Passout....passgas....PASSPHRASE!
Michael Fullerton
2x Dad | SSCP | PCCSA/PCCET | Meraki CMNO | ITIL v4 | 4x Azure | Microsoft 365 & Dynamics 365 Fundamentals | 1x AWS | Cloud+/Sec+/Network+/A+/Mobility+/i-Net+ | CWTS | Healthcare IT+ | Systems Administrator | IT Manager
There once was a time [a wavy screen fading into the past, harps and everything], when passwords were whatever you wanted them to be. A simple word, a few numbers...or just 'blank'. Online security was a concept no one understood...or needed to understand. And rightfully so. Hardly anyone had used a credit card for an online purchase...yet. There were very few online 'accounts' that needed to be kept under wraps. Everyone's critical personal info was still safely in their wallets and filing cabinets.
Compromised PII? Pish-posh!
Zoom to today [woooooosh!], and we can't flatulate without that being divulged on some dark web hacker site. And why is that? It's because our passwords have become so easy to crack. Our dog's name and birthdate are simply not good enough to keep our secrets, secret. The bad guys have developed tools that aid them in breaking into accounts with ease; and with no prior knowledge about you. Old password lists are available for free across the internet. Password dictionary generators can come up with oodles of seemingly random words that many people use as passwords. A 'Brute-force' attack (often called a 'Dictionary Attack'), is where an intruder inputs a list of words into a small utility program, and that program attempts to access a target system by using all the words in that list for the password. This list could contain millions and millions of words that can be applied in huge batches, against many, many systems; one after the other. The malicious programs know that a 'zero' is often used in place of an 'o'. That an '@' and an 'a' are synonymous. And it can run through these variations with ease and at incredible speeds. That's why you've seen the increase in minimum characters needed for acceptable passwords for banks and other financial institutions go up nearly every year or so. That's because for every character added to the length of a password, the number of possible combinations goes up exponentially, and therefore, increases the time it takes to crack it.
But there's something you can do that can help buy even more time so that hackers will have a much harder time of breaking in. Yes, a combination of upper and lower case, numbers, special characters, and a blood sample 'will' be much harder to crack. But seriously...who can remember 6*jp0SV2m as their bank password, along with 38 other different variations for every other account? They tell you to commit it to memory. Yeah, right! Unless you have a photographic memory, you would need to write them down. This defeats the purpose of having a secure password in the first place! Although, you may wish to purchase one of these (see my past article on THIS lovely product).
You can use a 'passphrase' instead. A series of words that may, or may not make sense, but when strung together, can be easy to remember, but difficult to crack by the very nature of the increased character count for the phrase itself. In this case, size DOES matter.
Take, for instance, the use of Pa55w0rd! as your password. According to howsecureismypassword.net, that password would take about 3 weeks to crack. Considering the improvements to computers, and their increased speed and computational power, that timeframe will only shorten over time. And this particular password is somewhat popular, so the time to crack is likely a LOT shorter.
But if you used something like ilovebeansprouts, now we're talking 34,000 years. Not bad. Toss in an uppercase letter, like Ilovebeansprouts and now the time has grown to 2 billion years. Wow! Do you like using spaces? i love bean sprouts will take 20 trillion (with a 'T') years because most systems recognize a 'space' as something, and adds it to the total password. Change one 'o' to a 'zero' and bring a lunch, because it'll take about 9 hundred trillion years!!! It becomes a lot easier to remember than 7#Tf4.08nAlyH!4. That one keeps the bad guys away for a mere 4 hundred billion years. By the way, I do 'not' love bean sprouts.
Although, this reminds me that I now have to change my password on a few of my accounts because I'm just not comfortable with less than a 3 week buffer.
领英推荐
...
Perhaps I've said too much.
Anyhow, the idea is that with a little bit of ingenuity, you can ease your mind by changing your thought process when creating passwords. The more characters you use, the longer it takes to crack it. A 'phrase' is easier to remember, longer overall, and therefore, more complex and harder to crack. I have yet to see a system implement a 'maximum' password length, so I'll gamble that most will allow it.
Naturally, you should use a password manager to securely store your account passwords. A written book, or the dreaded yellow sticky notes circling your monitor are NOT approved password managers.
Given that different calculations are used for the various password complexity standards, other password complexity sites will come up with varying lengths of time needed to break the code. But you can be certain that the longer it is, the better it will be in all cases.
So take your love of poetry, best catchphrase, or favorite recipe ingredients and come up with a longer, and more secure, 'passphrase'.
Just don't use 1-2-3-4-5...6. That just shows you're phoning it in.