Welcome to the first in what we hope to make a weekly series of CyberSecurity tips. This week’s topic is Passwords and Passphrases.
The condensed version is, “passwords are bad, passphrases are better”. This is a ‘b@dPas3Word!’. ‘This is a mediocre passphrase’. ‘Good Passphr@se th1s is’.
The longer version below is taken directly from https://www.passworddragon.com/password-vs-passphrase. In a nutshell, don’t use movie titles or famous quotes for passphrases. Random groupings of words are better. To craft the best passphrase, make sure they;
- contain at least 3 of the following: Number, Special Character, Uppercase letter, Lowercase letter
- are at least 9 characters or longer (the longer the better)
- include spaces
- are changed bi-annually
- do not recycle passwords and use unique passwords on each site
The debate between passwords versus passphrase is currently the trending buzz online nowadays. Just after all the password hacking and identity theft incidents have caught media attention, a lot of online users have now become aware of the ominous danger that is lurking in the scam-infested world of the internet.
Hence, the recommendation to use passphrases instead of passwords by IT experts just came at the right time to soothe everyone from the hangover of the password disaster phenomenon.
However, not everyone is techno savvy and there are some who are still confused as to the difference between a password and a passphrase, and why the latter is more reliable.
The difference between password and passphrase
Just to put everyone on the same page, a password as you know it is typically composed of not more than 10 letters or symbols, or a combination of both. It could be a string of random symbols such as “B@3!&O$$” or just a lousy word like “yourname”, or a combination of both such as “sh@tup!”.
On the other hand, a passphrase is longer than a password and contains spaces in between words such as this: “The road to success is always under construction!”.
A passphrase can also contain symbols, and does not have to be a proper sentence or grammatically correct. The main difference of the two is that passwords do not have spaces while passphrases have spaces and are longer than any random string of letters.
So why is passphrase better than passwords?
- Passphrases are easier to remember than a random of symbols and letters combined together. It would be easier to remember a phrase from your favorite song or your favorite quotation than to remember a short but complicated password.
- Passwords are relatively easy to guess or crack by both human and robots. The online criminals have also leveled up and developed state of the art hacking tools that are designed to crack even the most complicated password.
- Satisfies complex rules easily. The use of punctuation, upper and lower cases in Passphrases also meets the complexity requirements for passwords.
- Major OS and applications supports passphrase. All major OS including Windows, Linux and Mac allow pass-phrases of up to 127 characters long. Hence, you can opt for longer passphrases for maximum security.
- Passphrases are next to impossible to crack because most of the highly-efficient password cracking tools breaks down at around 10 characters. Hence, even the most advanced cracking tool won’t be able to guess, brute-force or pre-compute these passphrases.
Using a passphrase instead of a password will ultimately give you some peace of mind when going about your business online. Just ensure that the phrase you will be choosing is also easy to remember but preferably not a common or popular quote or song that can be easily guessed by someone who knows you.
It should also be at least more than 14 characters long as well to ensure its maximum security. With this new strategy of using pass-phrases in all your important accounts and websites, you can now enjoy a fully-secured online experience.