<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Secure your accounts with a passphrase, not a password

Posted: 28 March 2018

Secure Accounts with Passphrases not Passwords

Unfortunately, insecure passwords are not a thing of the past. As companies continue to grow, employees will use more and more applications that require a passcode. It’s time you enforce a new strategy to improve the security of your network.

A good password is no longer enough to keep baddies from infiltrating your systems. It’s time you start thinking about using a passphrase.

The best defense when thinking about a good passphrase is to know how passwords are hacked. An attacker will first go through a list of passwords which are commonly used, then they will try variations of those passwords. Most people will use their name, anniversary date, or even zip code as part of the passphrase. Guess what? That is way too easy to get hacked.

Here are some tips on how to create a passphrase you can remember but will still keep you secure.

[You might also like "5 Simple Tips for Online Security"]

1. Make it random

There are a few theories on how to make your passphrase random. Bruce Schneier, an internationally renowned security technologist, came up with the Schneier scheme which describes a method to come up with an easily remembered sentence and make it into a passphrase.

What you do is come up with something memorable such as “My youngest sister was born when I was seven.” Then turn it into a passphrase that is unrecognizable which includes symbols such as “MYswbWIW7!”.  Another example is the phrase “Long time ago in a galaxy not far away at all” becomes Ltime@go-inag~faaa!. Obviously, do not use these examples for security reasons.

2. The longer the passphrase, the better

If you use only letters in a non-case sensitive password, an 8-character password has 2 billion possible combinations and would take the most powerful supercomputer or distributed attackers less than four minutes to crack.

The XKCD method illustrates using four random words to create a passphrase. Specifically, one that only you would understand. An example would be “PerfectHorseBatteryStaple.” Using a long passphrase like this is easier to remember than random symbols which makes it ideal.

[You might also like "Passwords are not Dead but Complex Ones are"]

3. More complicated than a Rubix cube

What’s great about a QWERTY keyboard is all the combinations especially when you mix lower and upper case characters. A great passphrase is unique to only the user. Keeping the network secure is the responsibility of the person using the machine. There are 96 possible characters on a keyboard that can be entered with or without using the SHIFT key.

Avoid using the same character consecutively because it compromises the complexity of the passphrase. Consider combining both the XKCD and Schneier methods to create a 12 character passphrase that is a serious nail-biter.

4. Fresh is best

Your company should have a policy to change passphrases regularly to keep your network secure. It is recommended that every 60 to 90 days employees should update their passwords. Although some security experts believe that it is better to have stringent requirements on length and password complexity rather than getting users to change passwords every three months.

5. Keep it a secret

Passphrases must never be shared. Not even with your IT support or supervisors. Employees should be trained to keep their passphrases a secret. Also, ensure they never write their passwords down and hide it underneath their keyboard or mouse mat.

There are several apps on the market which are great for saving passwords and are safe from hackers. While using multi-factor authentication is the best way to go, when you just don’t have that option, creating, using, and enforcing strong password practices can help with security. Use the guidelines above to help create a good password policy in your network, and to teach your users good password practices.

Though keeping passphrases complex, long, and a secret, it may not veer off all of the vulnerabilities within an organization. All of the machines connected to your network need to have their security updated regularly. GFI LanGuard takes an inventory of all of the devices on the system and distributes patches as necessary to keep them from being vulnerable from malware.

A strong passphrase is one defense from allowing hackers from infiltrating your systems, however, having a good security plan will make your network ironclad.

(This blog post originally appeared on TechTalk by GFI Software)

New Call-to-action

Valerie Rivera Content Editor, GFI Software
Posted by: Valerie Rivera
Content Editor, GFI Software

 

Share via:

    

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts