How to Craft a Secure Password: Advice by Edward Snowden
“Bad passwords are one of the easiest ways to compromise a system. For someone who has a very common, eight-character password, it can literally take less than a second for a computer to go through the possibilities and pull that password out.”
According to Edward Snowden, a name you must have heard before, modern computers can crack 8-character passwords in less than a second.
A couple of years ago, a TV show host John Oliver went to Russia. He was not investigating rigged polls as you might like to think. No, he was doing something entirely different – interviewing Edward Snowden.
Snowden’s name is most commonly associated with the now widely known NSA surveillance operations. His exposé shocked the world and propelled the general public into a new era of cybersecurity consciousness. In the Snowden interview taken by Oliver, one of the key things discussed were passwords and how they are breached.
Aside from reinforcing what we already know about strong passwords, Snowden gave some key points for making them even stronger. Now, for the sake of clarity, let us give you the capsule bit of how strong passwords are created.
You need to have a good mixture of letters or alphabets (both cases), numbers, symbols, as well as characters. If you have a simple worded password, you can get it broken within a second by any surveillance-grade computer.
Most of us will think that these kinds of passwords would be quite hard to crack, even with computing power. However, Snowden recommended going one step further for ironclad password security. Here’s what he said:
“The best advice here is to shift your thinking from passWORDs to passPHRASES. Think about a common phrase that works for you. It’s too long to brute force and also make them unlikely to be in the dictionary.”
It is interesting to note that this advice was given a number of years back. But even now, it is as applicable as it was back then. Let us look at why this is so and how you can incorporate this nifty trick into your online security.
What is the Difference Between Passwords and Passphrases?
Passwords are basically any kind of words that do not have more than 10 characters in them. So, they will have a mix of letters, numbers, and symbols like “B0bsyeruncl3” or “[email protected]!” or something of the like.
In contrast, passphrases are much longer and contain non-character elements like spaces. A good example of a passphrase is - “N0t All Who [email protected] Are Lost!” or “We! th3 Pe04le...” As you can see, the inclusion of empty spaces along with your standard password letters, numbers, and symbols makes stronger passwords.
What Makes Passphrases Better Than Passwords?
Passwords are good but passphrases are better. Let’s see why.
Passphrases Can Be Memorized Much More Easily
Rather than recalling a jumbled string of symbols you created to have a strong password, you can remember a passphrase. If it is something you use in your everyday life or is a quote from a movie or song, then it’s even easier.
Passwords Are Generally Weaker Than Passphrases
Password cracking is just that - PASSWORD cracking. All the tools used by expert hackers are geared toward cracking relatively simple passwords. However, passphrases are generally too complex to be cracked by most computing technologies available today.
Passphrases Are More Complex
Like we said above, a passphrase has empty spaces. Only you know what each place in your password string means. If your passphrase has more than 10 characters including empty space, it becomes hard to figure out.
All Popular Platforms Support Passphrases
Passphrases Are Practically Uncrackable
The most sophisticated password crackers are meant for smaller passwords with less than 10 characters. So, your passphrase will not relent to manual guesses or pre-computed attacks.
Steps for Creating Passphrases
The following is a general guide to how you can create passphrases for yourself.
Step 1: Create a simple letter-only phrase
Pick something that is obvious to you but not to anyone else. Think of a hobby or favorite thing like a food or a country or a sport. Make sure it’s not too obvious. So, let’s say you go with:
Fairly good password if you are living in the 90s. Let’s make it a little harder to guess.
Now, this is way more complex than what we took down originally. But let’s add some more details.
Step 2: Add capitals
Step 3: Use a Special Character
Now that you have capitalizations, throw some special characters into the mix. For example:
Step 4: Add Spaces
Now, let’s put Snowden’s little advice to work. Add spaces to your new passphrase like you would in any sentence:
“I love Football! Go! New England Patriots!”
Step 5: Add Block Words
Adding a block word will complicate you passphrase enough to prevent anyone from guessing it.
“I LOVE Football! Go! New England Patriots!”
Finally! You now have a very strong passphrase. And even if you are a football fanatic who wears Patriots jerseys every other day, no one can guess your password.
Here are some other tips you can use to customize your password:
- Always set new passwords; avoid using ones you’ve used before.
- Make your passwords long enough to be phrases.
- Two-Factor authentication is a great way to secure your account. Turn it on.
- Use unique passwords for each of your online accounts, especially for banking and professional work.
- Make sure you change your passwords every now and then.
- If you use a password manager, make sure they can be trusted thoroughly.
Are Password Managers a Good Idea?
Some people prefer not having to remember multiple passwords. They use a password manager which controls all passwords with one single master password. While this may seem great, there are some things you should consider.
Master Password Vulnerability
Password managers rely on you remembering the master password. If you forget that, then you will be in for a big hassle. This is particularly true if you have your banking and professional account passwords saved with your manager.
The Money Factor
You will need to buy a password manager if you want to use it. This is an added expense, even if it is one-time only. Further, if you have a password manager, then you will still be vulnerable if your master password is found out. So, its value depends on your secrecy.
Why Passphrases Are a Better Solution
You Can Remember Phrases Much More Easily Than Random Character Strings
Recalling a phrase is much easier than remembering any random string of letters, numbers, and symbols. When you create a password for any website, you need to fulfill certain criteria. While the rules will vary, simple words and terms found in dictionaries are not included by default. This ensures users will choose a harder to crack password.
But even then, the chosen password is not necessarily strong enough. The users must also apply the steps we have mentioned above to secure their passwords/passphrases. When applying this to a password, you can easily forget which number or symbol went where and be locked out.
In contrast, adding these to passphrases is much easier. You will have ample space to plug in as many numbers and symbols as you like. This gives you more options to make your passphrase memorable while keeping it sufficiently complex.
Your password is your vanguard against any and all kinds of online threats. So, it makes sense to fortify this defensive line as much as possible. Rather than using paid password managers or simply using passwords which are easily cracked, you can use passphrases.
Selecting phrases is easy. Remembering them is even easier. And best of all, they can be customized in more ways than passwords and even the fastest computers in the world can’t hack them. Add to that a two-factor authentication login protocol and you have more security than most, if not all, can bypass.