Tips from Virsage: Passphrases - December 2017
Posted by Andrea Montgomery on 13 December 2017 01:02 PM
Tips from Virsage: Passphrases
Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone. However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself. However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.
My-Ngoc Nguyen (pronounced Me-Nop Wynn) is a Certified SANS instructor and CEO/Principal Consultant for Secured IT Solutions. She brings expertise with top certifications and 14+ years of developing, maturing, and managing cyber security programs for various industries and sectors. Follow her on Twitter @MenopN and on LinkedIn at My-Ngoc “Menop” Nguyen.
The challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means bad guys can compromise your passwords if they are weak or easy to guess. An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type. Instead, we recommend you use passphrases--a series of random words or a sentence. The more characters your passphrase has, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack. Here are two different examples:
Time for tea at 1:23
What makes these passphrases so strong is not only are they long, but they use capital letters and symbols. (Remember, spaces and punctuation are symbols.) At the same time, these passphrases are also easy to remember and type. You can make your passphrase even stronger if you want to by replacing letters with numbers or symbols, such as replacing the letter ‘a’ with the ‘@’ symbol or the letter ‘o’ with the number zero. If a website or program limits the number of characters you can use in a password, use the maximum number of characters allowed.
Using Passphrases Securely
You must also be careful how you use passphrases. Using a passphrase won’t help if bad guys can easily steal or copy it
Subscribe to OUCH!
Receive OUCH! monthly in your email inbox. Join the community and subscribe to the OUCH! security awareness newsletter at https://securingthehuman.sans.org/ouch.
Password Manager: https://securingthehuman.sans.org/ouch/2015#october2015
Two Step Verification: https://securingthehuman.sans.org/ouch/2015#september2015
Lock Down Your Login: https://lockdownyourlogin.com
SANS SEC301 - Five day course on cyber security basics: https://sans.org/sec301
OUCH! is published by SANS Securing The Human and is distributed under the Creative Commons BY-NC-ND 4.0 license.
You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions,
visit securingthehuman.sans.org/ouch/archives. Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley
Find this article online at: https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201704_en.pdf