Student Tribune

Passwords vs Passphrases

One challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means hackers can compromise your passwords if they are weak or easy to guess. An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type. Instead, it is recommended that you use passphrases--a series of random words or a sentence. The longer your passphrase is, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack. Here are some examples:

Going2Work Vacation4Ever

1L0v3MCC MCCisC001

CoffeeTime9:30AM Il0vebrownies

Reminder: Some MCC applications do not allow the following special characters in your passwords/passphrases =@#$%&*\/<>

Tips for Using Passphrases Securely

  1. Use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube, or Twitter. This way, if one of your accounts is hacked, your other accounts are still safe.
  2. Never share a passphrase or your strategy for creating them with anyone else, including coworkers or your supervisor. Remember, a passphrase is a secret; if anyone else knows your passphrase it is no longer secure.
  3. Do not use public computers, such as those at hotels or Internet cafes, to log in to your accounts. Since anyone can use these computers, they may be infected and capture all your keystrokes. Only log in to your accounts on trusted computers or mobile devices.
  4. Be careful of websites that require you to answer personal questions. These questions are used if you forget your passphrase and need to reset it. The problem is the answers to these questions can often be found on the Internet, or even on your Facebook page. Make sure that if you answer personal questions you use only information that is not publicly available or fictitious information you have made up.
  5. Many online accounts offer something called two-factor authentication, also known as two-step verification. This is where you need more than just your passphrase to log in, such as a passcode sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always enable and use these stronger methods of authentication.
  6. Mobile devices often require a PIN to protect access to them. Remember that a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN number to an actual passphrase or use a biometric, such as your fingerprint.
  7. If you are no longer using an account, be sure to close, delete, or disable it.

Pogroszewski, Donna
Communications and Network Services
10/05/2017