< Back | Return Home
Passwords, Passphrases, and Password Managers: Which Is Best?   Passwords, Passphrases, and Password Managers: Which Is Best?

Passwords, Passphrases, and Password Managers: Which Is Best?

#Security
by Mike Bianco
Mike Bianco Mike Bianco Vice President of Information Security 
Read time:

How many passwords do you have?

As our world and lives become increasingly digital, the average person has gone from having just a few passwords to managing upwards of 100. That is 100 unique passwords to remember, if you’re using strong password habits.

Enter password managers.
 

Why should I use a password manager?

Password managers can save you the trouble of having to remember dozens of passwords. They generate complex, unique passwords for you and store them all in one place. They also tell you when you have weak, reused passwords or compromised passwords. They can automatically fill credentials into sites and apps using a secure browser plugin. You only need to remember one master password—the one for accessing the password manager itself (which you should never write down!).
 

How do I create strong passwords?

You can strengthen your passwords by remembering these three tips:
  1. Longer is stronger: Passwords with at least 16 characters are the hardest to crack.
  2. Make them hard to guess: Use a random string of mixed-case letters, numbers, and symbols. If you need to memorize a password, create a memorable passphrase of at least five unrelated words (more on that below). Get creative with spelling and/or add numbers or symbols.
  3. Be sure they’re one of a kind: Use a unique password for each account. We know remembering long, unique passwords for every account is impossible. But remember, that’s where the password manager comes in! It keeps all that information for you.


What password managers do you recommend?

The two password managers we recommend are Bitwarden and 1Password. They both have great reputations and are secure. Bitwarden has a free option that gives you a lot of functionality; it also offers an inexpensive paid tier with extra features. 1Password is an inexpensive option that offers a more polished, feature-heavy experience.

Regardless of which password manager you choose, remember to create a strong, secure master/vault password. Never write this password down or share it with anyone. Having a strong master password creates a huge hurdle for any hackers trying to open your account.
 

Back to passphrases, is a passphrase the same as a password?

Not quite!

Passwords are typically composed of letters, numbers, symbols, or combinations of these characters. Most people were taught to create strong passwords by substituting letters for numbers or symbols—for example, password, becomes p@ssw0rd. Tricky, right? Well, unfortunately, criminals know this game too, and even complex passwords with substitutions are relatively easy for both humans and robots to crack. Online criminals have also developed state-of-the-art hacking tools designed to crack even the most complicated passwords.

So our recommendation? Ditch the password in favor of a passphrase.

A passphrase is longer than a password and contains spaces between words. Here’s an example: “The road to success is always under construction!” (Approximate crack time: 223,966,385,786,166,380,000 centuries)

A passphrase can also contain numbers or symbols, such as: “The r0ad t0 succ3ss is always under c0nstruction!” (Approximate crack time: 9.460,961,044,053,363e+24 centuries)

Passphrases should be easy to remember, but preferably not popular or common phrases that can be easily guessed by someone who knows you. Want to try it out? You can visit www.useapassphrase.com to test your phrase’s strength.
 

What else can I do to keep my accounts safe?

In addition to using strong passphrases and a password manager, whenever possible, use multi-factor authentication (MFA). MFA will send an approval message to your trusted device or email (or both) so you can approve or deny any attempts to log in. This extra step provides an additional line of defense should your credentials fall into the wrong hands.

Speaking of which, a hacker should never get lucky by simply being in the right place at the right time. Never leave credentials near your devices (including sticky note reminders under your keyboard), and inspect ports for new, unobtrusive dongles, which could be keyloggers—small USB devices that capture every letter you type, including your passwords. You can never be too careful when it comes to protecting your credentials.

Stay safe out there!


 

Follow-Up Resource: Level Up Your District Data Protection with the Security Audit Report

Are you sure your Skyward system settings are meeting security best practices? Now you can be! We’re excited to unveil the new, free Security Audit Report, a tool you can use to make sure your system and data are as secure as possible.


 


Mike Bianco Mike Bianco Vice President of Information Security 


Share this story:


Read more articles like this

6 Things Districts with Smooth Qmlativ Migrations Prioritize
6 Things Districts with Smooth Qmlativ Migrations Prioritize
4 Ways to Improve Cybersecurity with Limited Staff
4 Ways to Improve Cybersecurity with Limited Staff
Skyward iCon 2024 – Event Recap
Skyward iCon 2024 – Event Recap
Technology Tips: March 2024 Edition
Technology Tips: March 2024 Edition
Qmlativ is Ed-Fi Certified!
Qmlativ is Ed-Fi Certified!
Passwords, Passphrases, and Password Managers: Which Is Best?
Passwords, Passphrases, and Password Managers: Which Is Best?
Qmlativ Spotlight: Send Mass-Messages to Teachers, Staff, and Guardians
Qmlativ Spotlight: Send Mass-Messages to Teachers, Staff, and Guardians
Technology Tips: February 2024 Edition
Technology Tips: February 2024 Edition