One-Page Pitch: Ditch Passwords and Use Passphrases
Protecting user credentials can keep your entire district afloat.
That’s why it’s imperative that you and everyone else at your district understands the importance of using strong passphrases.
“Passphrases?” you ask. “Is that the same as a password?” Not quite!
Passwords are typically composed of up to 10 letters, numbers, symbols, or combinations of these characters. Most people were taught to create strong passwords by substituting letters for numbers or symbols—for example, password, becomes p@ssw0rd. Tricky, right? Well, unfortunately, criminals know this game too, and even complex passwords with substitutions are relatively easy to crack for both humans and robots. Online criminals have also developed state-of-the-art hacking tools designed to crack even the most complicated passwords.
So now what? Insert the passphrase.
A passphrase is longer than a password and contains spaces between words. Here’s an example: “The road to success is always under construction!” (Approximate crack time: 223,966,385,786,166,380,000 centuries)
A passphrase can also contain numbers or symbols, such as: “The r0ad t0 succ3ss is always under c0nstruction!” (Approximate crack time: 9.460,961,044,053,363e+24 centuries)
Security professionals recommend ditching passwords in favor of passphrases. Here are a few reasons why:
Passphrases should be easy to remember, but preferably not popular or common phrases that can be easily guessed by someone who knows you. Want to try it out? Visit www.useapassphrase.com to test your phrase’s strength.
- Passphrases are easier to remember.
- Passphrases are more difficult to crack.
- Passphrases are easily modified to satisfy complex passwords rules.
If you have trouble remembering multiple complicated passphrases, a password service can store your passphrases for you. That way, you only need to remember one (VERY strong, unguessable) passphrase.
Using strong passphrases is important, but there’s more you can do to keep your data safe. Whenever possible, elect multi-factor authentication (MFA) settings. MFA will send an approval message to your trusted device or email (or both) so you can approve or deny any attempts to log in. This extra step is an additional line of defense should your credentials fall into the wrong hands.
Speaking of—a hacker should never get lucky by simply being in the right place at the right time. Never leave credentials near your devices (including benign sticky note reminders under your keyboard). Inspect ports for new, unobtrusive dongles, which could be keyloggers—small USB devices which captures every letter you type, including your passwords. You can never be too careful when it comes to protecting your credentials.
Constant vigilance keeps districts from paying huge ransoms for precious data. Is it time to update your password?
Follow-up resource: Subscribe for more
This is just the most recent entry in our series of one-page pitches. Subscribe and recieve upcoming editions delivered right to your inbox.
Share this story: