[Reading Time - 1 minute 44 seconds]
When I am speaking to users about passwords, towards the end of the presentation I give my three password principles:
However, invariably when I finish speaking, someone will come up to me and say that they use long passphrases instead of a password. They say that these are easy to memorize, so they don't have to use a password manager. And usually these passphrases are the words to their favorite song or a famous line from a book or poem.
Is it safe to use a passphrase instead of a password?
And here's the reason why.
Attackers know that users often use passphrases. So, in addition to using stolen passwords to see if your password matches it, they now also use huge repositories of known phrases and titles to quickly find a match and crack your password. And what are some of these repositories? Here's just a small sample:
So, if you use a passphrase that includes music lyrics ("If_we_weren't_all_crazy_we_would_go_insane"), movie lines ("May_the_Force_be_with_you"), or words from a famous saying ("Abandon_all_hope_ye_who_enter_here") then your passphrase can easily be broken.
All passwords should be long, unique, not phrases--and stored in a password manager. And be sure to use the password manager's built-in password generator to create long and complex passwords that are different for each account.
Anything less is just begging for your password to be cracked. And it will be.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.