Passphrases, Not Passwords

 

Did you know that the average person's password is fairly easy to guess?  Most people use their name or something personal about them in their passwords, so hackers use dictionaries of common English names, numbers and words to hack passwords.  In fact, you can see the list of the top 10,000 passwords here.  (Hopefully you're isn't on the list!)  But perhaps what's even more startling is that current software has been successfully used to crack passwords that are 55 characters long!

But you don't need to be one of those average people...  Instead, think about replacing your out of date passwords with strong passphrases.  What's that?  What's a passphrase and how do I pick one?  We're glad you asked. 

These 5 tips will help you out:

1. Choose a phrase that's at least five words long. You might start with your favorite book, song, movie or a quote. Longer passwords are harder to guess than shorter ones, so you could use the entire phrase as your password.  We still recommend doing Step 2.  If the application won't allow such long passwords, then you could use the first letters of each word as your password. For example, the first letters of the book title "The Cat in the Hat" are: tcith. This step protects you from a dictionary attack, in which someone tries to crack your phrase using known words (and proper names).
2. Alter some of it. The hardest to guess passwords\passphrases are "complex", which means they use a mix of numbers, symbols and upper and lower case letters.  Take your passphrase from Step 1 and replace some lowercase letters with capital letters, numbers or symbols. For example: Tc!tH capitalizes the first and last letter and replaces the "i" with an exclamation point. (You could replace an "a" with the "@" symbol too.) Make it simple; don't write your system down.
3. Customize the password for each use. Add a character or three to the core password to ensure that every pass phrase is at least seven characters long and includes a number. Generate an extra letter and number based on the name of the program you're accessing. For example: g6Tc!tH could be a password for a Google Gmail account, adding an "o" for the last letter of Google, and a 6, for the number of letters in Google.
4. Write down your hint. Now you can write down a mnemonic device that will jog your memory without being obvious to anyone else. Hide this piece of paper or keep it in your wallet. For example, you could write down "basic: cat" to recall the Dr. Seuss title.
5. Establish different levels of passwords. Use different core phrases to develop passwords for online banking, for accounts that use your credit card and for those that don't involve financial information.
6. Change your passwords often.  If you can't change your password every 90 days, use daylight-saving time as the reminder to change your passwords.  If you don't change them and someone is able to get them, this will stop them from using your accounts for a long period of time.

Want to test how long it would take a hacker to crack your password?  You can test a password over at HowSecureIsMyPassword.net.  But don't put in your actual passwords!!!