Passphrase or Password, What's Better?
The convenience of technology comes with some useability tradeoffs, namely having to use passwords for everything! Passwords have become ubiquitous with using tech these days, then add two factor authentication and you have a recipe for frustration. To help manage all these passwords, you can use a password manager to track all your passwords associated to a certain website. Or you can use a passphrase.
Password:
A password is a string of characters that can include a combination of letters (upper and lower case), numbers, and special characters. Passwords are widely used in various applications, from accessing your email account to logging into your bank account online. A strong password is crucial to protect your data and personal information.
With so many passwords, you may be tempted to reuse a simple password like, “password123”. Doing that goes against everything we are told about good password hygiene (never reuse the same password, use complex passwords with upper/lower case letter, use numbers and symbols, and for Pete’s sake, make sure it’s at least 7 characters!).
Passphrase:
Passphrases are a sequence of words or text that is longer than a typical password. It can include spaces and is often a sentence or a phrase that is easy to remember but hard for others to guess. Passphrases would be similar to this: “The quick brown fox jumps over the lazy dog”. Passphrases are considered to be more secure than passwords because their length makes them harder to crack.
Let’s dig in and compare the two to see what works best for you:
Complexity:
– Password:
Generally, passwords are shorter and can include a mix of letters, numbers, and special characters. However, increased cyber attacks has led to the recommendation of creating more complex passwords, which, as we all know, can be hard to remember.
– Passphrase:
Passphrases are typically longer and can be easier to remember since many times they are a memorable sentence or phrase.
Security:
– Password:
Shorter passwords are easier to crack using brute force attacks (where an attacker tries all possible combinations of characters until they find the combination that matches your password). Therefore, security experts recommend creating a password with at least 12-16 characters. Doing this increases the number of possible combinations and makes it harder to crack.
– Passphrase:
Due to their length, passphrases are inherently more secure against brute force attacks. Even a passphrase with common words is hard to crack due to the sheer number of possible combinations of words.
Usability:
– Password:
Passwords can be hard to remember, especially if they are complex and if a user has multiple passwords for different accounts. This often leads us to write down our passwords or use the same password for multiple accounts, which, as we all know, is a security risk.
– Passphrase:
Since passphrases are typically a sentence or a phrase that is meaningful to the user, it makes it easier to remember. This helps to reduce the need to write passwords down or reuse them for multiple accounts.
While both passwords and passphrases have their pros and cons, passphrases are generally considered to be more secure due to their length and resistance to brute force attacks.
Knowing this, it is essential to choose a method that is suitable for the application and the user. For example, a passphrase may be more appropriate for securing sensitive information, while a password may be sufficient for less critical applications. Ultimately, the key to securing your data is to choose a strong, unique authentication method, this could be passwords or passphrases. Regardless, they need to be changed regularly.
What are the Guidelines for Creating a Secure Password or Passphrase?
The following guidelines will enhance your security posture when creating passwords or passphrases:
– Avoid Common Words or Phrases
– Password: Never use easily guessable words such as “password123” or “admin”. Avoid using easily accessible personal information, like birthdays or anniversaries.
– Passphrase: Avoid common sayings or phrases. Instead, opt for a unique combination of words that only you would understand or a phase that only you’d recognize.
– Incorporate a Mix of Characters
– Password: Use a combination of uppercase and lowercase letters, numbers, and special characters to enhance password strength. The longer the better.
– Passphrase: Although the length already adds to its security, consider incorporating numbers or special characters embedded in words for added complexity.
– Regularly Update Your Passwords/Passphrases
Both passwords and passphrases should be updated regularly, especially if there’s any indication of a security breach or if you’ve shared access with someone. Some password manager apps will let you know if the password has been found on the dark web.
– Avoid Using the Same Password/Passphrase Across Multiple Platforms
By reusing passwords or passphrases across multiple sites, it increases the risk of unauthorized access to your accounts. Consider this: if one of your accounts is compromised, all of your other accounts with the same password or passphrase have been as well.
– Adopt Two-Factor Authentication (2FA) Globally
Whenever its possible, enable 2FA for an additional layer of security. By now, most of us know the process of using a code sent to us in a text or email, as an additional authentication. Since this is a built-in feature, we have implemented 2FA on many of our client’s O365 email systems.
– Use Password Managers
It’s extremely hard to remember and manage every single password needed to run our lives. Password managers can store and encrypt your passwords, offering you both convenience and enhanced security. There are a good number of password managers (PMs) that offer free versions. Most of PMs integrate into web browsers and offer a mobile version as well. We have used a number of PMs and we like Bitwarden. We used to standardize on LastPass, however, due to so many cyberattacks on their infrastructure, we no longer use LP because it seems that they have become a constant target for cybercriminals.
– Test Your Password or Passphrase
There are reputable online tools and services that allow you to check the strength of your chosen password or passphrase. These can provide insights into its resilience against potential cyberattacks. Many password manager companies like Bitwarden, and NordPass offer these tools.
– Keep Up To Date
As cybersecurity threats evolve, so do best practices for countering those threats. Create a process or hire a team to regularly educate you and your team on the latest security recommendations. Treat the recommendations like requirements and be proactive in adapting and implementing them. We monitor dark web activity for our clients and inform them if any PII is found on the dark web that matches with our client’s information. In addition, we also provide on demand “phishing” email testing, where we mimic a phishing attack on our client. This is useful to determine who in your organization may need more training, when they interact with the test phishing email.
At the end of the day, secure authentication methods cannot be overstated. Applying these guidelines not only protects your personal and financial data but also contributes to a broader culture of cybersecurity awareness and responsibility. This is vital as more parts of our lives go digital. Remember, the strength of your password or passphrase is the cornerstone in your first line of defe
If you are in need of assistance with password management, reach out to us at info@technoirsolutions.com. We can help put together a password management strategy for your business.