Does Password Complexity Reduce Risk? #201

In Episode #201, Bill speaks with Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, about passwords and password complexity.

The average person has over 170 websites/services that require passwords and only between 3 and 19 passwords for all of them. This means if one website gets compromised, the others are at risk.

In the past, we have been told to have long, complex passwords and change them frequently. But now, experts like Roger say to do the opposite and use MFA combined with a password manager.

And when you do use passwords, Roger has a great point about longer vs. complex, “Longer is better than complexity, because as soon as you throw complexity into it, the human being if they have to remember it and reuse it, they start to either reuse it on other places, or they start to create patterns.”