February 18, 2026

Here is an excerpt from a longer article that is truly worth your read as we continue to try and understand the impact of AI and quantum computing on on digital lives ... especially our security ...

The introduction of AI and quantum have somewhat removed the distinction between truly random and non-random passwords. I used to say 12 characters or longer for truly random passwords and 20 characters for non-random passwords. Now, it is 24 characters or longer for truly random passwords and 25 characters or longer for non-random passwords. That is essentially the same. Let’s just say 25 characters or longer no matter whether your password is truly random or not.

If you want to get picky, you do not need truly random passwords to be longer than 12 characters until sufficiently-capable quantum computers get here. So, you may have one to three years until that requirement. But since we do not know when sufficiently-capable quantum computers will get here (they could already be here), why not just start using 25-character (or longer) passwords, whether they are truly random or not.

Of course, a big caveat in all of this are systems that are capable of accepting 25-character or longer passwords. Most websites and services I am aware of do not. So, we need to start pestering our site and service vendors to start allowing longer passwords. The AI era is here. The quantum-era is either here or nearly here. It is time to start acting like it.

And do not get me started about how quantum AI will impact things, although I do have a complete chapter devoted to that subject in my new book.

Read the entire article here ... you really need to understand and prepare.