Problem solve Get help with specific problems with your technologies, process and projects.

Authentication - From passwords to passphrases

Passphrases are a great security option if two-factor authentication isn't a possibility. Caleb Sima explains how to create strong passphrases.

We're trying to improve password security and are unsure how. I just read about the PayPal key fob, and I know fobs are a hot topic, but I don't know if they're any better than other methods. We've been considering RSA for a while. What do you suggest? Or are some kinds better for others?

Key fobs and other methods of two-factor authentication are definitely great if these are feasible solutions in your environment. However, there is a way to increase password security and do it in a quick and reasonable time frame that most people don't think about. That is to turn passwords into passphrases. Implement a password change policy that has only one restriction – length of password. Make the minimum password length of 15 characters or greater, but add no other restrictions. Let the user do all lowercase letters if they want. Give examples in your policy of 'passphrases'. Something like 'thisismyreallylongpassword' or 'igetupat6amandgettoworkat9' or 'wowmymachineisreallyslow'. Implementing this is simple and quick and will increase your password security 100 fold.

More information:

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.