What is My Password? How About a Passphrase Instead?

Ron Scarborough
Jan 4, 2018 9:15:00 AM

Recently I met with a doctor who had as much paper with fancy lettering framed on their wall as anyone person could want. With all that impressive education looking down upon me, I watched as the doctor fumbled through password attempt after password attempt until ultimately and predictably being locked out. Frustrated at not being able to access the information we needed for the meeting, the doctor, again predictably, mentioned that he was forced to change his password not even an hour ago but had forgotten to update the sticky note under his keyboard. This scene is one all too familiar to IT support staff and end users alike. How do we minimize this from happening in the future? …and prevent sticky notes from being used?

We live in a 140 character world where we are inundated with news of yet another data breach, sending IT staff scrambling for the latest and greatest security, often leaving common sense at the door when it comes to securing the environment. In the case mentioned above, where patient medical records are at risk, the doctor and the IT staff did well to have a password policy, complexity, and a recent history of use in place to help secure confidential information. The problem then became the doctor, as most end users do, found the complexity and how often they must change their password an inconvenience to their day to day responsibilities. Then, as many people do, the doctor reminded himself with a sticky note with several “scratched out” previous passwords. What if the doctor, instead of trying to remember D0k7&r2018!, could have used a passphrase instead of a password? ILoveMyDogHarry! certainly provides length and a complexity that is more in line with how a person might remember a sign in, keeping in mind that length often is better than complexity when it comes to password cracking.

Download a copy of our Critical Security Controls eBook Today!

As IT professionals we look at IT security much different than a doctor in his office who only wants to access information quickly and conveniently. What if we can blend our want for security with the clients’ need for convenience? Passphrases are a great start to getting rid of the sticky notes, and the locked accounts, not to mention the angry emails complaining of the account lockouts… again. Additionally, as IT departments work endlessly to reset passwords and train staff not to scribble down their passwords, we should look for safe and secure methods for helping end users store their passwords.

In the meantime, feel free to download a copy of our Password Tips infographic by clicking on the image below. As always, if you have any questions or need assistance, drop a line in the comments below or contact us directly.

Best Password Tips

You May Also Like

These Stories on Information Security

Subscribe by Email

No Comments Yet

Let us know what you think