Using Password Phrases For Better Security

Did you know that Windows supports using passwords of up to 127 characters? I don’t use passwords anymore, and I haven’t for years. I’ve switched to using password phrases instead.

Why do I use password phrases?

• Why would you want to remember a password like 2%d7as$d when you could just remember a sentence like “nsync sucks giant monkey balls” or “I hate my ex-wife!” or “Holy hell does this job suck!”
• You can use uppercase, lowercase, special characters, or even spaces… but you are using them in context, which makes it much more natural to remember.
• Post-it notes on your monitor are not secure. Sorry.
• Even the most efficient forms of password cracking, using pre-computed rainbow tables, will never be able to crack a password with 20 or more characters.

These days, windows passwords can be cracked in no more than a few seconds. If somebody can get physical access to your machine, they can boot off one of the hacker tool cds available all over the internet, and they will typically have your password in seconds, if they know what they are doing.

Even with brute force cracking, there is no possible way that you can crack a password that long. Even if somebody had the super computing power to do so, hopefully you change your password every few months or so.

It may be difficult to use password phrases on other operating systems, or especially on websites, because they don’t properly handle spaces in the password, or have a small password length limit. One of the tricks that I usually do is use a password phrase without the spaces, if I possibly can.

So go change your password now.
Note: For more information on this topic, you can check out Robert Hensing’s blog over at Technet.