The debate about building the strongest password has been going on for decades now. Is it better to use gibberish with numbers and symbols, or uncommon words? Should we use transformed words, more than one word, strings of words? How easy is it for hackers to crack each method?
This has eventually boiled down to a few essential rules of codes, cracking them, and human-realistic security:
- Longer codes are harder to crack
- Whole common words are easy to crack
- Randomness is harder to crack
- Predictable patterns are easy to crack
- Humans are predictable and forget randomization
PASSPHRASES vs PASSWORDS: The differences
A password and a passphrase are both pass-codes, a string of characters used to secure your accounts. They both are probably made of words and mixed up with letters and characters. The difference is how they are built. A password is one word, maybe two, that is intended to confuse and misdirect hackers attempting to access your digital resources. A passphrase is an entire phrase, sentence, or statement made of four to ten words.
A password must focus all of its complexity into exchanging letters for numbers and characters. A passphrase bridges the gap between human-memorability and sufficient complexity to foil hackers.
Why Passwords Don’t Provide Optimal Security
When it comes down to it, passwords didn’t quite work. Originally, when a password was your favorite flower or your childhood pet’s name, people could use and remember them. But even before computers, hackers started intuiting these personal pass-codes. So the passwords had to become impersonal. But any plain dictionary word can be eventually deduced by a dictionary-cracking program that tries all known words and names.
So we mixed in numbers and letters. This should add an element of unpredictability, but people are predictable. We use 4 for A and h and “for”. We use 7 for T and I and L. We use @ for “at” and $ for S and hackers can figure that out.
So the passwords got longer and more randomized. The problem now? No one can remember their own passwords. By trying to outsmart the hacking algorithms, we have made these once-simple pass-codes no longer human-readable. Or memorable.
We forget. We default. Passwords become unsafe again.
The Double-Effectiveness of Passphrases
So why are we transitioning to passphrases? What is the difference that makes them more secure and/or more usable by humans who need pass-codes? The answer is a double-hitter. First, passphrases are long. Remember: the more characters the better. Second: We can remember phrases, even phrases with unusual letters, better than we can remember one or two garbled words.
Passphrases are Easy to Remember
In fact, the most important thing about passphrases is that we can remember them. It’s tough to find a solution that meets security requirements while, at the same time, allows users to easily remember their pass-codes and use a variety for their many accounts. Passphrases, used correctly, can make that possible. Think about it. Remembering a one-word password is so much harder than remembering a phrase. We remember phrases without meaning to.
When someone says “The early bird” you think “…catches the worm”. This also works for inside jokes and personal mottos that hackers won’t be familiar with. You’ll remember, but hackers will be looking at a long passphrase with no clues.
Passphrases Create Long Complex Pass-Codes
Second, passphrases are actually more cyber secure than the most complex password. A password is about 8-12 characters, often mixed heavily with alternate characters. But these passwords are common words and the substitutions are predictable.
A passphrase usually has 20 characters or more. Using common words, each new word requires an additional dictionary hack. Using uncommon words and clever substitutions, the phrase can become infinitely more complex for a hacker to crack. It goes from taking days to taking thousands of years to programmatically take apart a phrase.
How to Create a Strong and Memorable Passphrase
So how do you create a secure passphrase? Let’s talk about layers of complexity. Choosing multiple small words creates greater complexity. Choosing words that are not in the top-1000 also helps, as these are less likely to be auto-cracked. Numbers and symbols are still valuable, and the more you can mix those up, the better. Longer passphrases are beneficial, but not so long that it doesn’t fit or you forget the details. Instead, make it memorable, something you could never forget.
Here’s how to write yourself entertaining, memorable, and secure passphrases for every occasion.
Veer Away from Common Phrases
Our first piece of advice is not to use common phrases. Just like the top most-used words, phrases like “how much wood….” and “peter piper picked…” or our previous example “the early bird…” can be guessed by hackers playing their own game of Wheel of Fortune.
However, you can mix up old phrases by getting creative. “The early bird gets fresh coffee” for example, would be a great choice if it were not in this tutorial.
Write a Joke
The best tip is to make your phrase funny. Choose a set of words that make you smile, laugh, remember something or smirk every time. We remember comedy far better than simple procedure.
We’ve known professionals who gripe about passwords with every passphrase. ex: “bite my thumb at making this pass” becomes “[email protected]!ng7!sPa$$”, a formidable passphrase to be sure.
Or friends who base their passwords on cute animal antics. ex: “my pet lizard hates yodeling” becomes “myP3tL!zardH8sY0deling”
If it’s funny, you’ll remember it. You’ll want to remember. You’ll laugh at the joke every time you type in your pass-code. And it’s a joke hackers won’t be in on.
Use Unusual Words
Once you choose a phrase, challenge yourself to use words that aren’t often used in conversation. Crack the thesaurus or try out your favorite lesser-used words. Look into the past for funny alternate ways to say things. Use “crimson” instead of “red”. Use “outrageous” instead of “crazy”. Use “insolent” instead of “sulky.” Have fun with the language and use words that you’ll remember, but a hacker’s dictionary program isn’t likely to guess.
Avoid The Most-Commons
At the same time, you may not be aware of the patterns most people fall into so you can avoid them. Check out the most common passwords so you don’t accidentally fall into these predictable traps. Yes, “princess,” “dragon,” “football,” and “hottie” are all in the top 20.
Mix In Capitals, Letters, and Symbols
Mix it up. Find places and ways to add the usual capital letters, numbers, and symbols into your phrase. It’s okay to be a little predictable because the phrase is longer, so it’s hard to guess where you’ll put them in. We advise looking for one place to use a symbol or number instead of a whole word. 2, 4, @, and & all have their natural places in a simple phrase. Use $ for “money” and * for “start” to mix it up further.
Use Your Own Twist on Substitution
Then get creative. Try a few substitutions that only make sense to you. Capitalize the word or number-swap the letter that gets emphasis when you say the phrase in your head. If you’ve always seen “^” as an upside-down “v” or instead of the word “carrot,” use it that way. Try to break the usual pattern in ways that only your brain will understand.
Type It a Few Dozen Times
Finally, practice. Once you’ve perfected your passphrase, type it out. Open a simple text program (not online) and type your phrase a few dozen times. Let your fingers get used to it. If there’s a change that your hands would prefer, let that happen naturally before setting your passphrase in stone. Do not save this file. Delete without saving and never save your password in a password manager, as these can be hacked.
The Shred Cube is a Permanent Solution for Deleting Files
Old password manager files are dangerous, as is any digital paperwork that may hold your passwords. It’s important that when you delete a file that it stays deleted to ensure your online security. That is what the Shred Cube is here to provide. For more cybersecurity insights or to explore software for 100% file deletion, contact us today!