Passphrases: start using them and be more secure

Treat you password like your toothbrush.  Learn more at the keep it safe website.

Background

Passwords are something you use almost every day, from accessing your email and banking online to purchasing goods or accessing your smartphone. However, passwords are also one of your weakest points; if someone learns your password, they can steal your identity, transfer money or access your personal information. Strong passwords are essential to protecting yourself. In this newsletter, you will learn how to create strong passwords that are easy to remember by using a type of password called passphrases.

Passphrases

The challenge we all face is that cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are constantly getting better at it. This means they can compromise your passwords if they are weak or easy to guess. An important step to protecting yourself is to use strong passwords. The more characters your password has, the stronger it is and the harder it is for an attacker to guess. However, long complex passwords can be difficult to remember. So instead we recommend you use passphrases.

Select a phrase that's easy to remember and turn it into a password by using the first letter of the words using UPPERCASE and lowercase letters, add some special characters, and use some numbers in place of letters. These are called passphrases. Be creative. Here are some examples:

  • It's great to be an Auburn tiger = igr82baAUt!
  • I was born at East Alabama Medical Center = myDay0@EAMC
  • Coca-cola is not equal to Pepsi, Pepsi for the win = c!=p,P3psi4tw

Using passphrases securely

You must be careful how you use passphrases. Using a passphrase wont help if bad guys can easily steal or copy it:

  1. Be sure to use a different passphrase for every account or device you have. For example, never use the same passphrase for school and bank accounts that you use for your personal accounts, such as Facebook, YouTube, or Twitter. This way, if one of your accounts is hacked, the other accounts are still safe. If you have too many passphrases to remember (which is very common), consider using a password manager. This is a special program that securely stores all your passphrases for you. That way, the only passphrases you need to remember are the ones to your computer and the password manager program.
  2. Never share a passphrase or your strategy for creating them with anyone else, including coworkers. If you accidentally share your passphrase with someone else or believe it may have been compromised or stolen, be sure to change it immediately.
  3. Just like passwords, avoid easy-to-guess or commonly used phrases. For example, the phrase, "4score&7yearsago," is not a good passphrase, since it is so well known.
  4. Do not use use public computers to log into private systems, like your bank account. Since anyone can use these computers, they may be infected with malicious code that captures all of your keystrokes.
  5. Be careful of websites that require you to answer personal questions. These questions are used if you forgot your passphrase and need to reset it. The problem is that the answers to these questions can often be found on the Internet, or even on your Facebook page. Make sure that if you answer personal questions, you use only information that is not publicly available or fictitious information you made up. Password managers can help with this, as many allow you to store this additional information.
  6. Many online accounts offer something called two-factor authentication. This is where you need more than just your passphrase to log in, such as a passcode sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always use these strong methods of authentication.
  7. Mobile devices often require a PIN to protect access to them. Remember, a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN to an actual passphrase.
  8. Finally, if you are no longer using an account, be sure to close, delete, or disable it.
Last Updated: August 23, 2016