Archive for the ‘Password’ Tag

CREATING SECURE PASSPHRASES   Leave a comment


Don’t you mean password? Not exactly. Traditional passwords have had numerous usages over the years but they have always had limitations and weaknesses. Passphrases have been around a long time as well just not as utilized. However, due to several technical and non-technical reasons passphrases provides us with a greater level of security than the traditional passwords.

Ugh…You mean I have to create a more secure password…I mean pass phrase, than I do today? In short yes, however, you will find that passphrases are much easier to create, maintain, and remember. Which are some of those non-technical reasons why they are more secure. After all if we (the lovely IT folks) make you create a complex password/passphrase that is difficult to remember we all know where that goes right? Yep, on a piece of paper that sits on my desk, a drawer, or somewhere that could potential be seen by a passerby. We want the passphrase to be complex, yes, but we want it to be easy to remember so you don’t have to do that. It’s a win/win situation.

Now to the fun part, how do we create an easy to remember strong passphrase? The easy answer to this is to create a sentence. Why a sentence? Because a properly constructed sentence will give you what is defined as a complex password. It will have a capital letter, lowercase letters, and punctuation (special character). You can still wind up with a weak passphrase just like you can a weak password. So in order to help you further with the process there some guidelines you can follow to help you with your passphrase creation.

  • Be creative with your sentences – Ever play Mad Libs? Think of creating a passphrase like playing Mad Libs. Makes it more fun at the very least.  “My neighbor’s green eyebrows creep me out.”
  • Proper sentence structure – Don’t forget to begin the sentence with a capital letter and end it with some sort of punctuation.
  • Replace a letter with a special character or number – Pick a letter (or two if you want to be wild) and replace them with a special character or number throughout the entire sentence. Example: “The house made of wax smells funny.” Change the “e” with a 3 and it now becomes “Th3 hous3 mad3 of wax sm3lls funny.” Still easy to remember and now much harder to crack.
  • Avoid using personal information to construct your sentence – Your name, birthday, driver’s license, etc. Information like this makes it easier for someone guess. Such as “My birthday is January 1.”. Yes it’s complex but easier for someone to guess.
  • Avoid using sequences – We are all guilty of this from time to time. By adding numbers at the end of our passwords when we have to change them we avoid remembering those pesky complex traditional passwords. If your passphrase was compromised anytime during the use without your knowledge adding a sequence will not fool the attacker. For example, if your passphrase is “Long and complex passphrases are the safest.” and you change it to “Long and complex passphrases are the safest!”. Technically we have a new passphrase but we have defeated the purpose of creating a strong passphrase.
  • Keep a secret – No matter how tempting it is to tell your coworker or friend about your cool new passphrase so they can see how creative you are, keep it a secret. Don’t share your passphrase with anyone.

NOTE: Creating passphrases may not be possible depending on the systems/applications/etc you are accessing. You will need to test to see if they work with each system/application/etc. In a Microsoft environment you should be fairly safe but it doesn’t hurt to test anyway.

The goal is to make you and the information in your organization more secure. By following these simple steps you can help make that happen while allowing you to have an easier (and even fun) time while doing it. Happy Mad Lib’ing!

The posts are provided “AS-IS” with no warranties, and confers no rights.

Advertisements

Posted June 21, 2010 by Chris Morgan in Misc.

Tagged with , ,

%d bloggers like this: