How safe are your passwords?
Passwords are the gatekeepers of our sensitive information, from emails to banking and social media. However, if a cybercriminal gains access, the consequences can be severe. You could lose your savings or, worse, have your identity stolen and your personal information sold or used for fraud.
In this insightful article, Security Analyst Alex Versace explains why switching to passphrases and using password managers is critical—and how to choose the best options to protect yourself.
Why you need strong password security
As our reliance on online accounts grows, so do password-hacking attacks. A Microsoft report found that password cracking remains a crucial target for cyber attackers, with nearly 1,000 attempts to hack account passwords occurring every second. These attacks include brute force attacks, where criminals crack simple passwords, and phishing attacks, where criminals trick people into giving out their credentials.
The report also found that 90% of breached accounts weren’t strongly protected as they only had one layer of protection (for example, a password) rather than having another more substantial layer of two-factor or multi-factor authentication (MFA) (learn more about the most secure multi-factor authentication methods).
Managing the endless number of complex passwords is a challenge we all face. For individuals and businesses alike, the need for strong, secure passwords and the tedious task of regularly updating them is a constant struggle. Though essential for protecting sensitive information, this routine is a major pain point. With every account requiring unique credentials, keeping up with these demands can feel overwhelming, yet necessary. Finding ways to simplify and strengthen password management is key to maintaining security without adding to the frustration.
To give you a sense of how critical it is to use strong passwords, we’ve shared a table showing how quickly a low-end computer can crack passwords of different complexities. While it may seem like you’ll never remember an 18-character password, using passphrases and a password manager can help.
Top Recommendations for Strengthening Your Security​​
The current recommendations from top cyber security institutes, such as the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD), are to replace passwords with passphrases and use password managers to help manage your accounts. They offer a range of benefits that simplify and enhance your digital security, which I’ll discuss below.
RELATED CONTENT: Guide to the Essential Eight cyber security framework
What is the difference between passwords and passphrases?
A passphrase is a long string of text that can make up a phrase or sentence. For example, ‘password123’ is considered a password while ‘my password is 123’ is considered a passphrase.
They look very similar, but passphrases are significantly more secure and harder to crack. You can see in the image above how much longer a passphrase would take to crack. Some differences between the two are:
Length and complexity
- Password: Typically shorter and less complex.
- Passphrase: Longer and more complex.
Memorability
- Password: More challenging to remember, especially if it is more complex and requires frequent changing.
- Passphrase: Easier to remember as they can be based on common words and phrases.
Security
- Password: This can be less secure, especially if the complexity is lacking due to having to remember long passwords.
- Passphrase: Passphrases are generally more secure due to their length and complexity, which makes them more resistant to common password-cracking methods.
RELATED CONTENT: Cyber hygiene: 4 easy tips to keep your data safe
Why you need to use a password manager
A password manager generates and securely stores complex, unique passwords for your accounts, making it difficult for hackers to break in. Unlike humans, password managers create complex combinations, reducing the risk of brute-force or dictionary attacks. You only need to remember one master password.Â
They also boost security by incorporating multi-factor authentication (MFA) and encrypting your credentials. Your encrypted data remains secure even if a password manager’s servers are compromised. Additionally, they audit your passwords, prompting updates to weak or duplicate ones for more vital protection.
RELATED CONTENT: Common cyber security mistakes and 3 simple ways to fix them
Why Bitwarden is My Top Password Manager Recommendation
My personal preference for a password manager is Bitwarden, as it’s open source and offers state-of-the-art end-to-end encryption to protect your data. Many password managers are out there to suit your needs, and you can check out the ACSC Password Manager information page for more recommendations.
In a world where online security threats are rising, using passphrases and a password manager is no longer optional but necessary. These invaluable tools offer enhanced security, simplified password management, and a range of features that make protecting your digital identity easier.Â
Implementing passphrases and a password manager increases your online security, saves time, and reduces the stress of managing numerous passwords.
RELATED CONTENT: 4 tips for safe online shopping this holiday season
Get more cyber security tips or speak to one of our PROTECT+ security experts for tailored advice. Real-world examples speak for themselves. Browse our extensive case studies catalogue.