Introducing: The Passphrase

To remember complex passwords today you basically need a masters degree! For a password to be truly strong and secure it must include a range of letters, numbers, symbols as well as upper and lower case letters. Let’s be honest, a random complex password is basically impossible to remember without writing it down. According to a Telesign consumer report, data breaches and account hacks are becoming a regular occurrence for digital citizens, with 2 in 5 people having had an account hacked or password stolen. Whilst there are many new security tools to make accessing our devices and accounts easier and more secure, such as facial recognition, fingerprint technologies and two factor authorisation (set this up if you haven’t already!), ‘password’ and pin number securities are still the most common way for digital users to access their online accounts and profiles. Introducing: The Passphrase.

Why do I need a passphrase?

Image credit: @dudewithsign

The Passphrase

Here’s an idea … Rather than using a word or a set of completely random letters, numbers AND symbols that are seemingly impossible to remember, try using a passphrase. A passphrase is a clever trick to create a set of what may appear to be random digits. To design a passphrase, think of a phrase or sentence that you will be able to remember. Next, use the first letter of each word from your memorable sentence or phrase to create a unique passphrase. Let’s try this out…

“Nobody will ever be able to hack into my Xbox with this passphrase” = nwebathimxwtp

Whilst this may look complicated, lowercase letters on their own are still susceptible to hacking, particularly by software programs design to process 1000s of password combinations per second. So, next we need to add some extra complexity. Review your sentence and see if you can manipulate or transform some of those letters into numbers or symbols. It’s also a good idea to make some of the letters into capital letters too. By doing this you will accelerate your password design skills tenfold.

Passphrase Sentence: “Nobody will ever be able to hack into my Xbox with this passphrase”

Simple Passphrase: nwebathimxwtp

Letters, Numbers and Symbols Passphrase: Nw3b4th!mXwtp

If you look at the example Nw3b4th!mXwtp you will notice the symbols align with the letters used to create the passphrase. In this example you can see that we substituted some of the letters with ‘like shaped’ numbers.

–          Substituting the ‘E’ for a ‘3’
–          Substituting the ‘A’ for a ‘4’
–          Substituting the ‘i’ for a ‘!’

This password now contains 13 characters (2 capitals letters, 8 lower case letters, 2 numbers and 1 symbol) and still aligns with my memorable sentence that I’ll be using to remember the password. The added benefit of a Passphrase is that you can customise the sentence any way you like to make sure it is in line with any website or online profile specifications.

Have a go at creating a sample passphrase and test out its strength by visiting the “Check My Password” website. *Note: never ever use your real password in this tool – just to be safe!

DOs and DON’Ts when creating a Passphrase

When creating a password or passphrase there are some things that you should and shouldn’t do to protect your personal devices and online profiles/accounts:

DO: Have a 12-character minimum – at the very minimum, 12 characters is acceptable. Ideally, even longer is better

DON’T: Make sure it is NOT a word that can be found in the dictionary – never use common words or combinations of words. Words are patterns in language and patterns reduce the strength of your passwords.

DO: Include numbers, symbols, lower case and upper case letters – the greater the mix the harder it is to crack.

DON’T: Never rely on the one basic and predictable substitution. Using symbols is very important, but don’t just use the symbol @ as a replacement for the letter a or number 5 to replace the letter ‘s’ within a ‘word’. It’s too obvious.

Got multiple accounts? Have multiple passphrases.

When logging into any online account, it is extremely important to be extra cautious of the domino effect that may occur if using one single password/passphrase across all of your accounts. If one of your accounts is compromised, this will put your other online accounts at risk. Having the same password/passphrase across all of your accounts provides an open door for hackers who will browse your history and view other platforms or sites you have been using to obtain a range of our personal information.

A new season is a great time to design a new set of passphrases

Developing long and strong access codes is now just an important part of online life, but we must not set and forget! Regularly updating our passwords/passphrases minimises the chances of our online accounts being compromised. Use the seasons of the year or set a reminder in your phone every few months alerting you to visit your frequented online accounts and update/change your passwords.

A proactive password strategy is key to preventing cybercrime. The “it won’t happen to me” outlook does not cut it!

For more easy-to-apply hints and tips to keep your home and the technology you use safe and secure, check out our blog post Five Simple Ways to be Cyber Secure at Home and our downloadable Cyber Security at Home Guide.