Recent studies by the National Institute of Standards and Technology (https://www.nist.gov/) have password length be the primary factor in characterizing password strength. Short passwords yield to brute force (guessing) attacks as well as dictionary attacks that use banks of known words and commonly used phrases as chosen passwords (NIST, 2017). So, what is a good minimum length to use? NIST recommends a minimum length of 8 characters but also states Users should be encouraged to make their passwords as lengthy as they want, within reason (NIST, 2017). The key to users getting the most from a password length without the burden of complexity requirements is for them to create a memorable password.