Passphrase: a new trend in security

As an Internet user, you probably know that every click, online action, or registration leaves a digital trace on the network. And not only the system itself can access such information, but also attackers. Those who are trying to get your personal data and use it in their own illegal actions or to transfer it to third parties. To obtain such access, various methods and tools are used. Every day, hacking methods are becoming more sophisticated, and the cybercriminals themselves are becoming more inventive. Cyber wars of the future are gaining momentum. And standard passwords, even intricate ones, do not guarantee absolute security to their owners.

Today, each of us, against our will, can become a participant in an evil game in which your security and privacy are at stake. And in order for you to be the winner, and not Internet intruders, it is important to keep up with the times, to follow current trends in the field of cybersecurity. This means that it is time to move away from outdated rules, and rely on newer, more reliable strategies. And one of those solutions that can provide a new level of your privacy can be called password phrases. Here we are talking about a combination of words that may initially seem too simple and ordinary to many. They should never be underestimated. The fact is that with the right approach, you can provide yourself with much higher security indicators than classic passwords provide.

In today's review, we will dwell in detail on what a password phrase is and why it should be used in practice instead of traditional solutions. We will provide arguments that here we are talking not just about a fashionable trend, but about an urgent need for absolutely every user who uses the Internet. We will separately highlight the advantages and disadvantages of a password phrase, consider the main varieties, and give examples. We will tell you what rules you should follow to independently implement these works, as well as how to properly store password phrases. The information provided will help you understand this issue in more detail, as well as provide yourself with truly decent security indicators when working online. So, let's take it one step at a time.

What happened to classic passwords and why don't they work anymore?

The practice of the last few years has clearly shown that regular passwords are what attract the most attention from Internet attackers. Most modern hacker attacks are aimed at identifying and stealing them. Different methods can be used to implement such ideas, but most often these are:

• Bootforce attacks. It involves mass impact on user accounts, assuming the fastest possible sorting through millions of combinations of numbers, letters, symbols per second.
• Social engineering. In this case, Internet attackers contact their potential victims and try to trick them into giving out their passwords using various illegal methods.
• Various automation tools. Their actions are aimed at identifying repeating patterns in the most popular passwords. They also have a high data processing speed and, unfortunately, are effective in practice.

Modern cybercriminals have developed their skills so much, have acquired a huge variety of tools and methods, that it is not a problem for them to literally pick up a PIN code for a bank card in a matter of seconds, consisting of a combination of 4 digits. Yes, measures aimed at complicating passwords, whether it is replacing a Russian-language keyboard with an English one and vice versa, adding symbols, numbers, capital letters give good results in practice. The resistance of such passwords to hacker influence really turns out to be higher, the more complex such words are, the more problematic they are in practice in memorization. This all becomes especially difficult when used with a huge number of different accounts and services. Users really get confused in all this, forgetting what passwords they entered on certain sites. This interferes with stable and functional work, adds additional hassle.

As a result, a significant proportion of users neglect security rules. Instead of complex 12-15-character passwords, they use template solutions, such as “Password!”, “passworD!”, “PassworD1” and so on. That is, the first or last letter is capitalized, an exclamation mark, a question mark, the numbers 1, 2, 3, etc. are added to them. If you analyze the dictionaries of hackers, then these are the combinations that will be in the first positions. And this means that this is where the attack on the user's device begins.

Heads of information technology departments, cybersecurity departments of certain companies and enterprises take password protection more seriously. They develop comprehensive internal policies that absolutely all employees must follow. But even here, the increased complexity of passwords leads to the fact that people simply start using the same set of characters for all pages to which they connect via authorization. In practice, there are often situations when, due to the need for frequent changes, the old password changes very insignificantly, for example, instead of “PassworD1”, “PassworD2” is indicated, or the same passwords are used in a circle, replacing each other. As a result, despite a fairly strict internal policy, weak passwords are formed within a particular company, which are easily hacked.

And here it is important to understand that every time attackers manage to disclose the list of user logins and passwords, a second, more complex process is launched, aimed at gaining access to more secure data. That is, based on these real passwords, hackers can automatically select thousands of the most common combinations, increasing their chances of a successful attack.

This means that classic passwords have lost their former effectiveness, requiring serious changes and more innovative approaches, such as the use of password phrases.

