Last week, Edward Snowden spoke on US TV show, Last Week Tonight with John Oliver, on the importance of password security. Snowden cited the need for “passphrases” instead of simple “passwords”, giving the example of “MargaretThatcheris110%SEXY.” as a strong password.
But is Snowden’s suggestion actually a good one? While this rather ironic example might be slightly better than the majority of passwords many use today, the truth is a password like this is unlikely to keep you truly safe from the threats online today.
The reality is that passphrases, such as Snowden’s, are still relatively easy to hack because they are based on real phrases and words. Hackers have an ever-growing “dictionary” of words and phrases that have been used previously across the web, which they use to run what is known as a dictionary attack. This is an ultra-high-speed system of cracking where all possibilities from language samples and online lists can be taken into account. So, if your password is not really unique, with a very high level of entropy, then it could potentially be hacked this way. Even passwords using a combination of upper and lower case letters and numbers will be vulnerable to attacks like this.
So, with this ever-growing level of sophistication, what can we do to keep ourselves safe online?
Snowden’s point that heightened password security is a necessity is a valid one. However the key is in fact that your passwords should not be based on real words or phrases, but be truly RANDOM. Only then will your password be outside a hacker’s dictionary of previous passwords and passphrases, making it as hard as possible to crack.
Speaking to WIRED following Snowden’s comments last week, Joseph Bonneau, a postdoctoral cryptography researcher at Stanford, echoed this point by saying that “The length (of a password) doesn’t mean that much to your adversary. The real problem is that people are really bad at producing randomness. It’s really hard to tell if what you’ve picked is hard to guess.”
So, when your next faced with devising a new password, instead of thinking about memorable phrases, birthdays, song lyrics or anything else under the sun…why not just click that “generate password” button on Dashlane. It’s the only way your passwords will be as safe as they possibly can be.
Need more advice on how to sharpen up those passwords, check out another one of our posts here and if you haven’t already, why not try out Dashlane today for FREE.