Data breaches stemming from weak passwords continue to rise. Many cybersecurity consultants recommend using a passphrase instead of a password to increase your online security. Let us help you better understand how it works.
What’s a password? The dictionary tells us it’s a word that grants us access or admission to something. In computer terms, a password gives a user access to something that’s otherwise off limits.
When you create a password, it’s run through a mathematical function called a hash algorithm. The input is your password — let’s say “summer2021.” The password is typed in and the output is an alphanumeric string with a fixed length. For our example, it’s 32 bytes long. So, no matter how many characters the password has, the output is always the same length. This output is commonly referred to as the “hash.”Once the hash is created, the system for which the password is being generated saves the hash and your username to a file. Each time you attempt to log in, the system takes what you typed in the password field and runs it through the same hashing algorithm. The information is checked to ensure the output matches what’s saved in the file. If it matches, access is allowed. If it doesn’t match, access is denied (when the system is operating correctly). This all happens very quickly; computers can do something like four billion things per second!From this explanation, you might see the problem. Bad guys could pre-emptively take every word in the dictionary, run each through the same hashing algorithm, and then compare the hashes to the password file they stole or purchased on the dark web. Remember, computers can process things extremely quickly, so it won’t take long. Once a match is found, they have your password.
For these reasons, security professionals preach to use passphrases rather than passwords. A passphrase is a series of words, and the additional characters add to the complexity. Of course, this also tells us to use uncommon phrases, as they’re far less likely to be guessed.
Many security experts use this explanation to justify moving to biometrics or realistic authentication. The measurements and calculations of the body, including fingerprints and faces, are stored as data. Once collected, these measurements are run through the hashing algorithm and the output is saved. When you attempt to log in, the two outputs (username and hash) are compared, just as is done with passwords and passphrases.
What if someone steals the hash of your fingerprint measurements? Can you change your fingerprint like you can change a password? The simple answer is no.
In a best-case scenario, systems should use layered security requiring multiple security pieces. This is sometimes referred to as multifactor authentication and requires two things:
As much as we may wish it, passwords aren’t going away anytime soon. Having a better understanding of how they work may help users develop stronger passwords and passphrases, (Partially reprinted from shazam.net/news/shazam-blog.)
Remember, your password is your first level of protection against hackers.
(Partially reprinted from anetworks.com)
View All Rates
*APR = Annual Percentage Rate *APY = Annual Percentage Yield Rates are subject to change without notice
Read Our Newsletter