Forget passwords, use passphrases!

By Chris Lord|17th December 2018

Passwords, Password Tips, Password Security

Our support team people are regularly trying to encourage people to strengthen their passwords. Why? Because the chances of you becoming a victim of a cybercrime are significantly reduced when the whole organisation is protected by strong passwords.  I’m sure we sound like a broken record.

DCS now recommend that in order make sure your password is suitably secure, it needs to be a minimum of 12 characters long and must contain 4 characters sets (uppercase, lowercase, numbers, symbols).

What we have seen happening is that people have taken our advice and have created passwords such as:-

b^$c4m1T%g”cH%a)

OR

T3ch40logy$!£^£&$£

Well, straight away there are 4 problems here. First of all, who on earth can remember such a password! Two, if you can’t remember it, you’re going to write it down somewhere. Three, it takes an age to type in. And four, if you’re anything like me, you’ll make a typo every time you try to type it in. In short, it is no use to anyone!

OK, so let’s make it simple and use a password such as:-

Technology12345!

OR

Catherine*1965

So here, at the other end of the spectrum, we have a password that still satisfies all the requirements. It is easy to remember, easy to type, but it really isn’t that hard to crack using today’s readily available tools, or even for a colleague to work out.

So what now? Remove the word password from your vocabulary, and replace it with the word passphrase. Here are some examples:-

DieHard1isaChristmasFilm!

10Greenbottleshangingonawall!

Holidaysarecoming:0)

Now we have the best of all worlds. Easy to remember, easy to type, exceeds the minimum password length requirement, and the risk of the password being revealed by a brute force or dictionary attack is suddenly greatly reduced.