Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid password policy recommendations:
- If your password is truly random, then it should be 12+ characters or longer to fight password hash cracking attacks
- If your password is made up in your head or not truly random, it needs to be 20+ characters or longer to fight password guessing
I really think you need to use PHISHING-RESISTANT MFA to protect valuable data and systems, as primary authentication, followed by using password managers (which more easily create and use long, truly random passwords that are different for every site and service you use). And if and only if you cannot use MFA or a password manager, then make up a long passphrase for your password (like rogerjumpsoverthebrowncow, etc.). In any case, make sure your passwords are unique for every site and service.
I summarize that previous password advice graphically like this below:
This prior policy, which many people think requires passwords that are already too long (or complex), is not good enough anymore!
(BTW, I agree that passwords we need to use are already too long (and/or complex), which is why I recommend using MFA or a password manager instead whenever possible.)
In the process of writing my latest book, I had to think about how password policy would be impacted by AI and quantum attacks.
First, it is important to understand that most password attacks do not care about the length or complexity of your password, or whether it is unique or re-used everywhere. Most passwords are stolen using social engineering or unpatched vulnerabilities where the password is stolen. Your password can be good or bad, but if you give it to the hacker or let them steal it, who cares.
There are only two types of password attacks that care whether your password is strong or not:
- Guessing against an online login screen
- Guessing/cracking a stolen password hash
To prevent someone from guessing your password or cracking your password’s stolen hash, the best defense is to use a truly random password (e.g., xrhjwwLv7ocvFEW9eCW9, r?K2Xrki2N_Mv(3FBVmPK4b etc.). As far as I know, no one, even using tremendous cloud computing resources has ever broken an 11-character long truly random password, so using 12-characters or longer truly random passwords should be sufficient.
There is always a chance that some nation-state could have tremendous computing ability to break even 12-character or longer truly random passwords, but they are not publicly known about and let’s be real, if a nation-state wants to hack you or your password, they are going to eventually be successful no matter what you do. My password policy advice is for defenses against most attacks.
A major part of the determination that a 12-character fully random password would be sufficiently resistant to attack is the data from this table below, taken from https://t.co/NKYIrKwUDb. This data is the best data on password hash cracking I have been able to find, even though it is a bit old, from 2019. It involves a huge password hash cracking “rig” with 448 GPUs. It is able to do 31.8 trillion guesses at NTLM password hashes per second! That is pretty fast, although faster password hash cracking rigs are available.
It shows that something mathematically incredible happens between 11-character truly random passwords and 12 characters. Even if you have a far faster password cracking rig…say 100 trillion guesses a second involved, it is going to take a hacker a year or longer to crack it. First, they have to steal your password hash (no small undertaking by itself), then subject it to a pretty intense password cracking attack with substantial resources. If you think that a hacker may decide to put the resources of 100 trillion guesses or more against your password, just make your password longer.
My password manager tries to create 20-character truly random passwords by default, but I have to shorten them to “only” 16-characters and remove strong complexity so that most websites and services will accept them. Although I do not know for sure (because I do not work at the NSA), a 20-character truly random password is likely to be uncrackable even for nation-states.
That handles password hash cracking defense.
How long (and/or complex) does your password have to be to prevent online password guessing attacks?
Note: For password guessing attack defenses, we will assume that the defender has no mechanisms to detect and stop multiple online password guessing attempts…just for our analysis, and also, because that is often true.
Well, the longest, most complex online password-guessing attack made public that I am aware of is an attack that cracked the 10-character “supposedly complex” password ‘Welkcom2020’. The attacker was able to guess at the password over 100,000 a day for over a year. That victim company had very poor controls.
I am sure that longer and more complex passwords have been guessed successfully by real-world hackers against online portals, but this is the longest and most complex password I have seen shared publicly.
I know of many professional penetration companies that routinely guess at human-created passwords (from their retrieved hashes) up to 18-characters containing moderate complexity (i.e., placed at the end using the normally used “complexity” characters). Yes, password hash crackers ROUTINELY crack human-created passwords up to 18 characters.
I have never heard of a password guesser that cracked anything bigger, but you have to assume the nation-state-level guessers could guess longer passwords. That is why I have, for years, recommended that human-created passwords be 20-characters or longer for strong protection. Go longer if you need more protection.
So, that is how I came up with my long-standing previous password policy: 12-character or longer for truly random passwords or 20-character or longer human-created or non-random passwords.
Here is my original password policy advice whitepaper from a few years ago discussing the various attacks and my recommendations at the time.
AI and quantum attacks mean you need longer passwords.
How Does AI Impact Password Guessing/Cracking?
