Cyber Fact: Passphrases

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

Cyber Fact: Passphrases

Published: August 10, 2017 | By: Olivia | Views: 1243
save

According to statistics from SecurityIntelligence, “For small and midsized organizations (SMBs), 60% of employees use the exact same password for everything they access. Meanwhile, 63% of confirmed data breaches leverage a weak, default or stolen password.”

Passphrases vs. Passwords

A password is a string of characters used to verify the identity of a user during the authentication process. They can vary in length and can contain letters, numbers and special characters. On the other hand, a passphrase is a sequence of words, similar to a password in usage, but is generally longer without numbers or special characters for added security.

An example of a password would be: Tr0ub4dor&3

An example of a passphrase would be: correcthorsebatterystaple

Oregon State University writes, “Passphrases are more secure than passwords because they are generally longer, making them less vulnerable to attack. They also allow you to remember your credentials, even when they expire frequently. The idea of a passphrase is to use a statement, or motto, rather than a word peppered with odd characters and symbols, as the latter can be difficult to dedicate to memory.”

Recent password news

Back in 2003, the ‘password bible,’ ‘NIST Special Publication 800-63. Appendix A’ was written by Bill Burr, advising to change passwords often and include numbers and special characters. Now, in an interview with the Wall Street Journal, Burr admits that much of the advice in the book was incorrect and he ‘regrets’ his advice, as the passwords that follow these guidelines are actually easier to hack.

DailyMail.com writes, “Rather than improving security, the combinations made computers less secure, since users would end up using the same password repeatedly, or writing them down on notes to remember… The reason changing a password frequently does not help is because when most people make minor tweaks such as replacing the number 1 with a number 2. These are called ‘transformations’ and hackers are very aware of them and build them into their scripts.”

Experts are advising users to implement long passphrases, containing about four words instead of shorter ones with a mix of numbers and characters. Burr says, “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”

The concerns regarding password security have become more dire with each data breach.

Become a CISA Certified Professional

Enterprises demand IS audit professionals that possess the knowledge and expertise to help them identify critical issues and customize practices to support trust in and value from information systems. Showcase your audit experience and demonstrate that you are skilled at assessing vulnerabilities, reporting on compliance, and instituting controls within the enterprise by obtaining your CISA certification.

Obtaining your CISA certification signifies that you possess competence in five domains including standards and practices, organization and management processes, integrity, confidentiality and availability, and software development, acquisition and maintenance.

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
1 Comment
  1. Working for CISA Certification

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel