Problem solve Get help with specific problems with your technologies, process and projects.

Authentication - From passwords to passphrases

Passphrases are a great security option if two-factor authentication isn't a possibility. Caleb Sima explains how to create strong passphrases.

We're trying to improve password security and are unsure how. I just read about the PayPal key fob, and I know fobs are a hot topic, but I don't know if they're any better than other methods. We've been considering RSA for a while. What do you suggest? Or are some kinds better for others?

Key fobs and other methods of two-factor authentication are definitely great if these are feasible solutions in...

your environment. However, there is a way to increase password security and do it in a quick and reasonable time frame that most people don't think about. That is to turn passwords into passphrases. Implement a password change policy that has only one restriction – length of password. Make the minimum password length of 15 characters or greater, but add no other restrictions. Let the user do all lowercase letters if they want. Give examples in your policy of 'passphrases'. Something like 'thisismyreallylongpassword' or 'igetupat6amandgettoworkat9' or 'wowmymachineisreallyslow'. Implementing this is simple and quick and will increase your password security 100 fold.

More information:
This was last published in January 2007

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.