A common mistake people make when setting passwords is using simple words, names, or their personal information. This behavior makes it easy for cybercriminals to infiltrate people’s accounts.
This is why the National Institute of Standards and Technology is discouraging the use of such passwords. Instead, they recommend the use of passphrases.
What are passphrases?
Passphrases are a type of password that use random dictionary words. These terms can be separated by spaces (e.g., “thank speak bobcat entourage”), combined into one string (e.g., “correcthorsebatterystaple”), or mixed in with numbers (e.g., “laureate67coates2resounds82beehive”).
Are passphrases secure?
Yes and no. Since passphrases typically contain unrelated terms, they are harder for cybercriminals to crack while still easy for the user to remember. For example, it will take hackers 973,961,620 centuries to crack “dwarf haziness gear maverick” compared to 122 milliseconds with a password like “picture1.”
This isn’t always the case, however. If a passphrase contains something familiar, like song lyrics, or a popular quote from a movie or book, it might not be secure enough. This is because such passphrases lack entropy, or degree of randomness.
Even if a user creates their own passphrase, it will still be far from random. According to a research paper, this is because users are influenced by the probability of a phrase occurring in natural language. This means that the brain tends to continue using common idioms and grammar rules that reduce randomness.
It will take hackers 973,961,620 centuries to crack “dwarf haziness gear maverick” compared to 122 milliseconds with a password like “picture1.”
What are some passphrase best practices?
When used correctly, passphrases are significantly more difficult to crack. Here are some good habits that anyone can follow:
1. Lengthen and randomize your passphrases
Your passphrase should be composed of four to five random words. You can add more words if you prefer, but make sure that the resulting passphrase is still easy to remember. Use online passphrase generators if you have trouble making one yourself.
2. Use unique passphrases for all of your accounts
It can be tempting to use only one passphrase for all of your online accounts. However, doing so makes it easier for cybercriminals to infiltrate them. Create unique passphrases for each account and make sure they are completely unrelated to the others.
3. Use password managers
Password managers like LastPass, Dashlane, and 1Password generate and store your passphrases in an encrypted vault that can only be accessed using a secure master password. These apps will also log you in automatically to websites and applications, eliminating the need to remember your passphrases.
4. Implement multifactor authentication (MFA)
Passphrases can only do so much to protect your online accounts. MFA fortifies your security by using two or more factors to verify your identity when logging in to your account. These factors are unique to you and can be:
- Something you have, such as a one-time passcode or a physical security key
- Something you know, like a password, PIN code, or answers to security questions
- Something you are, like a retinal, facial, or fingerprint scan
Even if a hacker manages to get a hold of your unique passphrase, they won’t be able to access the account without fulfilling the subsequent MFA requirements.
Want to know what else you can do to keep your business secure? Complete Document Solutions can help. We will assess your business’s current IT situation, customize a plan, and select the right solutions that can keep your business safe from cyberattacks. If your business is in California, request a FREE network and IT assessment today.