Preventing Identity Theft – Passphrases vs. Passwords

Written by Bill Pfund, Esq.

Nearly 60 million Americans have been affected by identity theft according to a 2018 survey by The Harris Poll. That same survey indicates nearly 15 million American consumers experienced identity theft in 2017. So, yes, the crime of identity theft is relatively common. And it’s probably safe to assume it won’t be dropping anytime soon. The reason? Data breaches.

While there are many stories of identity theft in the news, what we tend to hear more about are data breaches—in which a company or other organization’s customer’s records, which may include full names, Social Security numbers, and other personal information, are accessed fraudulently.

In 2017, there was a record high of 1,579 data breaches, exposing more than 178 million records. The big one—involving Equifax, one of the three major credit reporting agencies—received a lot of attention. Not only was the number of potential victims quite large at 147.9 million, the kind of information exposed was significant. It included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

What are the most common types of identity theft? According to the Federal Trade Commission, the government agency that maintains a sort of warehouse for identity theft complaints, the crime falls into six major categories:

  1. Employment- or tax-related fraud (34%)
    What it is: A criminal uses someone else’s Social Security number and other personal information to gain employment or to file an income tax return.
  2. Credit card fraud (33%)
    What it is: The thief uses someone else’s credit card or credit card number to make fraudulent purchases.
  3. Phone or utilities fraud (13%)
    What it is: The criminal uses another person’s personal information to open a wireless phone or utility account.
  4. Bank fraud (12%)
    What it is: The fraudster uses someone else’s personal information to take over an existing financial account or to open a new account in someone else’s name.
  5. Loan or lease fraud (7%)
    What it is: A borrower or a lessee uses someone else’s information to obtain the loan or lease.
  6. Government documents or benefits fraud (7%)
    What it is: The criminal uses stolen personal information to obtain government benefits.

The following are some recommendations to avoid becoming the victim of identity theft:

  1. Protect Your Personal Information. Avoid carrying your Social Security card. They key to identity theft is your Social Security number. Don’t provide your SSN to anyone unless there is a legitimate reason, which include occasions when you are applying for employment; opening a financial account, obtaining a credit check; checking or freezing your credit reports.
  2. Protect Your Documents. Use a shredder to destroy sensitive documents. A cross-cut, micro-cut or diamond-cut shredder will prevent documents from being reconstructed. Avoid leaving outgoing mail with personal information in your mailbox for pickup.
  3. Be Vigilant Against Tricks. Never provide personal information in response to an unsolicited request. Never reply to unsolicited e-mail from unknown senders or open their attachments. Don’t click on links from unknown senders.
  4. Protect Your Communication. Keep your computer and security software updated. Don’t conduct sensitive transactions on a computer that is not under your control. Protect your Wi-Fi with a strong password and WPA2 encryption.
  5. Protect Your Digital World. Use strong passphrases (passwords) with at least twelve characters. Use different passphrases for your various online accounts. Consider using password management programs or use the “Notes” app on your phone, as long as you secure the note with a passphrase.

The difference between password and passphrase

A password as you know it is typically composed of not more than 10 letters or symbols, or a combination of both. It could be a string of random symbols such as “B@3!&O$$” or just a word like “yourname”, or a combination of both such as “sh@tup!”.

On the other hand, a passphrase is longer than a password and contains spaces in between words such as this: “The road to success is always under construction!”.

A passphrase can also contain symbols, and does not have to be a proper sentence or grammatically correct. The main difference of the two is that passwords do not have spaces while passphrases have spaces and are longer than any random string of letters.

So why is a passphrase better than passwords?

  1. Passphrases are easier to remember than a random of symbols and letters combined together. It would be easier to remember a phrase from your favorite song or your favorite quotation than to remember a short but complicated password.
  1. Passwords are relatively easy to guess or crack by both human and robots. The online criminals have also leveled up and developed state of the art hacking tools that are designed to crack even the most complicated password.
  2. Satisfies complex rules easily. The use of punctuation, upper and lower cases in Passphrases also meets the complexity requirements for passwords.
  3. Major OS and applications supports passphrase. All major OS including Windows, Linux and Mac allow pass-phrases of up to 127 characters long. Hence, you can opt for longer passphrases for maximum security.
  4. Passphrases are next to impossible to crack because most of the highly-efficient password cracking tools breaks down at around 10 characters. Hence, even the most advanced cracking tool won’t be able to guess, brute-force or pre-compute these passphrases.

Using a passphrase instead of a password will ultimately give you some peace of mind when going about your business online. Just ensure that the phrase you will be choosing is also easy to remember but preferably not a common or popular quote or song that can be easily guessed by someone who knows you.

It should also be at least more than 14 characters long as well to ensure its maximum security. With this new strategy of using pass-phrases in all your important accounts and websites, you can now enjoy a fully-secured online experience.



Submit a Comment

Your email address will not be published. Required fields are marked *