What are Passphrase Passwords?
Whether you are accessing emails on your smartphone or documents on your work PC, you will typically be asked to prove who you are by providing credentials. Passwords can be hard to remember but then again, a password that lacks complexity can quickly become a weak gateway allowing an unauthorized person to read your emails and compromise your identity. To improve your security and reduce risk we recommend using a phrase or sentence, not one word, as your password.
What is brute force cracking?
The challenge we face in an evolving digital world is that there are developers out there creating sophisticated and effective methods to brute force passwords. This cyberattack method is basically the activity of systematically submitting millions of character combinations in an attempt to work out the key (or encryption algorithm) to decrypt and gain access into your system. There are, however, things you can do to strengthen the complexity of your password.
What makes ‘passphrases’ stronger than normal passwords is not only are they unique and easier to remember, but the longer and more complex the passphrase the better.
Let’s do a quick ‘What? Why? And Where?’:
What is a Passphrase? – Using a phrase or sentence, not one word, as your password.
A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Instead of using one word, you use a sentence to authenticate.
Passphrases are most effective when they are:
- Unique – not a famous phrase or lyric, and not re-used
- Longer – phrases are generally longer than words
- Complex – naturally occurring in a sentence with uppercase, symbols and punctuation
- Easy to remember – saves you being locked out
- Used with multi-factor authentication.
Why use a Passphrase? – Greater security & more convenience.
- Harder to crack against common password attacks
- Easier to remember than random characters
- Meets password requirements easily – upper and lower-case lettering, symbols and punctuation
Where do I use Passphrases? – For all fixed and mobile devices.
Passphrases will significantly increase security across all of your business’ devices.
The below comparison chart is a security breakdown of Passwords vs Passphrases, and how much it costs on the dark web to break through its security.
PASSWORD/ PASSPHRASE | TIME TO CRACK | EASY TO REMEMBER | COMMENTS | |
Brute Force Attack | Dictionary Attack | |||
password123 | Instantly Less than AU$0.01 | Instantly Less than AU$0.01 | Very Easy (too easy) | One of the most commonly used passwords on the planet. |
Spaghetti95! | 48 hours AU$587.50 | Less than half an hour AU$6.10 | Easy | Some complexity in the most common areas, and very short length. Easy to remember, but easy to crack |
5paghetti!95 | 24 hours AU$293.70 | Less than 1 hour AU$12.20 | Somewhat Easy | Not much more complexity than above with character substitution, and still short length. Easy to remember, but easy to crack. |
A&d8J+1! | 2.5 hours AU$30.60 | 2.5 hours AU$30.60 | Very Difficult | Mildly complex, but shorter than the above passwords. Hard to remember, easy to crack (against BFA). |
I don’t like pineapple on my pizza! | More than 1 Year More than AU$107,222.40 | More than 40 days More than AU$11,750.40 | Easy | Excellent character length (35 characters). Complexity is naturally high given the apostrophe, exclamation mark and use of spaces. Very easy to remember, and very difficult to crack. |
Tips for using PassPhrases more securely
- Use a different passphrase for different accounts.
- Never share the method on how you create your passphrases with anyone.
- Only log into workstations and devices that you can trust. Avoid using public computers to log into your accounts.
- Multi-factor authentication is much more secure that passphrases, and adds a second layer of security.
- Just remember mobile device PINs are no different to a password. The longer the password the better, and if possible, change to using passphrases or biometrics instead.