Passwords and passphrases have been in use for centuries. One of the most famous ones is most likely "OpenSesame" in the story "The Thousand and One Nights". In a way, we can say that the phrase "Scilt ende Vrient" used in the Battle of the Golden Spurs in 1302, was a phrase to distinguish the soldiers from both armies. In the battle of Normandy, the soldiers used a spoken word, for which they expected a challenge back. Or they used the 'Cricket': One click must be answered by two clicks. And then mankind invented computers...
A password is a string of characters used for authentication to gain access to a resource. Usually this string is secret for you only and it contains a minimal number of characters, like 8 or 10 or even more. Here is some advice on the use of passwords:
- Go for a complex password but do not exaggerate. Clearly "abc" is not a secure one, and "1Lov3@@MyDog$Named*JuliusCaesar!" is in most cases over the hill.
- Avoid using easy-to-guess passwords, containing your name, your wife's, car brand, name of your company. Did you know that still today, the most used password is "123456". Don't do it.
- Do not use the same password to gain access to multiple resources. Use different passwords for accessing your mail, your social media, access to your laptop and so on.
- Use special characters, like exclamation marks, dollar-signs, percent, and so on. Choose a mix of upper-case and lower-case. "Mon!yPit0n$" is not so bad.
- Use a password generator (1Password is a good one, but there are more)
- Change your passwords on a regular bases, and especially if you suspect someone knows it.
- Don't write down your password on a post-it and stick it to your screen.
A passphrase however, is a series of words to gain access to a resource. A passphrase is normally longer than a password for added security. More or less the same rules apply for creating a passphrase as for a password: Make it difficult to guess.
- Do not use famous quotes like "LessIsMore" or "SoManyBooksSoLittleTime" or "ToBeorNotToBe"
- Again, do not use the same passphrase for the same resource.
- Use randomness in your passphrase. If I write "ThePOTUSis........", every one knows what comes next. Not good. Fake news. "ThePOTUSIsAnOrangeTeaBag" is better, cause no one expects that an orange tea bag would ever become prez.
- Use a passphrase generator, like this one. This will give you a passphrase which absolutely makes no sense at all, is hard to be guessed using brute-force attacks, and still not to difficult to remember. What about "bawd whatever frag vespid lording" as passphrase?
EASI employees are instructed to handle their passwords and passphrases (and the ones from our customers) in the most secure way possible. We enforce strict password policies for all employees, have regular security awareness trainings and make sure our passwords are not exposed. In Cloud2be, we guarantee your data is safe.
I use 4 characters : "MickeyMinnieGoofyPluto". Looking forward to your comments in the box below.