The main differences between passwords and password phrases

Before moving on to a more detailed acquaintance with password phrases, let's talk about how they differ from classic passwords. There are several points here that must be taken into account in practice. These are:

1. The specifics of creation. A password phrase is structurally several words connected together. The more of them there are, the longer the expression will be, which in itself will complicate the work of Internet intruders. In contrast, regular passwords — This is a random sequence of characters or a single word. To ensure decent security, experts recommend using a combination of at least 12, and ideally 15-16 characters. Moreover, it is worth avoiding words directly, and collecting a combination of letters, special characters, numbers. But what these solutions have in common is that both options can use special generators of both passwords and phrases. These are free online services that absolutely anyone can use.
2. Security level. With the right approach, both phrases and passwords themselves can end up being secure. But the main difficulty here is that not all people can remember regular passwords. As a result, they write them down or try to reuse them in different accounts. All this significantly reduces security indicators, increases the likelihood that attackers will be able to crack such passwords or guess them. That is why a password phrase is considered more secure. It is longer. For ease of perception, you can use various separators or spaces, add uppercase or lowercase letters, symbols.
3. Memorability. Once again, I would like to focus on this point, since in practice it is precisely this that in many cases has decisive significance. The fact is that it is impossible to remember reliable passwords a priori if you do not have some special skills. In this regard, it will be much easier with phrases, even if you complicate them by adding letters, symbols.

Now you understand what the key differences are between regular passwords and a password phrase. But it is still important to delve into this issue more deeply.

Why Use Password Phrases: Key Benefits

Compared to classic passwords, password phrases have a number of more than significant advantages. In particular, the following are worth highlighting from the main points:

• Ease of remembering. Despite their great length, phrases will be easier to perceive, even if they do not carry any semantic load. In most cases, practice shows that users do not even write down such phrases, but simply remember them. This is true even in cases where you make such an expression more complex by adding a few additional characters to it. This means that people will not look for ways to make the phrase simpler at the expense of its security.
• The likelihood of reusing passwords is minimized. We have already said that, when faced with complex passwords, people simply simplify their lives by slightly changing them when updating, or even using them a second time. And these are not empty words. In particular, Microsoft Corporation conducted a massive study of hacked databases, during which it found that over 45 million accounts constantly used the same passwords. And this is one of the most significant vulnerabilities. Just think: if a hacker manages to gain access to one password, he will immediately open the doors to a huge number of accounts. In the case of phrases, this will not happen. Many people, on the contrary, perceive the change of such expressions as a game, an interactive activity, trying to come up with something even more original, unusual, interesting each time.
• Increased complexity during hacking. To obtain information about a short user password, an Internet attacker will only need to have a powerful computer and a few minutes of free time. And the longer the length of such a code, the more time and effort is required to hack it. That is why complex phrases containing many characters are practically impossible to identify even if powerful equipment and good specialists are involved in working with them.
• Improving the user experience. We have already talked about the fact that many people come up with various ways to bypass strict corporate cybersecurity rules, neglect the use of complex passwords when working with home computers only because the process of entering long, complex passwords takes a lot of time. And if there are several such accounts, which is typical for almost any person, then this whole process becomes extremely tedious, causes irritation, discontent and a natural desire to find another solution to the problem. And here password phrases come to the rescue. They are not only easier to remember, but also extremely quick and easy to enter. The whole secret is that there are practically no special characters here, and everything you need is on the keyboard.

But, unfortunately, like any other technology, methodology, this will also have its drawbacks. And one of the most significant “minuses” in this case is the unpreparedness of the system itself. Practice shows that today many sites are not at all designed for the use of password phrases. There are character limits here, typical for a regular, even complex password. Most sites require users to enter a code of 6-12 characters. I would like to draw special attention to Wikipedia: here it will be enough to enter at least 1 any character or letter in both the login and password fields.

Let us repeat that the code phrase is much longer. This means that you will not be able to fit into the allocated limits. Yes, there are other platforms where people can enter up to 100 or even 150 characters. But one of the problems still remains here: the system requires a combination of uppercase and lowercase letters, special characters, numbers, and will not accept meaningful expressions and words.

As a result, an easy-to-remember phrase turns into a useless and difficult-to-remember set of characters. That is, the very essence and all the advantages that were originally characteristic of the password phrase are lost. But today there are already prerequisites that allow us to predict fundamental changes in the systems' approach to user passwords, including the introduction of long and easy-to-remember expressions.

