Security Behaviour Database
/
All Behaviours > SB003 Uses a strong password or passphrase

SB003 Uses a strong password or passphrase

Strong passwords/passphrases should be used for all accounts containing sensitive data, such as workplace accounts, payment-related sites, primary personal email and even social media accounts. Passwords that are over 12 characters long, don't contain personal information (e.g. names, birthdays and places) or are created by password managers and don't appear on haveibeenpwned password lists are the most secure options. You can also create a strong and memorable passphrase using the 'three random words technique' (e.g. LinguiniLONDONpen).


Why is it important?

Passwords/passphrases become stronger with randomness. They are harder to brute force and become less susceptible to dictionary attacks.

Many people consider passphrases to be stronger than passwords. This is due to their length and randomness. Most people agree that they are at least easier to remember, whilst at the same time not compromising strength.

Priority Tier

Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.

Tier 0

Risk Mitigated

Account Compromise

Account Compromise

Account compromise happens when unauthorised people access them.

Further reading

https://krebsonsecurity.com/password-dos-and-donts/ http://130.18.86.27/faculty/warkentin/SecurityPapers/Merrill/IvesWalshSchneider2004_CACM44_4_Domino%20Effect%20of%20Password%20Reuse.pdf
https://www.us-cert.gov/ncas/tips/ST04-002 https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/use-a-strong-and-separate-password-for-email

SebDB is brought to you byCybSafe| © 2023 CybSafe Ltd