Your Password Needs To Be 25 Characters Or Longer Due To AI And Quantum Attacks
KnowBe4, Wednesday, February 18th, 2026
Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid password policy recommendations:
- If your password is truly random, then it should be 12+ characters or longer to fight password hash cracking attacks
- If your password is made up in your head or not truly random, it needs to be 20+ characters or longer to fight password guessing
I really think you need to use PHISHING-RESISTANT MFA to protect valuable data and systems, as primary authentication, followed by using password managers (which more easily create and use long, truly random passwords that are different for every site and service you use).