Passwords are out and Passphrases are In
To give some background here I managed a company’s helpdesk for around 2 years. The company size was around 200 people when I first started and I was closing on average around 300+ tickets every month just to myself. Now of those 300+ tickets, around 30-50 tickets dealt with passwords being forgotten and needing to be reset. I’m a person of efficiency and I made it my goal to talk with every single user at that company about the importance and simplicity of passphrases.
“Though 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
With a few years of system administrator experience under my belt now, a truer statement couldn’t be said. I always pushed people to adopt this mentality about security. You can set a 30 character password with upper, lowercase, numbers, symbols, and the blood of your first born, but are you going to remember that password? No you are not, I pushed people to start thinking of the passphrase and its simplicity. Before I left there, I had a very good portion of the employee’s switched over to using passphrases and my tickets went from 30-50 a month to around 1-10. That’s a win in my book, I reduced ticket numbers with persistence and education while providing an easier and more secure solution for the company.
Just something to remember that in today’s world we always think about very complex passwords that are incredibly hard for us to remember and force people into making huge security mistakes. So stop thinking about a password and start think about passphrases. They are easier to remember, far more secure, and much more difficult for computers to brute force.