Forget Passwords…Use Passphrases for Higher Security
by Aaron Turpen
Published on this site: July 18th, 2005 - See
more articles from this month...
Think about this: what is easier to remember "34xl73db6"
or "SecureThis"? Obviously the latter.
Technically, "SecureThis" is only a password consisting
of two words, but on some systems that allow spacing between
words (like Windows 2000 and XP), the password becomes a passphrase
"Secure This." It's complete with mixed capitalization,
a total of 11 characters, and it's easy to remember.
Using passphrases is much more secure, due to the lengthier
number of characters and the inability for simpleton hackers
using dictionaries to just randomly try single words. In fact,
a phrase is much harder to duplicate unless it's extremely
common (like the name of a top hit song or actor). Especially
if you include capitalization. Most brute-force hackers use
randomizers and dictionary-linked software to try to break
codes.
Most secure sites, software, etc. require that you use at
least 6 or more characters in your password, many require
that you mix upper and lower-case letters and most require
that you also include numbers. This generally results in a
lot of passwords that are forgotten and have to later be retrieved,
usually by less-than-secure email methods.
Recent discussions among security professionals on blogs,
websites, etc. have pointed out the relative merits of using
passphrases instead of just single words (passwords). One
of the biggest advantages is the ability to easily remember
most passphrases while keeping the biggest security bonuses
associated with them (larger numbers of characters).
I've switched most of my passwords to passphrases wherever
possible. I think you should too.
Aaron Turpen is the proprietor of Aaronz WebWorkz
and the author of several informative e-books, including "The
Layman's Handbook To Doing Business Online," in which
this article appears. His books are available from his website:
http://www.AaronzWebWorkz.com
|
