passphrases

It’s not controversial to say that good, secure passwords are hard to create and even harder to remember.

And among first-world problems, there are few things more frustrating than having to create a new password because you either forgot the old one or were forced to change it.

In our misguided attempts to make passwords easier to remember we, subconsciously or not, adopt bad password habits.  Password123 becomes Password456 which eventually leads to something like P@$$w0rd789 to fulfill whatever password rule we’re trying to fulfill.   Sound familiar?  We’ve all done it.

Security experts now recommend the use of passphrases instead of passwords.  A passphrase is a string of simple, unrelated words (generally 4), exceeding 15 characters, that’s easy for you to remember, but hard for criminals to crack.

This table from hivesystems.io shows that as we increase the number of characters in a password, the harder it is for a hacker to brute force.  Any password with 8 characters or less, no matter how complex, can be cracked in less than a day.  Double that to 16, mix in some upper and lower case letters, and you’ve bought yourself roughly 2 BILLION years (give or take a million) before that password will be cracked.  Add some numbers and symbols and you’ve upped that to a trillion years.

PW Blog Post

The other advantage to passphrases is that they can be easy to create AND remember.

Here’s one easy, fun way to create a 4-word passphrase that’s simple to remember but almost impossible to crack.  Using a few different parts of speech (adjective, noun, and verb) will help to paint a memorable picture in our heads that’ll stick and help us to recall the passphrase.  Don’t worry – we’ll explain as we go and there’s no test at the end.

Step 1 – pick a word with 4 letters.
This 4-letter word is just the “backbone” for creating a 4-word passphrase and make it easier to recall.  We’ll call it the “key word”.  For this example, we’ll use NEMO as the key word.

N
E
M
O

 

Step 2 – pick an adjective that starts with the 1st letter of your key word.
An adjective is a word that describes the characteristics of something – green, old, loud, shiny, are all words that could describe a car, for example.  We’ll use Ninja as the 1st word of the passphrase:

Ninja
E
M
O
 

Step 3 – pick a noun that starts with the 2nd letter of your key word.
A noun is a person, place or thing.  We’ll go with Elephant.

Ninja
Elephant
M
O

 

Step 4 – pick a verb that starts with the 3rd letter of your key word.
A verb is an action word – go, read, draw, look.  Let’s pick Move.

Ninja
Elephant
Move
O

Step 5 – pick any word that starts with the 4th letter of your key word that completes the picture.
Here, just pick a word that helps to create a memorable image. 

Ninja
Elephant
Move
Outside

 

Can you picture an elephant dad yelling at their elephant kid, dressed up like a ninja and causing a ruckus, to go outside?  Very strange for sure, but memorable once you’ve created it.

NinjaElephantMoveOutside

The key word (NEMO) helps you remember the letters that begin each word of the passphrase.

Step 6 -extra credit
You can add or replace some characters with similar-looking numbers or characters to make it just as easy to remember, but even harder to crack:

N1nja3lephantMoveOut$ide

This gives us a 24-character passphrase with 2 numbers and a special character. According to the table, that gives us more than 7 quadrillion years before a hacker can crack it. 

Here’s another example with HULK as the key word:

Heavy
Unicorn
Leaps
Kinda

Again, you can imagine a rather large unicorn trying to jump and maybe not doing it very well.  Odd image, but it sticks.  Add some special characters and / or numbers and you’ve got a solid passphrase:

heavyUnic0rnLe@psKinda?

23 characters with a number and 2 special characters.  Easy to remember and more than 7 quadrillion years before someone will guess your password.

Additional recommendations

Cybersecurity Awareness Training – passwords are only secure if you keep them that way.  Cyberthieves are using social engineering, sophisticated phishing e-mails, and other tactics to gain access to either your computer, your credentials, or both.  Regular cybersecurity awareness training and testing through simulated phishing emails is a key part of knowing what to watch out for and to reduce the likelihood of falling victim to one of their schemes. 

Multi-Factor or 2-Factor Authentication (2FA) – if your e-mail credentials are compromised, a cybercriminal can open any browser and use those credentials to log into your e-mail account, control your inbox, and do a deep dive on all your saved or sent e-mails to identify customers, vendors, banking information, and contacts and exploit them to their advantage.  However, if you have 2FA on your e-mail account, they’ll be unable to log in with your credentials – the credentials alone are inadequate to gain access.   Check out this video to learn more about 2FA.   

 Password manager – what if you could outsource all your password “creating and remembering” to a trusted application?  A password manager can help you do just that.  With just one password or passphrase to open the application, a good password manager can create and remember unique passwords for each site you visit that has a login requirement and even log you in.  With mobile apps and browser plug-ins, password managers be used anywhere you access the internet.

For more information on how to keep your business network secure, subscribe to our YouTube channel or call us at 586 286 8324!

More Stories

The Role of Managed IT Services in Detroit

The need for reliable IT services in Detroit has become more critical than ever. Small and medium-sized businesses are turning to local experts for managed IT services to find their way through the complex world of today’s technology. Find out how GRIT stands out from the competition.

Read More
Two GRIT Technologies employees, Tim Boyes and Andrew Hoogerhyde, cheering at the Detroit Lions game.

Unleashing GRIT: The Detroit Lions Winning Mentality

As the Detroit Lions celebrated their victory, it was more than just a display of athletic prowess. The winning mindset, fueled by GRIT, was tangible. It’s about going the extra mile, pushing harder, and playing anywhere—values that deeply resonate with the ethos of GRIT Technologies.

Read More
Five Tangible Benefits of Managed IT Services

5 Tangible Benefits of Managed IT Services

Organizations are constantly seeking ways to optimize their operations, enhance security, and streamline processes. Managed IT services are a game-changer, providing organizations with a proactive and cost-effective approach to managing their IT infrastructure. In this article, we will explore five tangible benefits that businesses can reap from embracing managed IT services.

Read More
GRIT Technologies logo contact form section 2

It's time to leave IT troubles in the past.

Contact us and find out what a
difference GRIT Technologies can
make for your business.