This document discusses replacing passwords with passphrases and how passphrases provide stronger security than typical passwords. It notes that a passphrase like "Cafeteria fish sticks are awesome!" containing 5 words and 34 characters would take over 35.64 billion trillion centuries to crack, whereas a typical 8 character password can now be cracked in under 90 seconds using cloud computing resources. The document recommends using passphrases that are at least 15 characters long, include a variety of words, uppercase and lowercase letters, and are easy for the user to remember to provide strong security for accounts.
2. Rank these passwords by secureness
• parkway
• t3ach3r
• h1ghSch@@l
• Cafeteria fish sticks are awesome!
3. Ranked by security
• Cafeteria fish sticks are awesome!
• h1ghSch@@l
• t3ach3r
• parkway
4. How fast can they be cracked
• parkway (regular word)
▫ Under one second
P@rkw@y – 28 seconds
• t3ach3r (some substitution)
▫ Under one minute
T3ach3r12 – 3 minutes
• h1ghSch@@l (capital, substitution, number, symbols)
▫ 1 week
h1ghSch@@l!! – to over a year
• Cafeteria fish sticks are awesome! (passphrase)
▫ 35.64 billion trillion centuries!
5. Great password was…
• 8 characters long
• 3 of 4 requirements
▫ Has uppercase letters
▫ Has lowercase letters
▫ Has a number in it
▫ Has punctuation or a symbol in it
6. Password cracking has advanced
• Better cracking programs
• Tons of dictionary files
▫ Available on internet for anyone to download
• Brute force password cracking
▫ Try every character, number, and symbol
combination until password is cracked
7. Amazon power…
• The power of the cloud!
• For $1.60 an hour I can have 8 3.0 GHZ servers
at my disposal
• Can process a billion password attempts per a
second
• At that speed a 8 character password can be
brute forced in under 90 seconds
8. How do we fix it?
• Replace passwords with passphrases
▫ Short sentences
▫ Using multiple non-connected words
KittenFootballSnow
Spaces or no spaces
Some sites or systems may not support passwords with
spaces or all the special characters available
9. What makes a good passphrase
• At least 15 characters long
▫ The longer the better
• Use what ever words you like
• Make it easy to remember
• Our example
▫ Cafeteria fish sticks are awesome!
5 words
34 characters with spaces
Uppercase, lowercase letters, special character
Easy to remember
10. What's next?
• Technology evolves
• Computers become faster
• Better cracking methods
• When passphrases are as bad passwords
11. Two factor authentication
• Something you know, and something you have
▫ Have a pin texted to your phone that must be
submitted to complete the login process
Gmail
Facebook
Banks and finance sites