Passwords are dead. It’s time for Passphrases.
Remembering passwords can be such a nightmare that many of us use the same password for everything. Not only is that a huge risk if it’s exposed but it’s also an old practice. Passwords are not going away, but the use of them has changed and you need to take action today.
Facebook, Twitter, email, banking, Uber, the list goes on. We are constantly needing to create accounts for every service and being creative with passwords is tricky. Remembering passwords is even harder. Applications like 1Password and LastPass will help provide a repository for all of your passwords but with a Passphrase strategy, these apps won’t be required.
What is a Passphrase?
A passphrase is a combination of words to create a very strong password. Your password today might be Toyota1! and it meets most levels of password criteria. Toyota1! has a good length of characters, uppercase, lower case, a number and a character. It’s also easy to remember. But when you use it on all accounts the risk of exposure is high. If your Twitter credentials are exposed in a hack, your banking, email and other platforms could be accessed immediately. A passphrase allows you to create a unique password for each service without much effort.
MyWhiteToyota1! is an example of a passphrase. It now has an increased character length, multiple uppercase and lower case letters.
Create a unique and easy to remember password
Now that you have a passphrase, a simple way to tailor it for each platform you use is to add the platform name to the end of your passphrase. MyWhiteToyota1! becomes MyWhiteToyota1!Facebook or MyWhiteToyota1!GMail for obvious services. You have gone from an eight character password to a passphrase with more than 20 characters and it’s still easy to remember!
What is two-factor Authentication?
Even the best passwords or passphrases can still be exposed, leaked or hacked. It is for these situations that you should add two-factor authentication to your accounts. If I log onto Facebook, even with the correct password, I will receive an SMS with a unique code that I will need to enter for an extra layer of security. This means that a hacker would not only need my username and password, they’d need my phone to retrieve the unique code. Two-factor authentication is a feature that can be enabled on most platforms and we highly recommend this extra layer of protection.
How often should I change my password?
In the example we used earlier, there is a risk that once one is exposed it could be easy to guess the password of other platforms. Changing your password every Spring as part of Spring Cleaning is a great way to refresh your list of passwords for any risk of exposure. It can be as simple as changing one word or all the words in your phrase to make it stronger.
How do I know if I am at risk?
You may never know that your accounts have been exposed, most platforms don’t inform their users sufficiently. But you can enter your email address into haveibeenpwned.com to see if your details were exposed in previous hacks or leaks. You’ll be surprised by the list and you’ll need to make sure you address each account with stronger passwords. It isn’t everything that gets leaked but it’s what has been reported and made available for searching. Follow the above practices and it should never be a problem.