Tuesday 29 October 2019

Passwords or Passphrases? Being More Secure Online

Written by Adrien Souyris 

"Sorry, your password must be at least 8 characters long, contain a capital letter, a number, a special character, an inspiring message, a spell, a gang sign, a hieroglyph and a quantum mechanics equation"

There are three main methods of proving your identity online: 
  • Through something you have (for instance, a smartcard)
  • Through something you are (entering the realm of biometrics here)
  • Through something you know (usually a password)

The latter is the most widely used means of authentication, being the cheapest to implement and manage. However, passwords introduce a significant problem:

  • A strong password which is difficult to guess, typically being at least 8 characters and containing an upper case, lower case, number, symbol, and being a phrase rather than a word, will be difficult to remember
  • A simple password which is easy to remember, either because it is short, contains simple patterns, or is a single word, will be easily guessed by an attacker
  • Writing down a password turns it into "something you have" and makes it vulnerable to theft or copying

Passwords are one of the weakest ways of authenticating yourself but there’s a couple of neat tricks to secure your accounts, while making your life easier. 

Multi-factor authentication 

Authentication can be achieved by using one of the five authentication factors. Multi-factor authentication (MFA) simply makes use of two or more of the above. But how can we make this work in a simple manner? Well, nearly anyone can authenticate using "something they have".

MFA for mobiles works by asking for a second, six-digit, one-use password each time you log in to your account.

This password is either: 

  • Received by text message
  • Generated by a smartphone app (such as Google Authenticator)

So, if a cyber criminal attempts to hack your account, they will be unable to access your data without your phone. Google, Amazon, and social media accounts support MFA.

Password managers

Instead of writing down passwords, there is one tool used for remembering strong, complex, lengthy passwords: password managers.

These applications act as a secure notebook for your credentials. With a password manager, you can use more complex passwords such as @p:[^U5w}cAvA<b4>^G+. The only password you need to remember is a strong one for your ‘notebook’. Most of these managers can automatically connect you on any website you return to, and the majority can also be protected using MFA.

Use passphrases 

When password managers are not an option, an alternative to re-using credentials or having weak passwords is to use passphrases. Passphrases are usually quotes, expressions, or any memorable series of words. Passphrases lack complexity but are longer, making it easier for you to remember but harder for hackers to crack!