Passwords are an undeniable part of our cyber life, whether for checking our emails, bank account or just logging in our Facebook page. They are a real open door to our private life. Unfortunately, with the improvement of phishing techniques, they are incredibly easy to crack. Luckily, there is an alternative to maximize personal data protection: passphrases.
What’s a passphrase?
A passphrase is a sequence of words between 20 and 30 characters long contrary to passwords that are made up of 8 to 10 characters.
Why should we use passphrases?
To be considered as strong, a password has to be long and include plenty of characters of any type such as numbers, punctuation marks or capital letters. With a different password for each account, it becomes necessary to have a writing pad or a password manager to remember them all, a solution which is not risk-free knowing how ingenious hackers can be.
No matter its length, the passphrase is easily remembered thanks to mnemotechnic ways. It also has a superior resistance to cracking attempts as shown in this Randall Munroe’s comic strip. Moreover, according to a recent Smashing Magazine study, in case of a brute-force attack with a standard PC, a complex 8 characters password — tU.w@b3e — would be found in two years. Another example, an ordinary sentence like “thisisasimplephrase” would take three billion years to be cracked!
How to optimize a passphrase?
The passphrase’s strength depends on several criteria, the first one undoubtedly being its length. The longer it will be, the more resistant it will be to Brute-Force attacks or Dictionary attacks.
There are just a few conditions:
- the words used shouldn’t be connected to each other;
- they should be chosen randomly;
- it is also not recommended to avoid using a famous quote or a sentence taken from a movie, a song or a book.
Need inspiration? Let’s take an example: unicorncoffeemondaytable. The combination of these words makes no sense but with a little imagination, it is fairly easy to keep it in mind by repeating this sentence: “Last monday, I saw a unicorn drinking coffee on a table”.
It is also recommended to complicate the passphrase using capital letters, spaces, symbols, misspellings or numbers. This addition strengthens its security without compromising its memorization.
When you create a password, there’s an unavoidable choice to make between security and usability. It is not the case with passphrases that are both a solid and user-friendly protection. These two solutions could however live their last months since the World Wide Web Consortium is setting up a group called Web Authentification Working Group whose aim for the coming year is to create a new authentication system based on the device used. Wait and see!