A 'Passphrase' isn't enough

In a recent interview with HBO's John Oliver, Edward Snowden recommended using passphrases rather than passwords. It seems like a logical step but it's not as simple as it sounds.

A Passphrase isn't enough

Complex passwords are a must to protect against the typical attacks that threaten your data.

There are a number of methods that hackers can use to get your password. Guessing is one, with enough knowledge of the person, background information or if the user has been lazy and used 12345678 or some other lazy combination. Any complexity should make guessing almost impossible. Bruteforce or dictionary attacks are also a typical method. They are similar because they both bombard an account with passwords until they find the right one. A dictionary attack as it sounds will work through a list of words or typical phrases (e.g. password1) until it finds the right password. Bruteforce could also be random, the massive growth in processing power means such methods while unrefined (hence the name) are very effective. Snowden himself claimed that a 8 charachter password could be cracked in one second. Estimates for hacking attempts from regular desktop computers are that an 8 number password would take about a minute to crack.

Passphrases are better than passwords but they aren't the perfect defence for keeping your private data safe, not that Snowden said that. But it's important to emphasise that overly complex passphrases can be more of a nuisance than a help, as you may resort to risky behavior such as writing your password down. There are a range of otherways to enhance the security of your log in details. A reliable email provider will have safe guards in place to prevent brute force attacks, locking your account after a number of failed attemps. You can also activate two step verification. Google offers numerous ways to use two step verification, such as sending you an sms, their sleek mobile app and 10 single use codes that you should record somewhere secure in the event that you cannot access the first two.

You have to consider the potential risks, while many online accounts have ways to prevent brute force attacks, your smartphone might not. It's possible to make your phone lock after a certain amount of attempts and even erase all data. Which sounds extreme but if properly set up is a very effective security method.

There are other threats to consider

There are also other vulnerabilities to consider that could completely bypass your password. A prime example would be a vulnerable internet connection such as public wifi, where a hacker could intercept personal data during transmission. Malware could also have the same outcome, where personal data is transmitted to cyber criminals. These threats require other responses, safe online practices and good anti-virus are necessary to protect against malware and for securing your internet connection there are VPN's like ZenMate that hide your IP address and encrypt your connection.

ZenMate is an easy to use add on for your browser and smartphone that encrypts your internet traffic, giving you an extra layer of security. It's great for when you're travelling and using unfamiliar internet connections such as public wifi in cafes.