If you created your passphrase by just trying to think of a good one, there’s a pretty high chance that it’s not good enough to stand up against the might of a spy agency.
The reason that your password or passphrase is probably not good enough is that it lacks something called entropy. You can think of entropy as randomness, and it’s one of the most important concepts in cryptography. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion.
To create *entropy* you can simply use Dice! That's right, if you are really keen to create the most unique passphrase around use dice to roll 6 numbers.. Write each number down then look up the corresponding word in the Diceware list that corresponds with you numbers and volah! that is the first word of your passphrase. Now repeat than 7 times to get a 7 word passphrase! ...or you can use password manager or online password generator who will roll the dice for you.
...or you can use password manager or online password generator who will roll the dice for you.
The "best" length and composition of passwords is hotly debated amongst cyber security people, and in many cases are being complemented with multi-factor authentication (a combination of something that you know, something that you have or something that you are), but in the most part it holds true that to have a strong password they should be:
Passphrases are most effective when they are long, unpredictable and unique.
A good passphrase should have **at least 15, preferably 20 characters** and be difficult to guess. Refer back to our earlier comments about entropy.
Password managers (which can also be used to store passphrases as well) enable good cyber security habits. Having a unique passphrase for every valuable account may sound overwhelming; however, using a password manager to save your passphrases will free you of the burden of remembering which passphrase goes where.
A lot of web browsers provide an in-built password manager. You might have noticed the pop-up window asking to store your password when logging into accounts. Password managers are also sold separately, however, quality and security may vary.
When using a password manager:
At the helm of our privately owned, global RegTech firm are industry experts who understand that security controls should never get in the way of business growth. We empower companies large and small to remain resilient against potential threats with easily accessible software solutions for implementing information security governance, risk or compliance measures.
We don't just throw a bunch of standards at you and let you try and figure it out! We have designed a thoughtful way of supporting all businesses consider, articulate and develop security controls that suit the needs of the organisation and provide clever reporting capability to allow insights and outcomes from security assessments to be leveraged by the business and shared with third parties.
Our platform places customers at the heart of our design process, while providing access to expert knowledge. With simple navigation and tangible results, we guarantee that all data is securely encrypted at-rest and in transit with no exceptions – meeting international standards with annual security penetration testing and ISO 27001 Certification.
