In 2024, the question of how to make passwords secure is rising as a fundamental issue in cybersecurity. For example, an eight-character password, however complex it may be, can be hacked by an attacker in less than a few seconds. So, as we are in a time of massive cyber-attacks that can affect all types of players, individuals, businesses and organizations alike, it seems almost vital to put a strict password policy in place. With regard to these concerns, a solution has been emerging for several years: the passphrase.
What is a passphrase?
The passphrase is a variant of the classic password. In practical terms, it’s all about quantity rather than quality. Long gone are the days of capital letters, numbers and special characters; with the passphrase, all you have to do is align words that have nothing to do with each other in order to form a password. It is meant to only contain lower case letters and spaces (or dashes). As a general rule, a passphrase is made up of three or four words, each at least 6 characters long.
For example, a passphrase used as a password could be “mango fragile cactus”. This password would then be 20 characters long, making it virtually impossible to compromise because of its length.
What are the advantages of using a passphrase?
According to a study carried out in 2024 by the Nordpass website, the average person has 168 passwords for personal accounts. As this trend continues to grow, a number of solutions have been developed. While the trend leans towards online password management, such as Bitwarden or the French company KeePass, these have not yet been democratized in society.
As a result, it is impossible for an individual to remember so many passwords. The result is that, more likely than not, people will use the same password for the majority of their online accounts, sometimes with a few variations. Generally speaking, most of the passwords used have common characteristics (a capital letter as the first letter, numbers and special characters at the end, or replacements such as @ instead of the letter a), making them less secure. Naturally, cyber attackers are aware of these habits and use them to facilitate their attacks.
Therefore, the passphrase appears to be a compromise, making it easier to remember different passwords that meet cybersecurity criteria in terms of length and strength.
In practical terms, its use could revolutionize cybersecurity in the professional world, within companies and organizations for example. As they have been highly vulnerable to cyber-attacks for several years now, some weak passwords of employees have enabled hackers to fraudulently break into computer systems.
As a result, the use of a passphrase by company employees to secure their professional identifiers can represent a real alternative. By encouraging them to use a passphrase, companies can guarantee a certain number of things:
- No use of passwords with a “classic” structure, as mentioned above
- No re-use of a single password for different accounts
- A unique password that is long and easy for each employee to remember
More fun, more accessible and enabling a truly robust password policy, the use of the passphrase, if it becomes more widespread, could be the best ally in terms of cybersecurity, both professionally and personally.
The use of the passphrase in response to the NIS 1 & 2 directives
Overall, according to ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), the NIS 1 and 2 directives aim to ensure a high and common level of security for networks and information systems in the European Union. Therefore, strengthening password security fully meets the requirements of these two directives.
Therefore, on a professional level, the fact that a company makes its employees aware of the use of the passphrase as a password also meets the requirements of these directives, particularly in terms of employee training.
Matthias LEVIEUX
M2 Cyberjustice – promotion 2023/2024
#password #security #RGPD #NIS2
Sources :
https://fr.wikipedia.org/wiki/Phrase_secr%C3%A8te
https://www.it-connect.fr/pourquoi-faut-il-preferer-les-passphrases-aux-mots-de-passe/