Secure password upgrade

On Tuesday 14 November 2023 we will require all our members to change your passwords, and ensure that they are ‘strong’ passwords or passphrases.

Quick tips for strong passwords

  1. Add Variety: use uppercase, lowercase, special characters, and numbers.
  2. Don’t recycle! Don’t use the same password for all of your accounts.
  3. Don’t get personal: avoid using birthdates or names of your loved ones.
  4. Make it long: use passwords longer than six characters when possible.
  5. Change them often: review your passwords and change them frequently.
  6. Use a manager: password management apps can safely store and use your paswords, and monitor them for data leaks.

Below is a more detailed explanation of what makes for a secure password according to the Australian government’s Signals Directorate:

Principles for strong passphrases

Whenever you can, use a passphrase instead of a password. By following as many of these principles as you can, you will know you have created the most secure passphrase possible.

Create long passphrases

The longer your passphrase, the better. As adversaries can crack a short password with very little effort or time, you can increase the time and effort it takes by using a passphrase instead. Aim to make your passphrases four or more random words, of at least 14 characters in total, whenever you can. For example, ‘red house sky train’, ‘sleep free hard idea’ or ‘crystal onion clay pretzel‘.

Create unpredictable passphrases

The less predictable your passphrase, the better. A passphrase in the form of a lyric, quote or sentence, like ‘I don’t like pineapple on pizza.’, uses spaces and punctuation, which adds complexity. However, a sentence could also be predictable, because the language you use will have grammar and punctuation rules to follow. In English sentences, for example, it is predictable to have spaces between words, a capital letter at the beginning and a single character of punctuation at the end, like a full stop. Sentences can also be predictable in the placement of nouns, adjectives, verbs and so on.

Using a random mix of unrelated words is far more unpredictable, and will produce a stronger passphrase. There are many ways to create a mix of random words. There are tools available on the internet that can help, or you could open to random pages in a dictionary or another book to select unrelated words.

Create unique passphrases

Use a unique passphrase for every valuable account. Reusing a passphrase makes each account that uses it more vulnerable. This is particularly important for valuable accounts like email, financial accounts and those that store banking details. Often email addresses are reused as usernames to log into multiple accounts, and the accounts are often used to store valuable personal information, making your email account a valuable resource. If adversaries have cracked your passphrase, they will attempt to use it for every account they find that is associated with you, and even change your passphrase so that you can’t regain access to your accounts. Inconveniencing adversaries trying to steal from you is worth having unique passphrases for every valuable account.

One way that you can reduce the burden of having unique passphrases for every valuable account is to use modifiers for each one based on the service that it relates to. For example, ‘crystal onion clay pretzel facebook’ or ‘insta crystal onion clay pretzel’.

Remembering passwords and passphrases

Once you have ‘strong’ passwords in place you probably want to use a password managing app to remember them: Finder recommends the following password management tools: