New Best Practice: Out with the Password, In with the Passphrase

The recent news of security breaches among major social networking sites reignites the ongoing dilemma of the password. As humans, we have the natural tendency to simplify its content and use. Unfortunately, hackers and data thieves know this and use it to their advantage. Perhaps most unfortunate, however, is the “institution” of the password itself, because it has programmed us to think about secure access in a patterned way that is ultimately detrimental to society from both an individual and an organizational perspective.

A Fundamental Change

It’s time for a fundamental change in the way our society views and implements login credentials. While the password was a good place to start, it has outlived its utility. The traditional password—a single word, as the nomenclature implies—is no longer viable, even with added symbols, intermittent upper/lowercase letters and numbers substituted for letters. Hackers and the tools they employ know all of the current conventions for creating a “strong” yet memorable password. In other words, if you’re using a password, they’re onto you.

Like the password, the passphrase is a credential for accessing secure information, applications and networks. The passphrase, however, is a series of words and characters strung together to form a lengthy phrase that is more likely to be unique to you. Because of its length and added complexity, the passphrase is a harder nut for the hacker to crack. And, because the passphrase could be made up of an infinite number and order of words, numerals and symbols, the concept in itself promises to be a more effective long-term solution.

 By Joan Herbig