The Password Pandemic II: How to Create Awesome Passphrases

Stronghold Cyber Security ^ | December 5, 2017 | Jason McNew

[Gennie]

In part I of “The Password Pandemic”, I advised (in the same vein as NIST SP 800-63b) the use of passphrases, instead of passwords. This is because hackers have built massive databases of stolen passwords and tables full of password “hashes” (known as rainbow tables.) Also, those of us in the InfoSec community know that when we force the use of complicated passwords on people, they will write them on Post IT notes under their keyboards. I have even seen this happen in very high security environments — this is bad.

[AppyPappy]

On my first job, my password was the F word and the name of my ex. We have since made up and she is married to her 4th husband who was the guy she dated before me.

He’s in Hell.

[TXBlair]

Hmmm...I wonder if “Deckthehallswithboughrsofhorryfarararararararara” would work.

[Bloody Sam Roberts]

Don’t use “Awesome Passprhase”

Actually, that one wouldn't be so bad.

However, “Awesome Passphrase”...not so much.

[TXBlair]

Nice! Speaking of Van Hagar, I actually use 5150 for some of my work accounts. Easy to remember.

[ShadowAce]

Is it accurate?

Yes.

[central_va]

I just use random numbers an letters. Just write it down and put it in your wallet or keep them in a small notebook locked in your office.

[where's_the_Outrage?]

What's pissing me off is the lack of a standard for the US GVT. There are different standards for:

Social Security: Start with a number
My Pay
VA
Tricare
etc.

And you have to change your password every 90 days. It hit me today that we are headed to a federal ID program where the ID Card will be required to access your accounts.

I was a math major and am having issues trying to remember passwords. Non tech people are in real trouble.

[DannyTN]

LOL My passphrase isn’t working.