Featured, OIT News

Protect yourself with passphrases

By Rhonda Greene

Passwords help keep cybercriminals at bay, which is critical these days. Some password requirements include at least one uppercase and lowercase letter, a number, and a special character while forbidding the use of any dictionary word. Unless you use a passphrase, meeting these requirements to create an unhackable password that is both easy to type and remember is nearly impossible.

Passphrase
A passphrase is so much stronger than a password; it uses a short sentence or phrase instead of any imaginable dictionary word. A passphrase is generally easier to remember and more difficult to hack than a complex password. A passphrase can protect you in both personal and campus contexts, provided you comply with university password requirements.

Did You Know?
Professional hackers employ sophisticated software that can hack any word-based password within minutes — even if it employs numbers and special characters.

  • Wolfpack can be hacked in about a half a second.
  • W0lfpack can be hacked in about 2.2 seconds.
  • W0lfp@ck can be hacked in about 1.12 minutes.

Test a password of your own.

Create a Strong Passphrase
To create a strong passphrase:

  • Start with a phrase — ilovedatasecurity (17 characters)
  • If acceptable, make it longer — ilovedatasecurityinthemorning (29 characters)
  • Add capital letters — ILoveDataSecurityInTheMorning
  • Add punctuation, numbers and symbols — ILov3D@taS3curityInTheMorning!
  • Add spaces or periods — I Lov3 D@ta S3curity.In..The…Morning! (39 characters)

Proof in the Numbers
A common word such as “December” can be cracked in 18 milliseconds, whereas four or more random words such as “goat africa quilt rain” can take over 222,000 centuries to crack.  

The example, I Lov3 D@ta S3curity.In..The…Morning! will take 16,322,941,265,039,184 centuries to crack.

Visit Use a Passphrase to test and generate your next passphrase.

Password Manager
While reusing the same passphrase for all of your accounts can be powerfully tempting, doing so would leave you extremely vulnerable to cybercrime. Instead, create strong and unique passphrases for your credit cards and banking accounts and store them in a password manager, which is an encrypted vault. You will need to remember only one master passphrase.

CAUTION: Create a strong, unhackable master passphrase for the password manager and enable two-factor authentication so that all of your stored passphrases have the best possible protection.

Choosing a Password Manager
NC State recommends LastPass Enterprise. The LastPass password manager is available as an app for iOS and Android devices while a web browser plugin is available for Windows, Mac and Linux.