Q

Authentication - From passwords to passphrases

Passphrases are a great security option if two-factor authentication isn't a possibility. Caleb Sima explains how to create strong passphrases.

We're trying to improve password security and are unsure how. I just read about the PayPal key fob, and I know fobs are a hot topic, but I don't know if they're any better than other methods. We've been considering RSA for a while. What do you suggest? Or are some kinds better for others?

Key fobs and other methods of two-factor authentication are definitely great if these are feasible solutions in

your environment. However, there is a way to increase password security and do it in a quick and reasonable time frame that most people don't think about. That is to turn passwords into passphrases. Implement a password change policy that has only one restriction – length of password. Make the minimum password length of 15 characters or greater, but add no other restrictions. Let the user do all lowercase letters if they want. Give examples in your policy of 'passphrases'. Something like 'thisismyreallylongpassword' or 'igetupat6amandgettoworkat9' or 'wowmymachineisreallyslow'. Implementing this is simple and quick and will increase your password security 100 fold.

More information:
This was first published in January 2007

Dig deeper on Building security into the SDLC (Software development life cycle)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close