Blog | The AME Group

Benefits of Using Pass Phrases

Written by Andrew McIntosh | Apr 12, 2022 6:44:58 PM

Introduction

In this article we are going to examine the benefits of using a passphrase instead of a password on your most important accounts:

  • Why passwords are inherently flawed
  • Why pass phrases are better
  • How to create a killer pass phrase

Why Passwords Are Inherently Flawed

Pop quiz: which of these three passwords is best?

  1. Golfer27
  2. G01f3R27!
  3. I wish I was better at golf.

In a recent LinkedIn poll (found here) about half of respondents chose option 2.

Why?

Likely they reasoned that this password appeared to be the most complex. It has a mix of letters and numbers, both uppercase and lowercase, as well as symbols. Therefore, it must be the most secure. Right?

Well... there are two major factors being overlooked. First, that password is only 9 characters long. Second (and perhaps more importantly) it's very difficult for a human being to remember.

That second point is the main crux of this article. Long, complicated passwords are not very "human friendly" and are therefore difficult for us to remember. This leads to a few problems:

  1. We tend to forget these passwords, which leads to getting locked out of our accounts.
  2. If we DO manage to remember them, we will keep it very similar the next time we are prompted to change it. So "G01f3R27!" becomes "G01f3R28!", then "G01f3R29!" and so on.

Lastly (and this is something most people don't realize) what appears complicated to the human eye, is relatively easy for a computer to guess.

According to this website the password "G01f3R27!" could be cracked by a computer in only 25 minutes! Yikes! 😱

Which leads us to the next point of the article:

Why Pass Phrases Are Better

A pass phrase, such as "I wish I was better at golf." has several benefits:

  1. As a human, this is much easier to remember.
  2. Even though it doesn't look very complicated, it still has the features we need: uppercase and lowercase letters, symbols (in the form of spaces and a period at the end), and last but not least:
  3. Length. This passphrase, including the spaces and punctuation, has a total of 28 characters.

Let's run this pass phrase through the same website and see how long it would take to crack this one:

17 Trillion Years

You see, with each additional character added to your password, it takes exponentially more time for a computer to crack it.

That, in addition to their easy-to-remember nature, make pass phrases much more effective.

How to Create a Killer Passphrase

There are a few methods I can suggest for coming up with a good pass phrase:

  1. A few random words strung together (hint: it's easier to remember than you might think)
  2. Your personal opinion on a topic
  3. A favorite movie quote or song lyric

Let's consider the first method: random words strung together.

For this example, please refer to the comic below.

Notice the point at the end, about how difficult it is to remember: You've already memorized it! Close your eyes and I bet you can repeat it out loud right now.

I first saw this comic over a year ago and I can still remember "correct horse battery staple" without a problem, especially when I picture it as illustrated above!

That said, do NOT use "correct horse battery staple" because this is a well known comic on the internet, it only serves as an example 🤓

But you can easily use something like this that you've come up with on your own.

Now for the second method: your personal opinion on a topic.

Take anything you feel passionate about and put it into a sentence. A good example would be something along these lines:

"I really hate vinegar based barbecue sauce!"

Chances are good that you will feel the same way about vinegar based BBQ sauce tomorrow, and for the rest of your life. The chances of forgetting this passphrase are pretty small, right?

As easy as it is for you to remember, this is still a VERY strong password. 43 characters, uppercase and lowercase, and special symbols (spaces and an exclamation point!)

Our third method would involve using your favorite song or movie to form the basis of a pass phrase.

In my opinion (and I believe this has been confirmed as a scientific fact) The Princess Bride is the greatest movie of all time. With that said, let's consider one of it's most famous lines:

"Have fun storming the castle!"

Here we have 29 characters, all the needed complexity, and an estimated cracking time of... 228 million years (which I think should suffice).

I do have one caution, though, when using movie quotes or lyrics from your favorite song: these are famous lines that others know about and could easily guess, especially if you openly tell people what your favorite movie is.

So we'll need to mix it up a bit. Perhaps something like this:

"Have fun storming the castle, Jerry!" or,

"Have fun storming the 7-11!"

All it takes is a small tweak to make it much harder for a computer to crack, or a human to guess.

Conclusion

Using a pass phrase instead of a password has many advantages:

  1. They are easy to remember
  2. They are more secure because of their length
  3. They are equally as complex, without even trying!

So give it a shot... try putting pass phrases into use for your most important accounts - you'll be happy you did!