{"id":66,"date":"2004-10-21T00:00:00","date_gmt":"2004-10-21T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/10\/21\/microsoft-blogger-replace-windows-passwords-with-passphrases\/"},"modified":"2021-12-30T11:36:26","modified_gmt":"2021-12-30T11:36:26","slug":"microsoft-blogger-replace-windows-passwords-with-passphrases","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/10\/21\/microsoft-blogger-replace-windows-passwords-with-passphrases\/","title":{"rendered":"Microsoft Blogger: Replace Windows Passwords With Passphrases"},"content":{"rendered":"<p>A Microsoft security manager is advocating the use of multi-word &#8220;passphrases&#8221; rather than passwords to secure Windows networks, arguing that passwords of less than 10 characters are inadequate against the latest hacking techniques.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a blog post titled &#8220;Why you shouldn&#8217;t be using passwords of any kind on your Windows networks&#8221;, Robert Hensing argues that the inclusion of password-cracking tools in recent worms and trojans illustrates the need for sturdier authentication schemes.<\/p>\n<p>Hensing notes that Windows 2000 and Windows Server 2003 support passphrases of up to 127 characters, including spaces and unicode characters.<\/p>\n<p>Some older Unix versions using the Data Encryption Standard (DES) only support passwords up to eight characters, or ignore any characters after the first eight.<\/p>\n<p>Epps suggests an alternative method: select a passphrase, type out the first letter of each word, and any numbers and punctuation that come out of it.<\/p>\n<p>Even longer passphrases are not immune to crackers who are persistent with dictionary attacks, powerful processors and social engineering, as noted in the passphrase FAQ, which emphasizes that good passphrases should be obscure.  &#8220;The short version on common phrases is don&#8217;t use them ever,&#8221; it advises.<\/p>\n<p>Microsoft will have more to say on passphrases, according to Hensing, whose blog post has been widely discussed on mailing lists in recent days.<\/p>\n<p>http:\/\/news.netcraft.com\/archives\/2004\/10\/21\/microsoft_blogger_replace_windows_passwords_with_passphrases.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-66","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/66","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=66"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/66\/revisions"}],"predecessor-version":[{"id":2553,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/66\/revisions\/2553"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=66"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=66"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=66"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}