AI is pattern-matching software. It is good at finding and making sense of patterns. Even if something looks random to us, if it has a pattern, AI is going to improve it. So, if you create human-generated passwords or passwords of any type that are not truly random, AI-enabled password guessers and crackers will likely help.
The question is how much?
Let me start by saying there is absolutely no publicly available GREAT data (yet) showing how much faster an AI-enabled password guessing/cracking tool can be at cracking today’s normal-sized and complexity passwords (i.e., 12 characters with some complexity). The best data we have is a few older research studies using AI-enabled password hash cracking tools against smaller passwords (8 characters or so).
One used the AI-enabled password cracking tool, PassGAN (https://github.com/d4ichi/ PassGAN), in 2017. According to researchers, PassGAN was able to find 51%-73% more passwords than the most popular, non-AI password hash cracking tool (i.e., hashcat) alone. PassGAN’s results were much criticized at the time (including by me) for a few reasons, including that the testing was too limited and mostly tested for short passwords. Those criticisms remain.
But other later research in 2025 involving using another AI-enabled password hash cracking tool, PassLLM, came up with more nuisance password guessing improvements from a few percent to up to a third better, depending on the scenario.
So, we have at least two AI-enabled password hash cracking tests, and both point to faster password hash cracking on older, but real-world passwords. What they did not show or reveal was how much faster AI-enabled tools were able to crack existing password hashes over regular password cracking tools. They instead showed how many additional passwords they were able to crack in a given time period compared to the non-AI password-cracking tool. That is slightly different.
But I looked at all the available data in both papers, and best as I could tell (as a non-expert) is that the AI-enabled password cracking tool seemed to perform at a rate equivalent to reducing password strength by two to five characters. So, if I previously recommended 20-character or longer passwords for human-generated (or non-random) passwords, my new password policy recommendation would be for 25-character or longer passwords (or passphrases).
Yes, that is so, so long. I agree. Use MFA or a password manager instead with truly random passwords 25-characters or longer.
AI cannot help with any truly random task. If it does not have a pattern, AI cannot help. Thus, AI cannot help guess or crack truly random passwords or hashes.
But quantum can.
How Does Quantum Impact Password Guessing/Cracking?
Quantum is not necessarily better at cracking passwords with patterns, but it is at guessing/cracking truly random passwords. That is because one of the two biggest quantum algorithms known today, Grover’s algorithm (the other is Shor’s algorithm), is good at solving random-type problems. The official way they say it is that Grover’s is good at solving “unstructured, unordered, blackbox” problems. That is the official way of saying truly random solutions.
Grover’s algorithm gives a quadratic speed-up in solving random problems, like trying to crack or guess truly random passwords (or symmetric keys or hashes). Grover’s algorithm, paired with sufficiently-capable quantum computers, requires that symmetric encryption keys be twice as long to provide the same level of protection as they did before sufficiently-capable quantum computers were used. Logically, the same can be said of truly random passwords or hashes.
If it used to take 12-character or longer truly random passwords to be secure, now you need 25-character truly random passwords.
The big caveat is that in order for Grover’s algorithm to do its thing, we need “sufficiently-capable” quantum computers, which we do not have yet. Sufficiently-capable means quantum computers capable of solving the hard problems we are putting them against, which in this case, means truly random passwords. In order for Grover’s algorithm to start cracking today’s truly random passwords, a quantum computer probably needs about 8000-9000 stable, entangled qubits. We are not there yet (that we publicly know of), but we are likely to be there in the next few years. IONQ, one quantum computer vendor, says it will have 8,000 stable entangled qubits by 2029 and 800,000 stable entangled qubits by 2030. So, sufficiently-capable quantum computers are likely around the corner.
What Your New Password Policy Should Be
My new password policy, considering the impact of AI and quantum, is graphically represented below:
So, in conclusion, the introduction of AI and quantum have somewhat removed the distinction between truly random and non-random passwords. I used to say 12 characters or longer for truly random passwords and 20 characters for non-random passwords. Now, it is 24 characters or longer for truly random passwords and 25 characters or longer for non-random passwords. That is essentially the same. Let’s just say 25 characters or longer no matter whether your password is truly random or not.
If you want to get picky, you do not need truly random passwords to be longer than 12 characters until sufficiently-capable quantum computers get here. So, you may have one to three years until that requirement. But since we do not know when sufficiently-capable quantum computers will get here (they could already be here), why not just start using 25-character (or longer) passwords, whether they are truly random or not.
Of course, a big caveat in all of this are systems that are capable of accepting 25-character or longer passwords. Most websites and services I am aware of do not. So, we need to start pestering our site and service vendors to start allowing longer passwords. The AI era is here. The quantum-era is either here or nearly here. It is time to start acting like it.
And do not get me started about how quantum AI will impact things, although I do have a complete chapter devoted to that subject in my new book.
Here's how it works:
