InfoSec Blog - Strong passwords and Passphrases

 

 

May 20, 2020

 

You have probably heard the phrases “change your password often” or “use strong passwords” from a colleague, a friend or a family member. You may have even been told to “use passphrases instead”. But why are these simple rules important to consider when you create or update a password?

Nowadays, most services, sites, and subscriptions require an account in order to be able to access them. But the more accounts you have the easier it is to fall into some of the common security bad habits. The number one reason for that is convenience. In our technologically driven world, security is often sacrificed in the name of convenience which can lead to serious consequences.

One of the first steps to consider when creating a new account or updating an existing one, is to never use a password that you have used somewhere else. The reason is simple - creating unique passwords and changing them often, prevents hackers from accessing your account on more than one platform. So even if one of your accounts is compromised, you only need to worry about that one account and not all the other places where you are using the same password. Many people for convenience reasons save their passwords in their browser, but what happens when that device is stolen or lost? In cases like this, the user would have to go back and change all their passwords because it would not be clear which ones may have been compromised.

A long and strong password consists of a combination of small and capital letters, numbers, special characters such as “!”, “#”, “$” and has length of more than 10 characters. Now what exactly is the benefit in using such a complex password? A long and strong password could help against brute-force attacks (definition according to wikipedia.org:  A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.) but the longer the password is, the harder the balance between its strength and the ability to remember it easily. Which is why using a passphrase can prove very helpful.

A passphrase is much longer than a typical password, and has the advantage of being much harder to predict or guess, and it should have special meaning to you which will make it easy to remember. The following are examples of a passphrase:

  • $1Redtreebluecarelvenmage
  • chamomile5 Capsule unvalued bicycle*moon radio
  • effort collision 1award Sublet voice vibes renewed!

 

A great tool that can prove helpful with using complex passwords is a password manager. These tools can help you create long random passwords (criteria can be set based on your needs) and it can also “remember” and organize all of your passwords. For more information on how to start using a password manager, please refer to our article:  InfoSec Blog - Getting Started with a Password Manager

 

Written by: Eirini Roumpa (Identity and Access Management Analyst, Information Security)
Image Source: Freepik