The worst passwords of 2012 were recently released, and in many instances an eight character password is the only line of defense to get access to your computer, programs, and any online resources you may use. The simplest method to be more protected is to use a secure form of a password called a complex password or a Passphrase. The easiest way to create a passphrase is to use a short sentence. These short sentences are easy to remember, but because sentences are longer, and have capital letters, spaces, punctuation, and sometimes even numbers, passphrases are stronger than passwords.
A quick example of a simple passphrase is “My daughter is in the 1st grade!”. It is 32 characters long and contains an upper case letter, a number, a special character, and most importantly it is easy to remember. Some systems may not like the spaces between the words, and some people may just prefer to leave them out, so the passphrase sentence could be adjusted to leave out the spaces and become “Mydaughterisinthe1stgrade!”. The downside of a passphrase is it requires more typing time, but I will trade that extra time to type a passphrase for the added security than use a weak common dictionary word for convenience.
I have been using passphrases for a while and I can remember almost all of my most often used passphrases, but occasionally I do need a little help to remember one. When I need help remembering a passphrase I use a password manager program called KeePass. I find KeePass invaluable for storing, managing, and looking up passphrases, and KeePass stores the password database in an encrypted format. KeePass can do the remembering for you, but the program is password protected, so you will at least have to remember one password to get access to all your others!
So what’s next when passphrases are as insecure as a password, and adding characters to passphrases gets to be unmanageable. Currently some sites are offering two-factor authentication and Google is one such site that offers two step authentication. Besides the basic layer of something you know, your password, Google adds a second layer of something you have, your cell phone, which is used to have a pin texted to you that needs to be entered along with the password to complete the login process.
Windows 8 has a Picture Password option and some apps are available for Android that can also provide picture passwords. A picture password eliminates the traditional password and allows you to successfully draw shapes or symbols on a background image to get access to the system.
Extra Passphrase Tips:
Change your passphrases every 6 months, and for more sensitive systems like online banking try to change the passphrase every 90 days. This is kind of a pain, but definitely worth the extra effort to be ultimately secure.
Don’t use the same passphrase for multiple systems or sites. Each system or site should have its own passphrase. If you are using the same passphrase for more than one site and if it was discovered you could be handing over access to multiple accounts!
More Resources:
To learn more about passphrases check out the Passphrase Wikipedia page.
If you ever wanted to check the strength of your passwords Microsoft has a password checker web page where you can type in your password and it will display if it is Weak, Medium, Strong, or Best. You should test the strength of your passwords and/or passphrases to see how secure they are, its fun!
To read about some different password manager programs besides KeePass check out this article.
Don’t make yourself an easy target for hackers and change your passwords to passphrases, or take avantage of sites or programs offering two factor authentication or picture passwords. Thanks for reading and please leave any questions or comments you might have about passphrases.