In this article we are going to examine the benefits of using a passphrase instead of a password on your most important accounts:
Pop quiz: which of these three passwords is best?
In a recent LinkedIn poll (found here) about half of respondents chose option 2.
Why?
Likely they reasoned that this password appeared to be the most complex. It has a mix of letters and numbers, both uppercase and lowercase, as well as symbols. Therefore, it must be the most secure. Right?
Well... there are two major factors being overlooked. First, that password is only 9 characters long. Second (and perhaps more importantly) it's very difficult for a human being to remember.
That second point is the main crux of this article. Long, complicated passwords are not very "human friendly" and are therefore difficult for us to remember. This leads to a few problems:
Lastly (and this is something most people don't realize) what appears complicated to the human eye, is relatively easy for a computer to guess.
According to this website the password "G01f3R27!" could be cracked by a computer in only 25 minutes! Yikes! 😱
Which leads us to the next point of the article:
A pass phrase, such as "I wish I was better at golf." has several benefits:
Let's run this pass phrase through the same website and see how long it would take to crack this one:
You see, with each additional character added to your password, it takes exponentially more time for a computer to crack it.
That, in addition to their easy-to-remember nature, make pass phrases much more effective.
There are a few methods I can suggest for coming up with a good pass phrase:
Let's consider the first method: random words strung together.
For this example, please refer to the comic below.
Notice the point at the end, about how difficult it is to remember: You've already memorized it! Close your eyes and I bet you can repeat it out loud right now.
I first saw this comic over a year ago and I can still remember "correct horse battery staple" without a problem, especially when I picture it as illustrated above!
That said, do NOT use "correct horse battery staple" because this is a well known comic on the internet, it only serves as an example 🤓
But you can easily use something like this that you've come up with on your own.
Now for the second method: your personal opinion on a topic.
Take anything you feel passionate about and put it into a sentence. A good example would be something along these lines:
"I really hate vinegar based barbecue sauce!"
Chances are good that you will feel the same way about vinegar based BBQ sauce tomorrow, and for the rest of your life. The chances of forgetting this passphrase are pretty small, right?
As easy as it is for you to remember, this is still a VERY strong password. 43 characters, uppercase and lowercase, and special symbols (spaces and an exclamation point!)
Our third method would involve using your favorite song or movie to form the basis of a pass phrase.
In my opinion (and I believe this has been confirmed as a scientific fact) The Princess Bride is the greatest movie of all time. With that said, let's consider one of it's most famous lines:
"Have fun storming the castle!"
Here we have 29 characters, all the needed complexity, and an estimated cracking time of... 228 million years (which I think should suffice).
I do have one caution, though, when using movie quotes or lyrics from your favorite song: these are famous lines that others know about and could easily guess, especially if you openly tell people what your favorite movie is.
So we'll need to mix it up a bit. Perhaps something like this:
"Have fun storming the castle, Jerry!" or,
"Have fun storming the 7-11!"
All it takes is a small tweak to make it much harder for a computer to crack, or a human to guess.
Using a pass phrase instead of a password has many advantages:
So give it a shot... try putting pass phrases into use for your most important accounts - you'll be happy you did!