Main types of password phrases

Before moving on to the direct selection and use of password phrases, you need to familiarize yourself in detail with their varieties, types, choosing the option that will be the most convenient and effective in your work. So, today the following classification of these types of codes is provided:

1. Random. Here we are talking about a set of absolutely random words that have no connection with each other, no relation to any events. The lack of logic in the selection of words makes it somewhat difficult to remember, but, nevertheless, there is no point in talking about excessive complexity here. A random password phrase will look like this: Crow pear star hospital. You can form some associations yourself. As an example, the “decoding” of this phrase can look like this: a crow was flying, hit a pear, stars fell out of its eyes, and it ended up in a hospital. This way you will definitely remember your code.
2. Mnemonic. This password phrase involves a combination of unique words that at first glance seem random, but at the same time there is some association between them, which makes the sentences more memorable. As an example, you can specify the following: “old-angry-cat-loves-sleeping-on-a-gray-pillow”. That is, there is no direct connection between the words, but as a result we get sentences with a certain meaning. It will be very easy to remember.
3. Based on a picture. In this case, you can take absolutely any image, photograph that caught your eye and describe them in your own words. Let's say you have a photo on your bedside table from a family vacation at sea, in which your daughter Nastya is eating a burger. As a result, we can get the following password phrase: “Burger disappeared Thank you 1 N@sty $eagull”.
4. Key phrase. In this case, the code will also consist of a set of words, each of which begins with a particular letter of the pattern on the keyboard. Look down at the layout, let's say at the bottom row. Here we have in sequence such letters as “I”, “H”, “C”, “M”, “I”, “T”. Now we take and come up with words that will begin with these letters, such as “pit”, “ink”, “dog”, “flour”, “oriole”, “tunnel”. As a result, we get the passphrase Pit Ink Dog Flour Oriole Tunnel. You should be able to remember your code quite easily if you look at your keyboard. As with random passwords, here you can also come up with some association for yourself, like the option that there was a pit with ink, where a dog fell, and then it fell into flour, an oriole saw it and flew into a tunnel in fright.

Whatever version of the password phrase you choose for yourself, remember that you yourself choose the expression that will be the simplest, most convenient for your use and easy to remember.

Several examples of password phrases

To help you better navigate the features of password phrases, it would be useful to get acquainted with their diversity and how they can be designed to increase their reliability and resistance to hacking. So, here are some options:

• A Lion Loudly Roams the Savannah at Night.
• A Purple Dog Howls at the Moon at Night.
• A Farmer Raised Peas on a Cloud.
• A Queen on the Throne Eats Ice Cream.
• A Boy in Shorts Catches a Butterfly with a Hat.

We repeat once again that your imagination when choosing password phrases is practically unlimited. Show it to the maximum, getting the option that will be optimal for you.

Practical recommendations for creating a reliable password phrase

To get a really powerful and easy to remember password phrase, approach its creation as comprehensively and professionally as possible. As a result, you should create an excellent option in terms of memorability, ease of use, and security. And our recommendations will provide significant assistance in implementing such an idea:

1. Use phrases of sufficiently long length. Here the number of characters should start at least from 20, but it is optimal to make them even longer. You should understand that the more characters are in your password phrase, the greater the chance that a brute-force attack will be ineffective. That is, even a powerful computer and the corresponding software will not be able to find the appropriate combination.
2. Shuffle the words in your phrase. Basically, you can write any sentence consisting of 5-6 words, and then simply rearrange all these words, ending up with a completely unreadable solution. Let's say you write the phrase "Fish swims in the river at great depths." Now we take and rearrange the words in a chaotic order, getting the output: "fish swims in the deep in the big river." In principle, such a rearrangement will not greatly affect the automatic selection by the appropriate hacker tools, but a person will definitely not be able to guess it.
3. Use different unique phrases for each individual account. This rule is relevant not only for expressions, but also for the passwords themselves. The fact is that if hackers manage to hack at least one account, then it will be able to gain access to various other pages, including those containing personal confidential information. That is, a compromised phrase will open up a lot of opportunities for a hacker to hack sensitive data. Therefore, it is much more reliable and effective to provide separate expressions for different accounts, or alternatively, to connect them all with a single semantic load, which will make it much easier to remember.
4. Never use personal data when writing code. The fact is that quite often Internet attackers deliberately target one or another victim. Before launching an attack on them, they study profiles on social networks and any other open information, collecting the data that, in their opinion, can become the key to disclosing the password or password phrases. And this means that you should always avoid indicating your name, surname, address, date of birth or events that play an important role for you. That is, escape reality, remove anything that can point specifically to you from your codes.
5. Update password phrases with enviable regularity. Phrases should be changed as often as passwords. Despite the fact that they are much more difficult to hack, there is, unfortunately, no way to talk about absolute security. Therefore, it is in your interests to always be one step ahead of Internet intruders and not give them a chance for a successful attack. But if you take into account the fact that it is much easier to come up with password phrases than the passwords themselves, as well as to remember them, then we are sure that no one will have problems with this in practice.
6. Always keep your password phrase a secret. Even if you managed to come up with something very original and unusual, if you really want to tell your friends or even loved ones about it, then still resist such a temptation. The fact is that even in the absence of obvious threats, the risk of your data leakage will be high. It cannot be ruled out that through negligence your code will become public knowledge, including in the hands of hackers. Also, under no circumstances share passwords with your partner, colleague, including in the case of joint work on a particular project. This will significantly reduce your resistance to hacker attacks and other actions of Internet intruders.
7. Despite all the transformations that you will apply to your phrases in order to increase their security, you must keep them memorable. That is, it is important that you do not forget your own password, even if we are talking about working with a large number of accounts. In this case, you will be able to significantly improve your user experience, increase the comfort of work, and avoid various difficulties at the authorization stage.
8. For easier and faster selection of a suitable password phrase, use special managers. This is a program that can remember your codes, and will also remind you of the need to replace them when the time comes. This is what will significantly simplify your subsequent work, increase resistance to phishing attacks, and minimize the likelihood of hacking. If you do not want to use a phrase manager for one reason or another, then opt for a password management book. The main thing is not to lose it by accident.

