unstdio.org

Not your standard io.

Passwords vs. Passphrases

| Comments

A Passphrase, you would think that would be standard now right? Think again. Recently I have been talking to a few people asking them how their security is at their place of employment is. I have heard it over and over “The network itself is pretty secure, but it’s mainly end user error”. The main problem that I see is PASSWORDS. The actual word “password” implies that it is just one word no complexity. You would think with all the identity theft and cyber-warfare going on it would have took a long time ago. Well I was looking through my 8.5gig password file and rainbow tables and just realizing how easy it is to just run through these lists and match the hash values and get the passwords. (I’m implying you can get the hash values.) So basically I want to discuss making a passphrase so that you can avoid these types of easy cracking techniques.

An easy and my favorite way to pick a passphrase is, to think of a song. What is your favorite song? For testing purposes let’s use Black Bird by The Beatles. Remember you can pick any song you like. The point is that YOU remember it. Isn’t that the whole point of a passphrase/password? OK, let’s start. First I’m going to pick out which phrase I want to use.

Blackbird singing in the dead of night Take these broken wings and learn to fly

Now let’s take the first letter of ever word in the phrase.

B s i t d o n T t b w a l t f

That right there wouldn’t be a bad passphrase. But it’s best to have upper case and lower case and numbers in our passphrase. So let’s switch some ease numbers to letters like “B” to “8” and “o” to “0” and “s” to “5” and the letter “l” and use a number “1”. Here is is with those characters switched.

8 5 i t d 0 n T t b w a 1 t f

Now we have a pretty strong passphrase that I guarantee is not in any rainbow list or password file. (unless they see this blog of course) The reason I like this method is because it’s your favorite song and your favorite part of the song so it’s easy to remember. Once you start using it a couple times you will get the hang of typing it in and if you ever forget it just sing the song a little bit in your head.