What If The Answer To A Secure Password Is Not Actually A Password?

We seem to be forever hearing about various cyber breaches these days, millions of email addresses dumped here, thousands of individuals’ personal information compromised there, the list goes on.

Yet, despite the apparent sophistication of many cyber attacks reported by the media, a significant number of these occur for a very simple reason – weak user passwords. We are constantly told to choose a ‘secure’ password and can be given a (somewhat extensive) list of requirements. The problem with this approach? Although these are generally more secure than the likes of ‘password’, ‘Titanic’ or even ‘Titanic12’, we simply can’t remember them.

As awareness around this area of cyber security increases, people do seem to be generally becoming more conscious of the importance of choosing stronger passwords. However, one aspect that causes a lot of confusion is that people are given different advice by different people. Consumers and businesses are left wondering who to believe and what in fact is the best approach to choosing passwords that are both complex and memorable? What does constitute a ‘secure’ password?

Password vs passphrase

passphrase is a short sentence consisting of multiple words. By creating short sentences, people are not forced into having to remember lower-case here, upper-case there, substituted letters for numbers etc. By creating a passphrase, you’re creating a token for keeping your sensitive information secure (at least to a point) that ticks two of the boxes for an ideal password – length and memorability. The additional length makes it exponentially more complex, and therefore vastly more time-consuming for a hacker to access the plaintext value and use it for malicious purposes.

However, as effective as this is, it’s not completely fool proof for two reasons: phrases or sentences still have to be remembered, and not all websites and apps support them. I’ve found it rather surprising that many websites I’ve penetration tested don’t allow spaces in passwords. In these cases, I’ve simply used hyphens or underscores as a substitute, which, although not recommended, is an improvement over simple passwords.

Click to view all articles for the EPIC:
Or click to view the full company profile:
Share on facebook
Share on twitter
Share on linkedin
Falanx Group Ltd

More articles like this

Falanx Group Ltd

Ransomware: The Backup Plan

Ransomware, the highly profitable method used by cybercriminals to encrypt data on computer networks and demand a ransom payment in return, is constantly evolving. One of the leading groups that perpetrates these attacks, Babuk, has stated that is

Falanx Group Ltd

Falanx Assynt – Critical Global Themes

In this second podcast with Nat Guillou, Assistant Geopolitical Director at Falanx Assynt, we take you through the transnational impact of global risk developments, and how we assess these alongside our country risk reporting. This session contextualises key

Falanx Group Ltd

Delta variant will likely become dominant worldwide in coming months

Predictions Delta variant will likely become dominant worldwide in coming months, triggering deadliest global wave of COVID-19 to date Countries with advanced vaccine rollouts will need to consider delaying reopenings but will otherwise be relatively unaffected Lack of

Falanx Group Ltd

Ransomware attacks are ‘the major cyber threat’ facing UK

Ransomware attacks are the major cyber threat facing the UK, the head of Britain’s cybersecurity agency warned tonight Hackers hijacking computer systems and demanding cash to release them has featured in a string of high-profile cyber attacks in

Falanx Group Ltd

Bahrain: Two-week lockdown will drive down COVID-19 infection curve

Predictions Two-week lockdown will drive down COVID-19 infection curve, but will likely prolong Bahrain’s economic recovery Government will step up vaccination campaign, including plans to vaccinate children, to accelerate relaxation of virus restrictions Reintroduction of quarantine measures will