5

When using a passphrase, and someone shows concern about it being cracked in a short number of years due to significant advances in technology or whatnot, often you'll hear the advice "Just add a word or two".

They mean to your existing passphrase, right? Or do they mean create a new passphrase with N+1 or N+2 words this time?

William Kelley
  • 335
  • 2
  • 6
  • 1
    Related: https://security.stackexchange.com/questions/63213/is-it-really-time-to-add-a-word-if-there-are-no-tools-to-crack-passphrases-of?rq=1 – Tom K. Sep 18 '17 at 07:48
  • Passwords being made out of words are way easier to crack (even with leetspeeked and alternating upper, lowercase), so try to avoid them. – SleepProgger Sep 18 '17 at 17:49

1 Answers1

5

They mean create a new passphrase with more words in it.

The main reason for this is that reuse, even if it is just to add something on the end, dramatically improves the chances an attacker will be able to find your passphrase, or in the situation that they may already have it, they could configure a brute force tool to start with your old passphrase and try combinations of that passphrase with a dictionary word added - which makes the attack simple and quick.

re-use is bad. Whether it is using the same passphrase across different sites or applications, or reusing a large portion of your passphrase and just changing the end (or start, etc.)

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320