Passwords are used to secure personal and sensitive information, and they act as the first line of defense against unauthorized access to an account or system. Password length and complexity are both important factors in ensuring password security, but when it comes to prioritizing one over the other, password length is generally considered more important than complexity.
How fast can Artificial Intelligence crack passwords? Watch this quick video. You can see the exponential increase in time necessary to break a password with each additional character added to length.
6 Chars: Instantly – 7 Chars: 42 seconds – 8 Chars: 48 minutes
9 Chars: two days – 10 Chars: six months – 11 Chars: 356 years
12 Chars: 30,000 years – 13 Chars: 2 million years.
In conclusion, while both length and complexity are important factors in password security, length is generally considered more important because it provides a stronger defense against brute-force attacks and is easier to remember. A longer password with a combination of words or phrases that are not easily guessable is a better approach to password security than a short, complex password based on easily guessable information.
To Understand the math involved, have a look at The Birthday Paradox.