What is My Password? How About a Passphrase Instead?

Recently I met with a doctor who had as much paper with fancy lettering framed on their wall as anyone person could want. With all that impressive education looking down upon me, I watched as the doctor fumbled through password attempt after password attempt until ultimately and predictably being locked out. Frustrated at not being able to access the information we needed for the meeting, the doctor, again predictably, mentioned that he was forced to change his password not even an hour ago but had forgotten to update the sticky note under his keyboard. This scene is one all too familiar to IT support staff and end users alike. How do we minimize this from happening in the future? …and prevent sticky notes from being used?

We live in a 140 character world where we are inundated with news of yet another data breach, sending IT staff scrambling for the latest and greatest security, often leaving common sense at the door when it comes to securing the environment. In the case mentioned above, where patient medical records are at risk, the doctor and the IT staff did well to have a password policy, complexity, and a recent history of use in place to help secure confidential information. The problem then became the doctor, as most end users do, found the complexity and how often they must change their password an inconvenience to their day to day responsibilities. Then, as many people do, the doctor reminded himself with a sticky note with several “scratched out” previous passwords. What if the doctor, instead of trying to remember D0k7&r2018!, could have used a passphrase instead of a password? ILoveMyDogHarry! certainly provides length and a complexity that is more in line with how a person might remember a sign in, keeping in mind that length often is better than complexity when it comes to password cracking.

As IT professionals we look at IT security much different than a doctor in his office who only wants to access information quickly and conveniently. What if we can blend our want for security with the clients’ need for convenience? Passphrases are a great start to getting rid of the sticky notes, and the locked accounts, not to mention the angry emails complaining of the account lockouts… again. Additionally, as IT departments work endlessly to reset passwords and train staff not to scribble down their passwords, we should look for safe and secure methods for helping end users store their passwords.

In the meantime, feel free to download a copy of our Best Password Tips Checklist. As always, if you have any questions or need assistance, drop a line in the comments below or contact us directly.