Build the Unhackable Passphrase
January 15, 2019
It’s 2019. It’s time to change your passwords to passphrases.
A passphrase is a long password that is composed of multiple words. Because of its complexity, a passphrase is more secure against common hacking techniques, and is still easy to remember.
Cyber attackers use computer programs to guess passwords. These programs look for common passwords, dictionary words, and patterns, and “brute force” their way into an account, attempting millions of possible combinations every second. The more characters you include in your passphrase, the longer it would take for password-cracking software to guess at each character.
Secure passphrases protect the Biola community and university data. A poorly constructed passphrase may result in the compromise of an individual's personal information, a department's database, or the entire university.
How to Build a Passphrase
Length is the most important factor for passphrase strength. While it’s true that special characters, numbers, and randomness strengthen a password, they also make your passphrase harder to remember. A useful passphrase must be both secure and memorable.
Here’s how passphrase length affects the time required to crack the password:
Passphrase | How long it takes to crack* |
v47qAS | 1 second |
unicorn1 | 1 minute |
jesuslovesme | 1 day |
FJ?q187$z | 7 months |
Whereismycoffee? | 330 billion years |
Here’s your checklist for creating a secure passphrase:
- It’s at least 12 characters long. The longer, the stronger.
- It includes at least 3 words.
- It’s a phrase that’s easy for you to remember.
- It’s a phrase you made up. It can make sense, or be random, unrelated words.
- The words aren’t a recognizable pattern, such as a line from a movie, song, or book (some advanced cracking tools search for common patterns or phrases).
Information Technology is currently in the process of updating Biola's login system, so that NetID passwords can be longer than 20 characters, and will no longer require numbers or capital letters.
In the meantime, you can still change your NetID credentials to a passphrase at login.biola.edu. This will also update your credentials for your Biola email and any Biola computers you use.
Take It One Step Further
More sophisticated brute force software attempts every possible dictionary combination when cracking passwords, before going through individual letters. This means that three or four lowercase dictionary words could be as easy to crack as a simple pin number.
To protect yourself from these attacks, you can include any of the following complications in your passphrase:
Complication | Examples |
Misspelled words | Whereismycovfefe? |
Made-up words | IsengardBocceBall |
Unusual proper nouns or names | DBC&BieberForever |
Missing letters | BolaEglesBsketball |
Memorable nonsense | Flippityjibbitsquib |
*These estimates are calculated by www.howsecureismypassword.net, and are based on a traditional brute force attack by a home computer.