Use Strong Passphrases

A strong passphrase is an important protection to help you have safer online transactions. Here are some steps to create a strong passphrase. Consider using some or all to help protect yourself online:

  • Length. Make your passphrases at least 3 words long. This almost always ensures that the passphrase is over 10 characters long, where most cracking tools break down.
  • Memorability. A short sentence is much easier to remember than a lengthy password. After all, its much easier to remember “My favorite animal is a giraffe.” than “aGhjK!29K98U7
  • Variation. Change your passphrases often. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.
  • Variety. Don’t use the same passphrase for everything. Cyber criminals can steal passphrases from websites that have poor security, and then use those same passphrase to target more secure environments, such as banking websites.

Creating a passphrase is easy. Just use a short sentence with a period at the end and proper capitalization. In order to maximize security, use a phrase that is not common in conversation. I personally like to use a good memory, like a favorite book. For instance a good phrase would be “My favorite animal is a Giraffe.” This will satisfy complexity requirements for most password fields and the unusual nature of the phrase (how often does one’s favorite animal come up in everyday conversation anyways) and how easy it is to remember greatly increases it’s usefulness for you and the difficulty to crack.

More strategies for strong passphrases

Test your passphrase with a password checker (evaluates your passphrase’s strength automatically). Try Microsoft’s password checker.

Cyber criminals use sophisticated tools that can rapidly decipher passwords.  DO NOT create passwords that use:

  • Dictionary words in any language.
  • Words spelled backwards, common misspellings, and abbreviations.
  • Common letter-to-symbol conversions, such as changing “and” to “&” or “to” to “2”.
  • Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
  • Personal information that could be guessed or easily discovered. Your name, birthday, driver’s license number, passport number, or similar information.