What should be the minimum password length according to best practices?

• A. Six characters
• B. Eight characters
• C. Ten characters
• D. Fifteen characters

Answer: (B)

The recommended minimum password length according to best practices is eight characters. This guideline is based on the understanding that longer passwords significantly enhance security by increasing the number of possible combinations, making them more resistant to brute force attacks. An eight-character password, especially when combined with complexity requirements (such as including uppercase letters, lowercase letters, numbers, and special characters), provides a reasonable balance between security and usability.

While shorter passwords may be easier to remember, they pose a higher risk of being compromised due to more straightforward guessing and brute force methods. Although longer passwords, such as ten or fifteen characters, can provide even better security, the consensus in many security frameworks, including those recommended by organizations like NIST (National Institute of Standards and Technology), is that eight characters is the minimum necessary to adequately mitigate risk without overwhelming users.