New year resolutions – passwords v passphrases

17/01/2025 00:00:00

In the first of a new series of articles, Paul Delahunty outlines how a simple change to your password approach can make a big difference.

As we head into another New Year, our thoughts inevitably turn towards fresh starts and those dreaded New Years Resolutions! Some of the more popular resolutions include losing weight, exercising more, setting career goals, spending less time on social media….all things that we consider make our lives better and safer. But what small change can you make to make your online life better and safer? Well, how about making the change from 'passwords' to 'passphrases'?

What is a Passphrase

We’re all familiar with passwords. Simply put, a password is a string of characters, known only to the user (hopefully!), that is used to grant access to that users’ accounts.

A passphrase is similar to a password, in that it is also a string of characters, known only to the user, that is used to grant access to that users’ accounts. However, rather than being made up of one long word, or string of non-sensical characters, passphrases are made from a combination of words that form a memorable phrase.

Why is this important?

The length of a user’s password (we’ll use “passphrase” from here on out) is what’s really important. It’s far more important than using “special characters”, for example. This is because, the longer a passphrase is, the more possible permutations it has, and therefore, is harder for hackers to crack.

So, why don’t we just use really long passwords?

Well, the problem is, we’re humans. And humans find remembering really long strings of random characters difficult. However, if instead, we use a group of random words, or a phrase, it becomes far easier. And as an added bonus, as you can include spaces in your passphrase, it’s also easier for us to type these on a keyboard. But crucially, it becomes much easier for us to use a much longer string of characters to secure our accounts. And that’s the key!

The CIS Controls advise a character string length of at least 14 characters. However, many cyber security experts, such as Kevin Mitnick, advise on using up to 30 characters.

Length is Strength!

So, for 2025, why not make a resolution to keep your online world that bit safer by using Passphrases in place of Passwords. And, of course, wherever possible, always use Multi-Factor Authentication (MFA) along with your Passphrase for that “belt and braces” approach.

 

Paul Delahunty is Chief Information Security Officer at Stryve, a leading Irish multi-cloud and cybersecurity company and ICTTF Cyber Security Company of the Year 2022. Paul is CIO and IT Leaders Security Leader of the Year 2023 and 2024, and is the Tech Excellence Awards CIO of the Year 2024.