Cybersecurity Tips: Passphrase vs Password
What are the benefits of using a passphrase vs a password?
Over the course of 2020 and continuing into 2021, we’ve had to become accustomed to the increased risk of cyberattacks as cybercriminals look to exploit fears and a lack of oversight by business and people.
We saw this shift with the dramatic uptick in cyberattacks that took place in 2020, with estimates indicating that more data records had been breached in the first six months of 2020 alone than any other year on record.
Between February 2020 and May 2020, phishing emails spiked by over 600% as criminals sought to capitalize on the fear and uncertainty generated by the COVID-19 pandemic.
The result of this renewed focus on cybersecurity has had companies investing more than ever in protecting their data and assets, with three-quarters of them saying in a September 2020 survey that they will invest “more or much more” in their cyber defenses.
Human Error and Cybersecurity
Human error is a crucial element of a successful cyberattack attempt.
Cybercriminals play a law of averages game—facilitating countless attacks on the assumption that sooner or later, they’ll attack someone without the knowhow to defend themselves and without the software to protect their device properly.
52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.
Of course, that doesn’t make them solely responsible; it’s incumbent on decision makers and executives to make sure that every measure has been taken to ensure the best chance for success.
In other words, businesses should not set their own workers up for failure with poor credential policies.
Weak Credentials Are a Prime Suspect
Where does passphrase vs password come into all of this? Well, it’s actually quite simple—the biggest threat to data security is not hackers, but users themselves.
37% of credential theft breaches use stolen or weak credentials.
So, with all this mind, it’s clear that not only is human error a big problem for organizations to solve, but also that weak credentials (passwords) are one of the biggest factors in determining whether a cyberattack will be repelled or not.
What Is a Passphrase?
A passphrase is a password composed of a sentence or combination of words.
Passphrases generally tend to be longer and more complex than the average password, which increases overall security.
While passphrases should be something that the user can remember, it is highly discouraged to use a common phrase. An example of a passphrase could be four random words, such as, “engineerworksharrisstudying” (engineer, works, harris, studying).
While it may seem counterintuitive to use a series of random words for a credential, phrases like these are more memorable and far more secure than a password which typically seeks security through a mix of numbers, special characters, and upper and lowercase letters.
Passwords like this—for example, “GenIusc0de123!”—are in fact easier to crack while at the same time more difficult to remember for the user.
Sites such as useapassphrase.com can help to generate a completely random passphrase.
Why Is It Important to Use Passphrases?
We are in the age where simple passwords no longer retain the security they once did, which is why passphrases have become so essential.
The benefit of passphrases is that they make it easier for a user to generate entropy, a lack of order, while still remembering their password.
Generating entropy through randomized characters can be difficult, but this also makes it more difficult to launch a cyberattack against you.
91% of respondents understand the risks of using the same password across multiple accounts, but 59% do it anyway.
Once a password has been hacked, this information can be used to penetrate other accounts with the same or similar passwords.
Passphrase vs Password: Time to Hack
The biggest factor in the consideration of passphrase vs password is simply the amount of time it takes to crack a password.
Hackers employ a form of cyberattack called a “brute-force” attack, whereby an automated program repeats password combinations over and over again until the password is cracked.
Over 80% of breaches caused by hacking involve brute force or the use of lost or stolen credentials.
For methods of hacking like these, the length of the password is a greater determinant of its strength than its variety.
In other words, your password with an upper-case first letter and exclamation mark at the end is not nearly as secure as you think it is.
Over at Hive Systems, they’ve created a useful chart which demonstrates how powerful various types of passwords are, including long passwords with no special characters and short passwords with many special characters.
What Hive Systems found was exactly in line with what the recommendations for adopting passphrases would suggest.
For example, if you take a look at the graph, you will notice that a short password (seven words) that includes uppercase letters, lowercase letters, numbers, and special characters, can be broken in about six minutes.
Now compare this to a passphrase using only lowercase letters but that is 14 characters instead of seven—this would take approximately 51 years for a hacker to crack.
6 mins for a password vs 51 years for a passphrase!
If this wasn’t enough to make you sit up and take notice of your business’ credential policy, then maybe a recommendation from the FBI might be the clincher.
In a video from their Protected Voices initiative, which seeks to provide cybersecurity recommendations to political campaigns across various functions, passphrases were strongly advised to improve their security and protect data.
It’s common to require that passwords include uppercase letters, lowercase letters, numbers, and special characters. However, recent guidance from the National Institute of Standards and Technology, or NIST, advises that password length is much more beneficial than complexity. – FBI, Protected Voices: Passphrases and Multifactor Authentication
- Human error is a key factor in the increasing volume of cyberattacks we’ve seen over 2020 and 2021.
- Cyberattacks rely on human error and weak credentials in order to exploit users.
- Password length, rather than character variety, is the primary component of a password’s strength, meaning passphrases are far more secure than passwords—even if they feature no special characters at all.
Subscribe to our blog to receive monthly insights into business technology and stay up to date with marketing, cybersecurity, and other tech news and trends.