Home › Blog ›
How to Choose Password Length Based on Your Threat Model
Threat Modelling
🎯 How to Choose Password Length Based on Your Threat Model
By AY Tanoli, · 23 Apr 2026 · 3 min read · 0 words
When threat modelling your password security, length is the single most important factor. Each additional character exponentially increases the number of possible combinations. A modern threat model should account for offline cracking speeds exceeding 100 billion hashes per second on consumer GPU hardware, meaning anything under 12 characters is potentially crackable in days or hours.
For most threat models, a 16-character random password with mixed character sets provides ample security against offline attacks for the foreseeable future. NordPass makes generating such passwords effortless, simply set your desired length and character preferences, and the cryptographic generator creates a password with the full entropy you expect. Store the result in NordPass's encrypted vault and you never need to memorise it.
Why Your Threat Model Should Drive Password Length
There is no universal "correct" password length. The right number of characters depends entirely on who might attack you, what tools they have, and what they stand to gain. This is the essence of threat modeling: instead of defaulting to a one-size-fits-all rule, you match your defenses to the realistic adversaries you face. A throwaway forum login and the master password to your cryptocurrency wallet sit at opposite ends of this spectrum, and treating them identically wastes effort in one place and invites disaster in the other.
Password length matters more than almost any other factor because it has an exponential relationship with cracking difficulty. Each additional character multiplies the number of possible combinations an attacker must try. For a randomly generated password drawn from a 94-character set, every extra character multiplies the search space by 94. That exponential growth is what makes length your single most powerful lever against brute-force attacks.
Identifying Your Adversaries
Before choosing a length, name the threat. Different attackers operate at vastly different scales, and your password only needs to defeat the strongest one realistically interested in you.
Opportunistic credential stuffers reuse passwords leaked in unrelated breaches. Length barely helps here; uniqueness does. Even a short unique password defeats this attack.
Online brute-force attackers guess against a live login form. Rate limiting and lockouts cap them at a few thousand guesses, so 12 characters is overkill but comfortable.
Offline hash crackers have stolen a password database and run billions of guesses per second on GPUs. This is where length becomes critical.
Nation-state and well-funded adversaries command custom hardware and long time horizons. Defending against them requires maximum length plus other controls.
Matching Length to Risk Tiers
Once you know your adversary, you can assign a sensible length to each account category. The following tiers assume randomly generated passwords, not human-chosen ones, which carry far less entropy per character.
Low-stakes accounts (newsletters, trial signups): 12–14 characters. The data is not worth a determined offline attack, and uniqueness matters more than raw length.
Standard personal accounts (email, social media, shopping): 16–20 characters. Your email is a password-reset hub for everything else, so treat it as high value even if it feels ordinary.
Financial and sensitive accounts (banking, health records, password manager master password): 20–24 characters. These attract patient, well-resourced attackers, and a breach is catastrophic.
Cryptographic and high-value secrets (crypto wallets, PGP passphrases, root infrastructure): 24+ characters or a long passphrase. Here you defend against adversaries willing to spend years and serious money.
Entropy, Not Just Character Count
Length only translates into security when paired with genuine randomness. A 20-character password built from a memorable sentence may have less entropy than a 12-character string of truly random characters. Entropy is measured in bits, and each bit doubles the attacker's workload. As a rough benchmark, 80 bits resists offline attacks comfortably today, while 128 bits is considered safe against any foreseeable adversary, including future quantum-assisted searches of symmetric keyspaces.
This is why a hardware-backed random generator beats human creativity every time. People unconsciously favor patterns, dictionary words, and predictable substitutions that crackers model directly. A generator drawing from a cryptographically secure source gives you the full entropy that your chosen length promises.
Passphrases as a Practical Alternative
For secrets you must memorize, such as a password manager master key, length and memorability can coexist through passphrases. A string of five or six random words selected from a large wordlist can reach 70–80 bits of entropy while remaining typeable from memory. The trade-off is total character count: passphrases tend to be longer than equivalent random strings, but that length is exactly what protects you, and human memory handles words more reliably than symbols.
Putting It Into Practice
Audit your accounts and sort them into the tiers above. Reserve your longest, most carefully generated secrets for the accounts whose compromise would cascade into others, and let your password manager carry the burden of remembering everything else. By tying length to a deliberate threat model rather than habit, you spend your security budget where it actually changes outcomes, defeating every attacker realistically motivated to target you while avoiding needless friction on accounts that no serious adversary cares about.
We use cookies to improve your experience. Learn more
Start With Who You're Defending Against
Password length only makes sense once you know who might attack you. A jealous acquaintance guessing at a login screen is a completely different adversary than a criminal group that has stolen a password database and can test billions of guesses per second offline. Your threat model is simply an honest answer to the question: who wants in, and what tools do they have?
Match Length to Attacker Capability
Use these rough tiers as a starting point, assuming a random or passphrase-style secret rather than a predictable word:
Low-stakes online accounts (forums, newsletters): 12 characters is reasonable, because rate limiting stops most online guessing.
Personal email and financial logins: 16 characters, since these are high-value and frequently targeted by credential-stuffing.
Password manager master password: 20 or more characters, or a five-to-six word passphrase, because it protects everything else.
Encryption keys facing well-funded attackers: 24+ characters, where offline cracking with custom hardware is realistic.
Length Beats Complexity
Adding characters increases the search space far faster than swapping a letter for a symbol. A long, memorable passphrase like four unrelated words usually resists cracking better than a short string stuffed with punctuation, and you are more likely to remember it without writing it down or reusing it elsewhere.
Factor In Your Other Defenses
Threat modeling is holistic. If you enable two-factor authentication, a slightly shorter password carries less risk because a stolen password alone is not enough. If a site stores passwords poorly or has leaked before, lengthen yours and assume the worst.
Enable 2FA wherever it is offered.
Never reuse a password across accounts.
Let a password manager generate maximum-length secrets for sites you rarely type.