Security: Switching passwords to passphrases and beyond
Posted By RichC on November 27, 2012
The topic of computer and Internet security came up this past holiday weekend as several family members wanted access to our home Wi-Fi. My son, having an “open attitude” when in rental houses on his college campus, complained about my “passphrase” security method when trying to help each of his cousins connect their computers and smartphones to the network. I have to admit, considering where our house is located, that my AP security might be a little bit “overkill” … but thought the discussion might be a chance to encourage those with less security to switch from “passwords” to “passphrases.” This is something I did a few years ago and have recently been taking it one step further in using a update mention of changing easy to remember phrases more frequently (yearly???).
First, don’t use common dictionary words, easy to guess or easy to crack (short) passwords. Brute force methods with today’s computing power can make hacking into a computer, a network or an online account way too easy (lesson from a few months ago).
Second, consider using a password generator and dedicated software like Keepass or one of the online services like LastPass to protect some of your online access with a strong passphrase as a master password. My good friend Jeff, a corporate network admin, doesn’t like the online password services and prefers using Keepass in conjunction with a Trucrypt directory that he keeps in his Dropbox … a technique that seems a bit too complex for me.
Third, use the looonnngger passphrase technique with “quirky” made–up words, double letters and odd words that you can easily remember … then include symbols, numbers and capital letters. Experts are now recommending 12 character and longer passwords (link), but with a phrase the 12 characters is pretty easy to accomplish so go longer. I would also recommend using the special characters and numbers in place of the spaces in the phrase; when you change your password/phrase, update only special characters/numbers between the words of the phrase each year unless you suspect your security has been compromised … in that case, change it all.
Fourth, never write down the new passphrase or share your “master” passphrase. If you must write it down, use a reminder code that helps you remember the phrase that only you know.
My son thinks this is all overkill, but he is still in fallback mode (run home to mom and dad) … but protecting your online security and your identify from ID theft (that’s another issue) will potentially save you headaches and potentially big dollars.
Comments