Insights: Article

How to choose the best passphrases and password managers

Is your organisation cyber safe?

Contact our cyber security experts for a confidential discussion.

How safe are your passwords?

Passwords are the gatekeepers of our sensitive information, from emails to banking and social media. However, if a cybercriminal gains access, the consequences can be severe. You could lose your savings or, worse, have your identity stolen and your personal information sold or used for fraud.

In this insightful article, Security Analyst Alex Versace explains why switching to passphrases and using password managers is critical—and how to choose the best options to protect yourself.

Why you need strong password security

As our reliance on online accounts grows, so do password-hacking attacks. A Microsoft report found that password cracking remains a crucial target for cyber attackers, with nearly 1,000 attempts to hack account passwords occurring every second. These attacks include brute force attacks, where criminals crack simple passwords, and phishing attacks, where criminals trick people into giving out their credentials.

The report also found that 90% of breached accounts weren’t strongly protected as they only had one layer of protection (for example, a password) rather than having another more substantial layer of two-factor or multi-factor authentication (MFA) (learn more about the most secure multi-factor authentication methods).

Managing the endless number of complex passwords is a challenge we all face. For individuals and businesses alike, the need for strong, secure passwords and the tedious task of regularly updating them is a constant struggle. Though essential for protecting sensitive information, this routine is a major pain point. With every account requiring unique credentials, keeping up with these demands can feel overwhelming, yet necessary. Finding ways to simplify and strengthen password management is key to maintaining security without adding to the frustration.

To give you a sense of how critical it is to use strong passwords, we’ve shared a table showing how quickly a low-end computer can crack passwords of different complexities. While it may seem like you’ll never remember an 18-character password, using passphrases and a password manager can help.

table showing how long it takes for a computer to crack passwords and passphrases

Top Recommendations for Strengthening Your Security​​

The current recommendations from top cyber security institutes, such as the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD), are to replace passwords with passphrases and use password managers to help manage your accounts. They offer a range of benefits that simplify and enhance your digital security, which I’ll discuss below.

RELATED CONTENT: Guide to the Essential Eight cyber security framework

What is the difference between passwords and passphrases?

A passphrase is a long string of text that can make up a phrase or sentence. For example, ‘password123’ is considered a password while ‘my password is 123’ is considered a passphrase.

They look very similar, but passphrases are significantly more secure and harder to crack. You can see in the image above how much longer a passphrase would take to crack. Some differences between the two are:

Length and complexity

  • Password: Typically shorter and less complex.
  • Passphrase: Longer and more complex.

Memorability

  • Password: More challenging to remember, especially if it is more complex and requires frequent changing.
  • Passphrase: Easier to remember as they can be based on common words and phrases.

Security

  • Password: This can be less secure, especially if the complexity is lacking due to having to remember long passwords.
  • Passphrase: Passphrases are generally more secure due to their length and complexity, which makes them more resistant to common password-cracking methods.

RELATED CONTENT: Cyber hygiene: 4 easy tips to keep your data safe

Why you need to use a password manager

A password manager generates and securely stores complex, unique passwords for your accounts, making it difficult for hackers to break in. Unlike humans, password managers create complex combinations, reducing the risk of brute-force or dictionary attacks. You only need to remember one master password. 

They also boost security by incorporating multi-factor authentication (MFA) and encrypting your credentials. Your encrypted data remains secure even if a password manager’s servers are compromised. Additionally, they audit your passwords, prompting updates to weak or duplicate ones for more vital protection.

RELATED CONTENT: Common cyber security mistakes and 3 simple ways to fix them

Why Bitwarden is My Top Password Manager Recommendation

My personal preference for a password manager is Bitwarden, as it’s open source and offers state-of-the-art end-to-end encryption to protect your data. Many password managers are out there to suit your needs, and you can check out the ACSC Password Manager information page for more recommendations.

In a world where online security threats are rising, using passphrases and a password manager is no longer optional but necessary. These invaluable tools offer enhanced security, simplified password management, and a range of features that make protecting your digital identity easier. 

Implementing passphrases and a password manager increases your online security, saves time, and reduces the stress of managing numerous passwords.

RELATED CONTENT: 4 tips for safe online shopping this holiday season

Get more cyber security tips or speak to one of our PROTECT+ security experts for tailored advice. Real-world examples speak for themselves. Browse our extensive case studies catalogue.

 

Is your organisation cyber safe?

Contact our cyber security experts for a confidential discussion.

Fill out the form to access this webinar content.

Provide your details to watch this on demand webinar and read the companion guide.

ISG Provider Lensâ„¢ ServiceNow Ecosystem Partners 2024 Report.

Name
We respect your privacy and will never share your information. Privacy Policy