Passwords and Passphrases, again

The Tip

In this issue, I’d like to revisit our first Cybersecurity post from November of 2017, “Passwords vs Passphrases”. It is as important and relevant today as it was then.

The Detail

I won’t repeat the entire first post here. The condensed version is “passwords are bad, passphrases are better”. An un-credited quote on the topic of passwords is that “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess”.

So why is a passphrase better than a password?

• Passphrases are easier to remember than a random string of symbols and letters combined together. It would be easier to remember a phrase from your favorite song or your favorite quotation than to remember a short but complicated password.
• Passwords are relatively easy to guess or crack by both human and robots. The online criminals have also leveled up and developed state of the art hacking tools that are designed to crack even the most complicated passwords easily.
• Satisfies complex rules easily. The use of punctuation, upper and lower cases, in passphrases also meets the complexity requirements for passwords.
• Major OSs and applications supports passphrases. All major OSs including Windows, Linux and Mac allow passphrases of up to 127 characters long. Hence, you can opt for longer passphrases for maximum security.
• Passphrases are next to impossible to crack because most of the highly-efficient password cracking tools break down at around 10 characters. Hence, even the most advanced cracking tool won’t be able to guess, brute-force or pre-compute these passphrases.

See the original post here as well as a great infographic on why “correct horse battery staple” is MUCH better than “Tr0ub4dor&3”.

If you have more questions about these topics, please contact UTS, and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.