Friday, March 2, 2007

Pass words vs. Pass phrases

Pass words are a part of life for anyone using a computer, PDA, or numerous other devices.

While we are trying to help the absolute novice with computer related information, understand that many who are computer "experts" don't practice the simple items here. They do so at their own peril.

Pass words and pass phrases are the first line of defense in keeping your information private.

And like it or not, YOU play THE major part in protecting your private information.

You've probably seen people (not that you would do this) leave their passwords taped to their desk or monitor. Even worse...do you know anyone who does this at home?

Some people use the same password over and over just adding a new number at the end of the same word. i.e. Lassie1, Lassie 2, Lassie3 etc.

Doing these things make it easy to break into your computer especially at home. Not everyone tyring to break into your home PC is an international terrorist. It could be a relative, neighbor, or the friend of your son or daughter.

I suggest that you might want to use passphrases instead of pass words at work and home.

Using simple pass words are not adequate.

Now before you get worried that a pass phrase is complicated, it is not. It can be much stronger that any password and even easier to remember.

Here are some examples of pass phrases: (Don't use these - they are just examples to givve you ideas to come up with your own.)

Your favorite book titles may make a good pass phrase:

20,000 Quips and Quotes becomes 20K Quips & Quotes

Fortress Third Reich becomes Fortress 3RD Reich

Another example of an easy passphrase to remember would be:

"I believe I will have a GREAT day!"

Notice that changes I made to the book titles or phrase. I wrote 20,000 as 20K. I used some caps and some lower case letters, and I used some punctuation. These all strengthen the pass phrase.

What makes a strong pass phrase?

Use upper and lower case letters
Use numbers and symbols.
Choose something easy to remember so you don’t write it down on your desk. But change how it is written to make it stronger.

What not to do:
Don't use any thing obvious to a hacker…i.e. a special someone’s name, a pet’s name, birthdays etc.
Don't use the same password over and over and add a number to the end.



An even stronger version of the passphrase is one that does not contain any known word. It is compeltly random combination of letters, numbers, and symbols. BUT this also makes it harder to remember.

*(89HgY3R2R

In theory they could be guessed but this type of passphrase is much stronger.


It is possible to have a passphrase that you can remember without having to write down, but still meet the requirements of a good passphrase. It involves a compromise by using words and numbers that you will remember but mixing them up.

For example, say your son Jason was born on the 15th of June 1983. By taking his birthday 6/15/83 and interspersing his name spelled backwards, you could get the passphrase n1o9s8a3j. While it may look difficult to remember you simply need to know the "key" to your password. This password would be very hard to crack.

To take it one step further you can increase teh strength of this last passphrase even more. You could capitalize some of the letters and add a punctuation mark.

Remember your PASSPHRASE is the first line of defense. Make it good one!

1 comment:

John Michael said...

I have been guilty of some of the stated offenses =(. But, now I am definately going to try and better.

Passphrases are great, especially if you use memory tricks (like the ones you mentioned) to retain them.

How secure would you say it would be to write out something -like a fake grocery list- and take a random sample of the latters -like every third letter- as your password?

Labels