Password vs Passphrase – Which Is More Secure?

Passwords. Just the thought of the word can cause anxiety. Anxiety is usually the result of apprehension, fear, or something we dread. But, why we would fear passwords?

anxiety

You shouldn’t fear passwords – you should fear your company’s password policy. The password policy created by your company determines what passwords will/won’t be allowed. See, here’s the problem: for companies that have Windows based domains, it is impossible to have a secure password policy with the default password policy options. The Microsoft Windows password policy is not enough to keep your network secure. That’s the bottom line.

This is the same concept as buying a new home. The standard deadbolt installed is the “default” form of security for your home, but who stops there? No one! You don’t wait for your home to get broken into for you to purchase a home security system; so why would you wait until your company gets hacked to purchase a means for password security?

security-390792_960_720

If your company is using Microsoft as their means for password security – then employees need to create passwords that are greater than 14 characters to be secure. Read why here. Unfortunately, Microsoft does not allow the IT Administrator to require a 15 character minimum. Therefore, employees are able to slip through the cracks and create passwords as easy as Password1.

Creating a password that is a minimum of 15 characters long can be frustrating to users. Who really wants their password to be Georgia#apple78? Besides creating a long and complex password, who would want to type Georgia#apple78 multiple times per day? There are many forums on StackExchange that explain when users go to type in their password, if they select the wrong key they don’t just hit backspace once, they erase the whole password and start over. Now that can cause employee frustration.

Passwords can be a nuisance! However, they are also not going anywhere anytime soon for the workplace so we must learn to deal with them. There is an old saying that goes something like this… if you don’t like something, change it! If you don’t like passwords, then change it! We aren’t suggesting that you go spend hundreds of thousands of dollars equipping your company’s network to have biometrics. That isn’t cost effective or a smart idea. The truth is, fingerprints can be hacked too and once your fingerprint is hacked you can’t change it. Read more here.

biom

We have a solution for you – start requiring passphrases! A passphrase is essentially a short sentence. It can be a combination of related or unrelated words joined together with spaces. These would be examples of passphrases: I went grocery shopping or 100 pound shark in Florida. The debate for password vs passphrase is clear – passphrases are much more user-friendly and secure.

Passwords are easy to crack through multiple different methods – brute force, dictionary attacks, rainbow tables, etc. There are only so many different letters, numbers, and symbols that can be in each position for a 8 character password. There are 52 letters (upper and lowercase), 10 numbers, and 32 different special characters. Once the list of possible combinations has been exhausted, the password will be cracked.

On the other hand, do you know how many words there are? There are over a million words just in the English language. This is just the amount of “formal” words that are in the dictionary. Once you add in slang terms and social jargon, this number is much higher. Once again, the password vs passphrase debate allows for stronger password complexity, thus resulting in almost a zero percent chance of being hacked due to bad passwords.

7983928912_e6c83bbee6

You may be wondering, how do I require my users to select a passphrase as opposed to a password? It’s simple. With the nFront Password Filter, you are able to set a minimum and maximum on the number of spaces for a password. Unfortunately, Microsoft Password Complexity does not offer a requirement for the amount of spaces in a password. Now it’s time for you to decide: Password vs Passphrase?

password-vs-passphrase

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

Comments are closed.