News

10:18 AM
Connect Directly
RSS
E-Mail
50%
50%

Passphrases A Viable Alternative To Passwords?

Some experts say they are, but technological and cultural issues bar the path to passphrases.

Two-factor authentication might be a great way to bolster log-in processes across the enterprise and even on the Web, but when it comes down to it, the typical authentication process using something someone knows--typically a password--isn't going anywhere anytime soon. Nevertheless, some security professionals wonder whether it is time that the industry take stock: They think organizations should at least consider replacing these difficult-to-remember, difficult-to-secure jumble of alphanumeric characters with more memorable and secure passphrases.

Sure, passphrases are not as secure as a token or some other two-factor authentication method, but they're more secure than "12345" and much easier to remember than some strange concoction like "b4x87g-m."

While it might be tempting to blame end users for coming up with crummy passwords, Nick Selby, a Texas police officer and managing director of enterprise security consultancy TRM Partners, believes the problem is not because users are too dumb to absorb security training, but because security practices put them in an impossible situation.

"What can't be trained is demanding that people use something which is impossible to remember--and then demanding that they remember that. And attendant with that is not writing it down. You can't remember it, and you can't write it down," Selby said. "Is that a user issue? I don't think so."

His argument is that passphrases, such as a sentence from a favorite book--are easier to remember and harder to crack than most passwords today, even without special characters. Many within the industry back him.

Read the rest of this article on Dark Reading.

Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
1/11/2012 | 12:53:20 AM
re: Passphrases A Viable Alternative To Passwords?
I think there is a good argument here for pass-phrases being superior to passwords as far as being easier to remember.
Brian Prince, InformationWeek/DarkReading Comment Moderator
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed