Use Passphrases, Not Passwords
The folks over at Trustwave’s Spiderlabs announced last week the discovery of more than 2 million sets of credentials for accessing everything from Facebook to email accounts. This find brings up an important reminder that we should not only regularly update our passwords (every 6-12 months is recommended, some recommend quarterly) but that we should look to improve the complexity of our passwords. Thinking in terms of passphrases instead of passwords is a good first step in achieving needed credential complexity.
There are several methods for creating passphrases:
Think of a memorable event in your life such as “I graduated from high school in 1988”. Now make the phrase a bit more unique like “I graduated 5th in my class from Davie County High School in 1988” or “I barely graduated with a degree from Davie County High in 1988”. Taking this variation step makes the phrase uniquely yours. Now create your password by taking the first letter of each word. In the first example, the passphrase would be “Ig5imcfDCHSi1” and the second example it would be “IbgwadfDCHi1” or make it more your own with “Ig5imcfDCHSin88”. This passphrase has 3 different character types (lowercase, uppercase and a number). If you want to add an additional character, use a symbol. An example: “Ig5!mcfDCHS@88”
Another way is to go long versus complex. The more length a password has, the stronger it is. Check out the example below with “correcthorsebatterystaple”:
It is important to note that you should use a different password for each login. This is a difficult thing for most people to do, much less remember each one. I recommend creating a unique passphrase model for yourself. Organizations often require certain parameters in the setup of their passwords, particularly in length and use of character variations. Take this into consideration when coming up with your own passphrase model. So for example, go with a special character start, a couple of common words with mixed cases (usually at the start of the word), and then a follow up two or three digit number. Following a passphrase model will help you remember passwords across the host of sites you use.