Password or Passphrase: Which one is safer?

Password vs Passphrase

That passwords are important to protect our (valuable) data is probably quite obvious. However, it is not always easy to come up with a new, original password for every account. We therefore see that people often choose for ‘convenience’ and reuse the same password on their different accounts. You may probably guess that this is not the way to go. In this blog we’ll specify how and why you should go for a strong password or passphrase and how to manage it efficiently!

Random passwords are hard to remember

A random password with uppercase, lowercase, numbers and special characters is more secure than a short password that is somehow linked to yourself. Think of personal names, names of children and/or dates of birth. However, we often go for the latter option… Why do we do this? Because people are naturally bad at remembering random passwords and therefore choose this for ease of use.

What they are often unaware of is that hackers use special programs that can crack such passwords in a couple of seconds. When you also reuse this password on all your different accounts, you can imagine how quickly hackers can get all the information they want from you…

Dictionary Attack

During a dictionary attack, a hacker uses his own dictionary in which thousands or millions of words are stored. In addition to words, common passwords are also often included in these lists. In this way billions of possible combinations can be tried in a few seconds.

Some common passwords:

  • 123456
  • Qwerty
  • 11111
  • Welcome
  • Welcome01
  • Password

Brute Force Attack

When it fails to guess or crack the password using the dictionary attack, the hacker may choose to use brute force. In doing so, he will try all possible passwords and character combinations of 0-Z. Important to know is that during such an attack a password of 6 characters (or less) is cracked within a few hours. For each character you add, the duration will increase exponentially. For example, it will take several months before a password of 10-12 characters is cracked.

So you can say that a password becomes more secure as the number of characters increases. If it takes too long to crack a password, there is a chance that the hacker will take his chances elsewhere. You can say that if the time needed to crack a password is longer than the validity period, it is a secure password. This is why we recommend changing your password on a regular basis.

A password managers offers you help with forgetfulness

A password manager is your personal, digital safe that helps you to easily manage all your different passwords and usernames. These are stored securely and by using this, you’ll only need to remember the password to get into the password manager. Additionally, the tool itself gives you a strong password suggestion that you may or not change.

Thanks to this tool, you are no longer limited by your memory and can choose long, random passwords consisting of uppercase, lowercase letters, numbers and special characters. Did you know, for example, that there are password generators? They help you to create such random passwords so you don’t have to do it yourself.

Have you heard of a passphrase?

We already mentioned that a long and random password is safe when the crack time is longer than the validity period of the password. But what if you don’t change your password regularly? Or if you can’t remember the password? Remember that you will always have to remember one password, even if you use a password manager!

A passphrase can offer a good and secure solution. The most obvious reason why people choose this is because it is easier to remember. Only because of this, we can already replace the first two unsafe options 1) Sam1994 and 2) Welcome01 with a more secure alternative.

As with the random password, we would like to make some remarks about the waiting phrase. This is because there are a lot of supporters and opponents on the internet about the fact that a passphrase would actually be safer.

In our example we see that the length of Iliketogoonvacation is longer than the random password 40$12m*A. So logically, in a brute force attack it takes a lot longer to go through all possible combinations of 0-Z in search of the right passphrase and therefore it is safer.

Besides the length, the randomness of the passphrase also plays an important role. That’s why you should never choose a commonly used sentence or quote on the internet. Go for a sentence that typifies you or place random words in a row. If you choose the latter option, make sure you can easily remember it! We also recommend to use at least four different words, this way you will also make your sentence more difficult to crack during a dictionary attack.

Cartoon XKCD passphrases
Cartoon XKCD
Comments are closed.