<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

Tech Fixes: The Importance of Passphrases - Security Tip

Posted by Ben Olcott on Tue, Jun 03, 2014

Passphrases better Password SecurityI know I’ve covered using passphrases in the past, but it warrants touching on again. The two most important aspects of a “password” are length and randomness. The amount of entropy (basically, uncertainty) is a function of length and randomness. For a brief discussion on entropy in cryptanalysis, click on entropy and scroll down about half way.

We can easily address length by using passphrases, which is really the same thing as a password, but consists of a phrase instead of just one word. In addition, by using passphrases, we address another common problem with passwords – the difficulty in remembering various symbols injected into the password. From the entropy perspective, by using a passphrase, we will give up some level of uncertainty by reducing the collection of symbols that are used, but we will gain significantly more by substantially increasing the length. Take, for example, a password such as “P@ssW0rd!”. In this example, remembering which character is capitalized, which character is a special symbol, and where it is can be difficult. And, the result is a password that is not only relatively weak and easy to crack, but probably written down somewhere. Let’s try a passphrase: “The color of my hair is blue.” There are actually a few special characters here; the spaces and the period. The length is over three times greater going to 29 characters total (remember, the spaces and the period are characters) from the 9 characters used by our complex looking weak password example above. Instead of an easy to crack and hard to remember password, we now have a hard to crack and easy to remember passphrase.


Tags: Data Security, Tech Fixes

Subscribe to our BLOG

Recent Posts