KT Connections Blog

By accepting you will be accessing a service provided by a third-party external to https://ktconnections.com/

Can Adding Spaces Increase Your Passphrase Simplicity?

Can Adding Spaces Increase Your Passphrase Simplicity?

Every year we see a rash of data breaches, the majority caused by compromised credentials. In response, KT Connections has been providing tips and best practices to help keep your users and your business safe. As the year winds down, let’s take one more look at credentials and learn another tactic to create secure and simple passphrases.

Credential Best Practices

First a couple reminders;

  • Credentials are the combination of your username or email address and a password or passphrase, used to log into computers and online accounts.
  • A password is commonly made from a combination of words, with complexity added by using special characters, upper and lower case, and numbers, but can be difficult to remember, such as: !L0v3MyP1@n0.
  • A passphrase is often a combination of words, either randomly chosen or uniquely known to you, with or without meaning, such as: correcthorsebatterystaple
  • You should be using a password manager so you don’t need to remember complex passwords.

Sometimes it seems as if we here at KT Connections are constantly promoting credential best practices, and the truth is, we are. Credential security is critical to keeping you safe online. An example of the cascade effect that comes from poor credential management is the recently launched Disney+.

Disney received a lot of flack within hours of launching the new streaming service because thousands of subscribers had their new accounts stolen on the very first day. While the initial thought was that Disney+ had been hacked, it turns out the loss of access to their Disney+ accounts was due to using the same credentials on another service that was breached in the past. The hackers assumed that some of the new subscribers would use the same credentials again on Disney+...and they were right.

The Biggest Problem: You Can’t Control or Predict What Organizations Get Hacked

As noted previously, credential compromise can originate due to the failings of companies to secure their systems. This was a record year with a total of 5,138 data breaches and 7.9 billion exposed records involving companies such as; Marriott, Zynga, Dubsmash, Facebook, AMCA, Capital One, MoviePass, Adobe, and many others. 

If your organization collects personal data, ensure you are enacting strong cybersecurity practices. South Dakota has a punitive customer protection law when it comes to personal data. If your business suffers a data breach, you face a wide range of consequences, not the least of which is financial (up to a $10,000 a day) depending on how you notify your customers.

This means YOU need to adopt safe credential habits, and ensure that all of your employees do as well. I realize we started this post just talking about streaming services, but the point is that good credential habits need to be in place everywhere!

Some Credential Best Practices

We continually post articles online about credentials including using a passphrases instead of paswords, alternatives to passwords, using security keys and of course using two-factor authentication (2FA). In fact, here's a quick list to remind you of some best practices:

  • For complex passwords, use at least 15 characters, the more characters the more secure it is.
  • For long passphrases, use 20 characters in the form of personalized word combinations or complete sentences only known to you.
  • For complexity, mix numeric (1,2,3,4, ...), uppercase alphabet (A,B,C,D, ...), lowercase alphabet (a,b,c,d, ...), special characters/symbols (!,@,#,$, ...).
  • Avoid repeated (e.g. A123A), consecutive (e.g. 1111,aaaa), and sequentials (e.g. 123,abc, efg), keyboard-patterned (e.g. qwerty, asdfg, nm,./, ) characters.
  • Do not use common phrases or word combinations (e.g. from songs) nor any of your biographical information (first name, middle name, surname, spouse name, child name, ex-name, address, phone number, birthdate, job position, etc) or any public information associated with you.
  • Never use default passwords on devices. If you have some new devices which contain a default password - a security system, firewall, network switch, camera system, or other hardware...immediately change it.

With that in mind, we would like to take a moment to add one more tool to your security toolbox: adding spaces (yes, spaces!) to your passphrases. Spaces make them easier to visually learn, transcribe, and type.

Add a Space to Your Passphrase

While we are familiar with using characters such as @, &, #, !, $, and other symbols to make your password more complex, we would like to introduce the concept of adding spaces into your passphrase. In fact, adding spaces can make even a very long passphrase easier to remember and still secure.  

An example without spaces would be: correcthorsebatterystaple. But our recommendation is to write your passphrase as a regular sentence using only a combination of words that is unique and known to you, such as: I saw a ‘69 Ford Mustang today!  Over time, you can develop a technique or system to create new and unique passphrases.   

Keep in mind that we don’t want to use information easily discernible about us, we can still create unique passphrases that are easy to remember.  This technique reduces the threat from hackers gleaning information from social media. For example, if you go on vacation to London, and then post all about it on social media, don’t use similar information in your passphrase.

There is one caveat to using spaces; white-space stripping. Don’t use a space at the beginning or end of any credentials. Before you use a space in your passphrase, take a moment to ensure it will be accepted and it’s important to note that some Internet sites may not accept spaces. More than likely the website will tell you if you try to use a character (such as a space) that isn’t supported. 

Test Your Credentials

Unsure of your credential security? Take a moment to test them using free online checkers.  How Secure Is My Passphrase, LastPass’s Checker and NordPass can give you a quick idea of where your password or passphrase rates regarding security and gives you the opportunity to try different techniques to improve strength.

It’s time to take security seriously. Contact us at KT Connections. We offer a free IT assessment to get your business started on the path to a more secure technology environment. We also provide a wide range of security services designed to help your organization develop and maintain best practices geared to keep your staff and customers safe. Call 605-341-3873 today to learn how.

Start Off 2020 by Auditing Your Online Accounts an...
Looking at Half a Century of Technology