guidelines as they reveal why complicated passwords put you more at risk of hacking

Complex passwords were once said to be an absolute must, but now, the opposite is considered to be true.

Most people likely remember making their first password and being told it wasn’t complicated enough by a friend, loved one, or the computer itself.

If you were one of the people who decided to simply not listen to that advice, you were apparently ahead of the curve, as cybersecurity experts are now warning against using overcomplicated passwords entirely.

Actually, that’s only half true. While complex passwords are no longer the recommended way of selecting passwords, it’s actually because of the people who refused to do so and not because complex passwords are vulnerable themselves.

Complex password requirements are counterproductive, experts say. (Getty Stock Photo)

Cybersecurity experts came to realize that, by urging people to frequently change their passwords and make them as complex as possible, many people did the opposite out of laziness, spite, or general lack of care. Thus, requiring complex passwords was found to be generally counterproductive and is no longer the best protocol.

And no, these cybersecurity experts aren’t just hackers in disguise trying to get you to simplify your passwords; the U.S. National Institute of Standards and Technology has recently renewed their guidelines and suggested creating longer passwords rather than more complex ones.

In fact, when it comes to getting hacked, having a longer, simpler password makes it both harder to guess for a hacker and easier to remember yourself, making it something of a win-win situation for your cybersecurity.

Unsurprisingly, this drastic change was a shock to those online, but many viewed the change as a positive, and agreed with the sentiment that longer passwords are far more realistic than short and complex ones.

Passwords are safer when they're simple and long than when they're short and complex. (Getty Stock Photo)

“I can remember long (20-character), nonsensical passwords in mixed case plus numbers and symbols,” said one Redditor, “It takes me a few weeks to learn them, but they stick forever. I don't need to write them down, and I can hold about 5 of them in my head.”

Another commenter held a similar opinion: “If someone is trying to brute force a password all that matters is length and complexity of characters.”

“A 15-character password is going to be orders of magnitude harder to crack than a 10-character password if you have symbols, special characters, numbers, and lowercase and uppercase letters in there.”

Otherwise, some people question the need for traditional passwords altogether in 2024, as there are alternative measures to access accounts that are far more difficult for hackers to penetrate.

“I’m glad we’re now thinking about alternatives like passkeys,” one commenter wrote, “Nobody should have to try to keep 100 different passwords for their accounts.”