A 15-character passphrase containing special symbols, upper and lowercase letters, and numbers may seem like passphrase overkill. However, with supercomputers that can guess millions of passwords a minute, passphrase policies like those in Handbook AS-805, Information Security, are necessary (see about.usps.com/handbooks/as805/as805c9_019.htm).
Brute force password attacks use the same methodology and repetition as using all the keys on a keyring to open a lock. An attacking computer systematically inputs every possible combination of uppercase and lowercase letters, numbers, and symbols to crack a password.
According to the password strength meter at security.org/how-secure-is-my-password, hackers can crack the password “becybersafe” in roughly one day. If you make this phrase compliant with USPS® policy — such as “B3_Cyb3rS*f3_w0^k”— the passphrase will take 93 trillion years to crack.
Creating a memorable, policy-compliant, and hack-proof passphrase won’t seem like a daunting task if you follow these stress-free steps:
n Select an easy phrase to remember. (Be CyberSafe)
n Change specific letters into special characters or numbers to increase security and originality.
(B3_Cyb3rS*f3)
n Add a unique identifier to further differentiate your passwords across your other accounts.
(B3_Cyb3rS*f3_w0^k)
For more information about creating a hack-proof passphrase, visit the Cybersafe at USPS® pages on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 1-27-22
