Complete Story
 

10/13/2017

Cyber Trends: Passphrases Versus Passwords

New report from Ohio AG office cites value of passphrases over passwords

Although once considered the best way to protect your personal information, experts say passwords do not make your accounts any more secure. Instead, cybersecurity experts now encourage people to use passphrases.  
 
A passphrase is a sentence or combination of words that is easy to remember but longer and more complex than a traditional 8-12 character password. The following is an example of a good passphrase: “That time I Slipped on a Hot Pink Banana Peel $.”  This passphrase works because it is funny, unique and easy to remember. Additionally, it is long and complex and contains unexpected characters, increasing its strength.
 
There are good reasons to consider changing your passwords to passphrases. First, passphrases are easy to remember. Second, passphrases often satisfy the complex rules of operating systems, which means most major operating systems and applications will support passphrases. Lastly, passwords are becoming easier to crack by cybercriminals because cracking programs have become more sophisticated.

Cybercriminals are better at identifying password trends such as using symbols to replace letters, adding numbers to replace entire words, or using phrases such as “I love” or “I miss.”  Because these trends are more common, cybercriminals try these types of passwords first when trying to get into a computer system.
 
When developing a passphrase, here are some tips to consider:

  • A passphrases can include lines from a book, song, movie, or play.
  • Increase complexity by adding unexpected characters, such as symbols, numbers or capital letters.
  • Consider making your passphrase at least 19 characters long to increase its strength.

While no passphrase or password is completely secure from cybercriminals, passphrases have been shown to be more secure than passwords that are based on the standard 8-12 character requirements.  

To read more from the Ohio Attorney General about cybersecurity, please select this link.

Printer-Friendly Version