Mar 2, 2011 15:31 GMT  ·  By

Google has announced a change in policy for App accounts requiring new passwords to have a minimum of eight characters. The new policy should improve account security for new users and those that opt to change their passwords, though the increase from six to eight characters only provides better protection in a small number of attack scenarios.

Eight character passwords should be tougher to crack using brute force, but attackers usually prefer other methods anyway. The longer passwords could mean that users may choose stronger ones as well.

"As part of our continuous efforts to help our users protect their information, we recently launched 2-step verification for all Google accounts. Starting March 14, we will also increase the minimum password length requirement for Google Apps accounts from 6 characters to 8," Claudio Cherubino from Google Apps APIs Team wrote.

"This new policy aligns Google Apps accounts with consumer accounts that already require passwords to be at least 8 characters long," he added.

The change does not affect current users which can continue to use their existing passwords. However, new users will no longer be able to provide passwords shorter than 8 characters.

Administrators don't have a choice either, when resetting passwords for existing accounts or creating new ones they will have to provider a longer one.

The change also affects API calls. Trying to create a new password shorter than 8 characters via the API will result in a InvalidPassword error message.

The change should add an extra bit of security, but it's not the necessarily length of passwords that make them easier to crack or deter most attacks.

Still, along with other options, like the two-step verification process, it should make Google Apps accounts safer. Considering that many companies now entrust their internal infrastructure to the cloud, security should be a top priority.