You can and should be using spaces in your passwords
By Staff reporter | 27 Nov 2019 at 21:31hrs
If your password is one word, you're doing it wrong - it's time to upgrade to a multi-word "passphrase."
Password strength is one of the most important pieces of online security. The vast majority of hacks result from phishing - the act of guessing users' login credentials based on information gleaned from messages and online profiles - which stems from human error and is easily preventable.
Hackers are also developing increasingly sophisticated methods to track and exchange peoples' passwords, making preventative action all the more crucial.
Business Insider spoke to cybersecurity experts, who outlined simple steps users can take to make sure their online accounts are secure.
Here's what they recommend.
"'Password' is a bit of a misnomer. What you should actually be using is a passphrase," said Kiersten Todt, managing director of the Cyber Readiness Institute and a former cybersecurity adviser to the Obama administration.
"Make that passphrase as long and difficult as possible," Todt added. Four words long is safe, and five is even safer.
Contrary to popular belief, it's perfectly fine to use spaces in your password. Many major sites, like Google and Facebook, accept "space" as a valid password character.
A "passphrase" is stronger than a single password because it increases entropy, or the amount of randomness in a password, making it harder to guess.
The creators of ProtonMail, a security-minded email service, say multi-word passphrases are a solution to the problem that "we humans are bad at creating randomness, and we're bad at remembering things."
Unlike complex one-word passwords with lots of special characters, passphrases are easy to remember. If your 'secure system' isn't easy to use, people won't use it, negating the security benefit," the ProtonMail team argues.
Even when using passphrases, it's crucial to change your password: "The people who are getting hit by hacks are the low hanging fruit who reuse the same passwords," according to Alex Heid, chief technology officer at SecurityScoreCard.