Passphrase vs Passwords – An Embarrassing Tale

Written By Jack ZoBell

The other day I wanted to make a LinkedIn post about how much more effective a passphrase is compared to a password when it comes to security and memorability. While researching to see just how much better they can be I figured out that my “super secure” password that I use for important accounts with some variables was overkill (which I already knew) but it was also less secure than a passphrase of the same length. The password contained
30 characters
Lower Case – 5
Upper Case – 8
Numbers – 6
Special Characters – 11

Now I definitely went overboard when I created this password which is a pretty common thing when it comes to I.T. guys, but the real facepalm moment was when I figured out a password like
Idontlovegmailasmuchanymore@11 is also 30 characters, easy to remember, easy to type, aaannnddd more secure than my other password! I almost never typed my old password correctly on the first try because I would get something messed up (usually holding shift at the wrong moment). Both of these passwords are overkill and don’t feel like your password needs to be 30 characters to be secure.

Here’s the rest of my post from LinkedIn that’s pertinent.

” Ay!#@tZNq6G8 -VS- Ireallyloveasecurepassword%9

Which do you think is more secure? You likely saw the photo already, but a “Pass Phrase” is not only significantly stronger than a randomly generated password it’s simple to remember! To be fair the phrase has more characters, but that’s because you can remember it! Having a password manager and having unique passwords is still super important, but for passwords you want to remember make it a unique phrase rather than the password you use on 90%+ of other sites.

We like to add our variables in an easy to remember way. Like the %9 and a capital first letter, you can use something like that at the end of all your passwords because it’s not going to be what breaches your security. “

Obviously you don’t need a password that’s going to take 52 Decillion Years to crack to be safe. Most of the time people gain access to accounts because you use the same password in several places. If someone is able to steal your password from somewhere with lower security than Google, or Microsoft. It doesn’t matter how complicated or long that password is all they need to do is copy paste it. The best way to have security online is by using different passwords everywhere AND having multi factor authentication! If you have MFA setup on your email account and someone gets a hold of your password they still won’t be able to get in and you can change your password.

Security can feel like an unmanageable beast, but with a couple good habits and tools it’s very easy to keep yourself safe. If you have any questions about security or other tech problems we’d love to hear from you!

Jack ZoBell
Previous

Why is Pluto Micro’s Tech Support So Inexpensive
Next

Five Reasons to Make a Big Tech Change