Passphrase instead of password

A recent study reported that 90% of all passwords are vulnerable to being hacked in just seconds. Moreover, it was stated that the 10000 most common passwords dictionary may easily allow access to 98% of all secured accounts (Video). That means that we are prone to being attacked.
Image 1. Source: PCMag

Just a fast glance at the dictionary and I could find some common patterns in the "random" passwords listed. The use of worldwide famous brands. The alfa-numerical combinations always have the numbers at the end. The numbers are always used in a given order; ascendant, descendant or a given relation, e.g. progression. The capital letters are used as the first character.

Image 1. Source hackmyass.wordpress.com

The main problem is that we are quite lazy for typing and thinking. Long passwords are not only difficult to write, but also difficult to remember. Typing any random combination of characters is also difficult to remember. The main question is how to get a password that is strong, easy to use and easy to remember.

Some days ago PCMag published an article about using passphrases. The main advantage is that they are larger; thus, more difficult to hack. The magazine also published a so called S.M.A.R.T. approach for creating passwords. As we will see, most of the advantages of this suggestion are implicitly accomplished when using passphrase.

Strong
Strong, which is simply to use many characters. With a simple phrase we can easily exceed 20 characters in an easy way to remember them. If we just type random characters, for sure it will be easy to forget them.

Multicharacter
As already stated, when trying to use multi-character in a single password, we simply put the capital and the numeric characters either at the end or at the end. When using passphrase, we can easily  use a special character to sepparate words. Most password systems don't allow the space character. Thus, one typically  way to separate the words is to capitalize the first letter of a word. Other alternative could be to intercalate a full capital word with a full minuscules word. Other suggestion could be to separate the words with a capital, a number or a special character, e.g. a dash.

Avoid association
Most people usually uses passwords related to their pets name or car o birthday or some other "personal" information. I underlined the word personal, since the social media changed the meaning of personal information. Now it is very easy for a hacker to find some personal information just by some internet surfing. However, if we do not  use something personal, we may easily forget what was the phrase.


Random
This random is not about random characters, but for using different passwords for different accounts. If we use one master password for everything, there is the risk that if such password is hacked then all our accounts are accessible.
The only advise, would be to follow a rule of thumb of one passwords for some 5 sites. However, also the use of passphrases would solve this issue. One paragraph could easily provide several passphrases.

Tool
This suggestion is about using a password management tool (PMT). PMT is a software that organizes passwords within a database. The main difference from normal databases, is that PMT encrypts the data.
Personally, I still have doubts about such tools, since the database is as accessible as any other file. Nevertheless, I admit that such software force us to.

Suggestions
To summarize, it is important to realize that with the internet web all computers are linked in a single network. We have access to communication and data, but at the same time it shares our information whether we want it or not. Besides, we are prone to receive virus or other unwanted data-files. Some unwanted files not only steal our information, but also damage our computer.

Some basic suggestion not only to protect our files and our equipment, but for surfing the internet:
Use a passphrase instead of password. One phrase from a text or a favorite quotation. That would easily provide us a passwords long, random and multicharacter password
Be careful with the information that we publish online. Let's realize that when we publish something online, we share it with the whole world

References and Further Reading:

No comments: