Security & Privacy

The End of Passphrase Passwords?

Posted on August 27th, 2013 by

For those of you who are fans of the webcomic xkcd, you may recall the suggestion to use passphrases (such as “correct horse battery staple”) rather than hard-to-remember gibberish passwords.

Well, it would appear that the utility of that suggestion is coming to an end. A freely available password-cracking tool has just come out with an improved version that will crack passwords of up to 55 characters in length – primarily by searching for dictionary words.

This isn’t quite the end of passphrase passwords yet, however. There are still ways to use passwords more securely. As we’ve suggested in the past, passphrases can be made more secure by adding some additional variety. Rather than simply “correcthorsebatterystaple,” you could use “Corr3ctHor$eBa77erySt@ple” and your password complexity goes up significantly. Likewise, you could use a password manager to create a strong, random-gibberish password that you don’t have to try to remember.


On a related note, albeit primarily of academic interest (i.e. Don’t Panic), it looks like passwords and encryption will need to change significantly within the next 10+ years as Quantum Computers become a common reality. The upshot of this idea is that as computers become drastically more powerful, they’ll be able to cut through the algorithms currently used to secure data like a hot knife through butter. But then, very smart people are also working on solutions to this, especially as the whole NSA scandal has people entirely freaked out that governments are now (or will soon be) able to break some of the more complex existing algorithms. In the meantime, world records continue to be set in breaking longer algorithms. Yowza!

photo credit: Simon Lieschke via photopin cc