Sales or Technical Support: (503) 468-4890 or
help@buildableworks.com

Why You Should Have Passphrases, Not Passwords

Passwords are not hacked by a person anymore; they are hacked by software. The days of hackers sitting at a computer, furiously typing into a DOS-like interface and trying to guess your password via cross-site scripting are over. Anyone can download password hacking software for free and become a “hacker”—it’s never been easier.

While this is certainly unsettling, the experts at the recent Cyber Security for Manufacturers event from Oregon Business have recommended a simple trick for increasing the security of your login information.

In this article, we’ll cover the difference between a password and a passphrase, and why you and everyone you know should be using the latter.

What’s in a Password?

A password can only be created with inputs from a keyboard. To a password hacking algorithm, all it has to do is create every conceivable outcome from available keyboard strokes. It’s similar to a permutation in mathematics. The more numbers in the permutation, the more possible options and numbers, the more difficult it gets to compute.

A password’s length is its best defense against a hacker. The password “football” is just as secure (or insecure, we’ll get to that) as “F00tBalL”, which is just as secure as the password “(#f^{lp1”. The total number of characters is the same. Therefore, the hacking algorithm only sees 8 total characters. The algorithm doesn’t care if you wrote it in perfect English or put a random string of numbers and symbols together. The only thing that matters is length.

Go Long!

What’s nice, though, is that the time it takes to hack your password increases exponentially with each additional character added to the password. Here’s an estimate from Fortune on how the numbers break out:

Length of Password Time to Hack
4 characters (asdf) 5 hours
5 characters (asdfg) 5 days, 10 hours
6 characters (asdfgh) 4 months, 21 days
7 characters (asdfghj) 10 years, 2 months
8 characters (asdfghjk) 264 years
9 characters (asdfghjkl) 6,886 years
10 characters (asdfghjklm) 179,055 years

So, the longer your password, the better. But what about those randomly generated passwords from your IT person? Those tend to be quite long and, unfortunately, near impossible to remember.

Passphrase to the Rescue

To avoid having a treasure trove of passwords stored in the Notes app on your phone or written on a sticky note at your desk, the best thing to do is to implement what is called a passphrase.

A passphrase is created by combining a few short words together that are significant to the person creating it. Here are a few sources of inspiration:

  • Your favorite phrase from a novel or poem
  • The names of your children
  • All the street names you have lived on in chronological order

Tie any of these in with a 10-character minimum (as required by our IT staff here at Buildable) and a special character on top, and there you go! You have a passphrase.

New Password Policy, Anyone?

There are people from around the world who want to ruin your day and your business for their personal gain. As the tools used by hackers get more and more sophisticated, their motivation remains the same. They still want to gain access to your data and exploit it.

Your password policy should include a minimum character length. Get everyone in your organization on board, from the ground floor to the C-Suite to your customers. Anyone who accesses your data must have an excellent password.

If you’re now wondering about the cybersecurity of your business, we can help. Call us at (503) 468-4880 for a free audit →

Web Design and Web Development by Buildable