As you can see, there is nothing complicated or unrealistic in these recommendations. But we still strongly recommend following such advice, because it will greatly simplify your work with password phrases and increase convenience during work.

A few words about how to protect and store password phrases

Here it is important to understand that even the most reliable and thought-out password phrase will lose all its relevance if you write it down on a piece of paper and attach it near the monitor of your home computer. And this means that it is important to pay due attention not only to the development of the phrase itself, but also to its subsequent storage and practical use. And here there are also a number of simple tips that should definitely be used in practice when working with password phrases:

• Choose only a reliable and time-tested password manager. Remember that it will store all your phrases and automatically substitute them when you log into a particular account.
• If you notice any suspicious activity, increased interest in your accounts, a message with connection attempts from unfamiliar users, then it is better to immediately change the password phrase to a new one.
• Additionally use multi-factor authentication. Even if an attacker is lucky for one reason or another, if he finds out your password phrase, he still will not be able to connect to your account. Without the second factor, be it a text message, a call, or confirmation via email, an Internet attacker will not be able to implement his plan.

That is, it is important to understand that ensuring security is the direct work of each Internet user. There is no point in being indignant at the imperfection of the system, blaming the increased risks that modern users face. It is necessary to independently take care of your own security when working online.

Important to remember

If we summarize everything that we talked about in today's review, then here we can draw the following conclusions:

• ensure a smooth transition from outdated traditional passwords (difficult to remember, susceptible to hacking) to more reliable and technological solutions;
• use at least 4-5 words that are not related to each other as the basis of a passphrase;
• in practice, passphrases will be more reliable, since they are long, and also easier to remember;
• use reliable and proven managers or MFA to store such codes;
• avoid simple associations, patterns, reuse.

You should not risk your own security, underestimate the capabilities Internet intruders. Online threats are growing literally every day. This means that each of us needs to learn to counteract them, and as effectively as possible using advanced modern methods and tools.

Let's sum it up

Despite all the complications that are applied to simple passwords, today they have already lost their reliability and do not guarantee the desired security indicators. The accounts to which they are used today become quite easy prey in the hands of experienced Internet intruders. This is true even for those solutions that are not ordinary words, but a set of symbols, numbers, letters. Moreover, excessive complication of such passwords leads to the fact that users themselves begin to simplify their work, minimize the time and effort to remember such codes and enter them when connecting to an account.

Passwords guarantee a completely different approach. For those programs that hackers use in their work, such a phrase is – this is a chaos of symbols, which is impossible to understand. You will be able to come up with them yourself, without even relying on generators, and remember them easily. This is the solution that maintains the most accurate balance of user convenience and high cryptographic resistance.

But we must not forget about many other risks and limitations that a modern user faces when working on the Internet. And here mobile proxies from the MobileProxy.Space service will provide significant assistance in countering them. Useful information about this product can be found here. In this case, you are guaranteed high security and confidentiality of work on the network, effective bypass of any regional blocking and restrictions, as well as bans from the system, including for automated work, the use of multi-accounting. We also offer to take advantage of free testing of the product before purchasing it, competent advice from technical support specialists working around the clock. You will find more useful information about mobile proxies in the «Articles» section.

Share this article: