Is a Password or Passphrase More Secure?

A simple way to stay ahead of cyber threats is by creating and using strong passphrases to access your computer systems, programs or data.

The terms passwords and passphrases are often used interchangeably, but differ in their ability to secure your accounts.

A password is a single word or string of eight or more characters. Cyber adversaries have developed increasingly sophisticated ways to crack passwords and our collective efforts to make our passwords stronger often make them harder to remember. 

A passphrase is a sequence of real but unrelated words and is more secure than a password. The Australian Cyber Security Centre endorses the use of passphrases and suggests they are most effective when they are long, unpredictable and unique. An example of a passphrase could be: cricket-huricane-star-patron. The more nonsensical and unrelated the selected words are to one another, the better.

Iteam Consulting recommends using passphrases that are easy for humans to remember, and harder for machines to crack. 

According to the Electronic Frontier Foundation hackers have systems that are now fast enough to quickly guess passwords shorter than ten characters. Short passwords of any kind, even if totally random, for example: nQ\m=8*x or !s7e&nUY, may be too weak, especially for settings where an attacker is able to quickly try an unlimited number of guesses. 

You should create a unique passphrase for each purpose, especially for valuable accounts such as email or financial accounts. Reusing a passphrase makes each account that uses it more vulnerable. Should an adversary crack your passphrase, they often attempt to use it for every account associated with you, they may even change your passphrase to block you from accessing your accounts. A unique passphrase for every valuable account is the recommended way to mitigate this risk. 

To reduce the burden of having unique passphrases for every valuable account is to use modifiers for each one based on the service that it relates to. For example, ‘crystal onion clay pretzel facebook’ or ‘insta crystal onion clay pretzel’. Alternatively, a reputable password manager, such as 1password can aid with your secure password management. 

Our Principles for a Secure Passphrase:

  • the longer your passphrase, the better. 
  • a random mix of unrelated words will produce a stronger passphrase.
  • use a unique passphrase for every valuable account. 
  • use a password manager from a reputable vendor.
  • change your passphrases often, especially if you believe it has been compromised.

If you would like more advice on how to protect your business from cyber threats, let’s talk.

Comments are closed.