Passwords and Passphrases

Just using usernames and passphrases to log in is no longer regarded as enough to protect key accounts like email, banking and social media.

More and more websites are adopting stronger measures, often termed Two-Factor Authentication. In some cases, the services may be available on an opt-in basis but not required.

Ask your financial institution, email provider and other important online services if they offer extra authentication or other means of verifying your identity.

Passwords are now an important part of our lives as our use of the Internet increases. They are there to protect our sensitive information that cyber-criminals try very hard to steal. Just as physical locks can be either easy to pick or built to a high standard, passwords can be easy to break or very secure.

Selecting the right password is essential to keeping our data safe. However, evidence shows that we are very careless about choosing them. Research has shown that the most commonly-used password is the word Password itself! The second is a pet’s name!

Do not use anything that someone else can find out about you, such as your date of birth or favourite food. Best of all do not use any word that can be found in a dictionary, including languages other than English. Many ingenious programmes have been written to crack passwords. They use a variety of dictionary-based methods to combine common words and word variations to try millions of passwords.

This is why the term Password is misleading and why it is better to think in terms of a Passphrase

Each of your passphrases should be unique. For example, Ja7Jw%ut@h?, is very strong because it is a meaningless string of characters. The problem is, of course, that it is much more difficult to remember than Rover123. This is made worse by the fact that you should use a different password for every account, so that if a criminal manages to get hold of one of them, it does not compromise any of the others.

Creating Secure Passphrases

A password should be at least eight characters in length and should be a mixture of small and capital letters, numbers and symbols.

There is no method that is better than rest in creating easily-remembered passphrases and, as long as what they produce is strong and secure, the more the better. Here are a couple of ideas that you might want to consider.

You first need a few simple rules that only you know and understand.

Make some rules like:

  • The third character is '7'
  • The sixth character is '%'
  • The ninth character is '@'
  • The last character is '?'

Always include at least one number and one symbol. (Note that the '£' sign is not always easy to find on non-UK keyboards.)

Then chose a line from a poem or song lyric that you will not forget. For example: 'Jack and Jill went up the hill'

Write out the initial letters only of the words: JaJwuth  and apply your rules: Ja7Jw%ut@h?

Now you have a secure password that nobody is likely to guess.

You might be tempted to use subsequent lines to make other passphrases. The next would be:

To fetch a pail of water = Tf7ap%ow@?

This is slightly less secure than choosing a completely separate song or poem but you should always use a different set of rules and lyrics for especially important accounts such as your bank.

Remembering your Passphrases

Obviously, it would be extremely inconvenient to lose all your passwords if you cannot remember them. So you are faced with having to record them somewhere, which in itself is a security problem. Password safes that store them on your computer or in the cloud are available but have to be trustworthy and used carefully. Putting them in your phone or writing them in your diary is rather like leaving your door keys lying around.

You also have to be careful because, just as banks will hold you responsible if you write down your PIN, they also expect you to keep passwords safe.

If you create passwords by the method suggested above, you should always be able reconstruct a password with your rules and hint-words.

If you can commit the rules to memory you just need a reminder of the words you chose to construct the password. In this case, for example: Hill (but do not make it too obvious)

If you want to record the rules, write them in a way that makes sense you. For example: 376%9@L? for those listed above. Then you just need a hint to remember the words, in this case you might choose ‘Hill’.

It is recommended that you change passwords on a regular basis at least every six months. You may not want to go to that much trouble but it is a good idea to do so with the more important ones, such as your bank accounts and any other websites that can give criminals access to your money or personal details.

If you ever even suspect that a password has been compromised, change it at once and advise the bank or company concerned. The sooner you report the fact, the less likely you are to be held responsible for any losses.