Beyond Passwords: The Power of Passphrases

Do you find making complicated passwords tiring? Annoyed by remembering and typing all those characters, symbols, and numbers?

We have the answer: Password security is constantly evolving — try creating a strong passphrase instead.

The password first appeared in the early 1960s when Fernando Corbató, a computer scientist at MIT, wanted a way to secure private files by users as they all completed research on one shared system.

This newly created system of passwords was only used in the research and academic field. As computers became more popular, hackers started finding their way into computer systems with the weaknesses of using and creating passwords.

The first password breach happened a few short years after the password was used. A Ph.D. candidate wanted more than his given four hours a week to work on the MIT computer system, so he found a way to print the system’s password file and log into the system using other people's accounts.

In 2020, Verizon's Data Breach Investigation Report cited that over 80% of data breaches were because of lost or stolen credentials.¹ This proves we still have a long way to go in securing our passwords. 

Implementing security measures such as using a passphrase instead of a password is one way to increase protection against lost or stolen credentials. A passphrase is a “short combination of words that mean something to the user. It can make users more likely to create unique logins for every account they own instead of reusing a single password on multiple accounts.”²  Passphrases are much easier to remember and simpler to type. The longer the passphrase (18 or more characters), the more secure it is. In some situations, you may be asked to add some complexity to your passphrase, such as symbols, uppercase letters, or numbers. These increase complexity yet are still easy to remember and type.

For an even more enhanced experience, we recommend enabling multifactor authentication (MFA) for greater password protection. MFA adds a layer of security by making you use another device or code to access your account, even after putting in your password.

REMEMBER

1. Unique for each account
2. Contain 18 characters
3. Add complexity with symbols, uppercase letters, or numbers
4. Always enable Multifactor Authentication (MFA)

How passwords get hacked²

Hackers use a variety of different ways to hack passwords. As technology improves, hackers have found different methods of breaking an entering.

• Dictionary attack: The computer generates every word possible as a password until it finds the right word. Using a solid passphrase is what can stop this type of attack.
• Brute force attack: This attack finds all possible password combinations. An account that blocks multiple missed password attempts can stop this type of attack.
• Credential stuffing: Once a hacker has access to someone's password, they try that password with other accounts. A different password for each account is key to stopping this type of attack.

1 https://www.beyondidentity.com/blog/history-and-future-passwords ,  
2 https://www.idtheftcenter.org/post/the-evolution-of-password-advice/ ,