PASSPHRASE

What is a passphrase

A passphrase is a sequence of words, typically longer than a traditional password, used to authenticate or secure access to a computer system, online account, or other digital resource. A passphrase usually consists of a combination of words that are easy to remember, but difficult for others to guess or crack through brute force attacks.

Unlike a traditional password, which typically consists of a shorter combination of characters (such as letters, numbers, and symbols), a passphrase can be more complex and longer, and may include spaces between words. Passphrases are often used to provide enhanced security for sensitive accounts or data, as they are more resistant to hacking and can be easier to remember for the user.

It’s easy to see why the concept of setting complex passwords has been drilled into our heads by social media platforms, email accounts, banking websites, and cybersecurity think tanks. A short and simple password can easily be hacked by a brute force attack, resulting in serious consequences for individuals and organizations alike.

Individuals can suffer from doxing, blackmail, financial crimes, and identity theft due to a breached password. An organization can suffer from all this, plus extortion, data theft, reputational damage, and loss of operational capacity.

Bad passwords are far too often the weakest link in cybersecurity.

Despite the concerted effort from researchers and organizations to educate users, many people continue to set weak passwords. Even some top executives, such as CEOs set bad passwords like QWERTY, putting their companies at risk to hackers.

One theory is that complex passwords are too challenging to remember. Many modern professionals lack the time to track and regularly update multiple complex login credentials.

For such users, passphrases could be the solution. According to experts, we should be using passphrases instead of passwords. And while it may seem counterintuitive, passphrases can be more secure than passwords despite being less complex.

Read this in-depth guide for more on:

• What does passphrase mean?
• Password vs passphrase.
• Passphrase examples.
• Are passphrases more secure?

Passphrase definition: What is a passphrase?

The word passphrase is a portmanteau of the words “phrase” and “password.” It’s used just like a password to gain secure access to a device, computer, account, or network. The difference is in the way it’s structured. You can think of a passphrase as a short sentence that’s at least 15 characters in length and consists of four or more words. By contrast, a password is usually shorter and more complicated. An example of a passphrase can be VirusOrMalwareMyDefenseIsRed.

What makes a strong passphrase? 

Length 

Length is the most critical characteristic of a strong passphrase. Your passphrase must be at least 15 characters, though the longer, the better. Experts say that a 15-character passphrase is harder to crack with a brute force attack than a 12-character sophisticated password. You can also use spaces to lengthen your passphrase.

For example, VirusOrMalwareMyDefenseIsRed can be lengthened to Virus or Malware My Defense Is Red with spaces between letters.

Complexity 

As mentioned, a long passphrase is already stronger than a shorter, more complex password. A strong passphrase contains a combination of different types of characters, such as uppercase and lowercase letters, numbers, and symbols.

Still, you can make your passphrase even stronger by following some of the same rules from when you learned how to create a strong password.

Memorability 

A critical advantage of setting a passphrase is that it’s easier to remember because its strength is length rather than complexity. In other words, a short sentence with random words is easier to memorize than a shorter password with random numbers and symbols.

How to create a passphrase

Creating a passphrase is a straightforward task. Select four words to ten words and create a sentence that’s at least 15 characters long. It can be a song lyric you wrote, an inside joke, or something else. You can look around in your surroundings for ten random objects and combine them for a passphrase you are unlikely to forget.

Your simple but long passphrase is safer from a brute force attack than a shorter, more complex password. However, you can add some complexity to make it more secure. Consider changing some letters into numbers and adding random capitalizations and symbols for a little more complexity.

For example, you can make the passphrase Virus or Malware My Defense Is Red more secure by changing it to virus 0r Malware My Defense Is R3d.

Passphrase vs password: What is the difference? 

The two main differences between a password and a passphrase are length and sophistication. A passphrase is a short sentence consisting of 15 characters or more. A good password is 8-12 characters long and complex. Another difference is that passphrases are more difficult for hackers to crack with brute force attacks than shorter and more complex passwords because of their length.

Length is key, especially with hackers able to utilize more sophisticated tools to guess shorter passwords. For example, thermal cameras could reveal your password with eye-opening accuracy if it’s 12 or fewer characters.

Types of passphrases

• Random passphrase: A random passphrase is made up of completely random words. It may be more secure than a mnemonic passphrase, but it’s also more challenging to remember. An example of a random passphrase is DropmangohammerlaptoppeacocK
• Mnemonic passphrase: A mnemonic passphrase carries a combination of unique words that may appear random but create a memorable sentence. Here is an example of a mnemonic passphrase: Amsterdam-exotic-necromancer.
• Keyboard pattern passphrase: This type of passphrase carries a chain of words, with each word starting with the first letter of a keyboard pattern. For example, Quick Wick Eat Rice Tomato Yam follows the qwerty pattern.
• Image-based passphrase: You can draw words from an image to create an image-based passphrase. For example, you may look at family photos from a day at the beach to create Sandwich Gone Thanks 1 N@sty $eagull.

Passphrase examples 

An example of a good passphrase is virus 0r Malware My Defense Is R3d. It’s long, memorable, somewhat random, and carries some special characters. A good passphrase can be more or less complex. Here are some more passphrase examples

1. PurpleElephantsSlidingOverClouds
2. 3@pples&Or@nges#Ban@nas
3. ChocolateCakeIsMyFavourite dess3rt

Benefits of using a passphrase 

They are easy to remember 

Passphrases are easier to remember than passwords because they’re longer and simpler. Unlike a new password, you may not even have to write a new passphrase down. Even if you make your passphrase more complex with a special character or two, it will be easier to remember than a complex password. 

They are harder to crack 

A powerful computer doesn’t require much time to crack a short password. But a long but simpler passphrase requires much more time to crack. Passphrases that are long and sophisticated are almost impossible to hack, even with powerful tools.

They prevent password reuse 

Research finds that most people reuse their passwords. In fact, in the first three months of 2019, Microsoft found that 44 million accounts reused passwords in a study of breached databases. Reusing passwords is a problem because a hacker can use a stolen password to access multiple accounts.

Some people hesitate to change complex passwords because they’ll have to memorize new ones. But this problem can be potentially resolved when people use easier-to-memorize passphrases.

They improve user experience 

Unless you’re using a password manager, inputting unique complex passwords in accounts across different computers, devices, and operating systems can be frustrating. However, passphrases are easier to memorize and input. You have to enter fewer special characters, if any.

Cons of using a passphrase 

The biggest disadvantage of switching to passphrases is that many systems are designed to receive passwords instead of passphrases. For example, some enterprise-level productivity platforms will not accept a long passphrase. Similarly, many apps designed for users only accept short passwords. For example, the password for the McDonald’s app must be 8-12 alphanumeric characters.

While some platforms allow users to set passphrases up to 100 characters long, they still enforce the same complexity rules. In other words, even if you set a 100-character passphrase, you still must use a mix of upper and lowercase letters, numbers, and symbols, while avoiding words that make sense. Some users may find it counterproductive to create a long passphrase that’s also following strict password creation rules.

8 Tips for a Strong Passphrase

1. Use long passphrases 

A passphrase should be 15 characters minimum in length. However, that shouldn’t stop you from creating a longer passphrase. A longer passphrase is more resistant to a brute-force attack.

2. Mix it up 

Use four to ten words in your passphrase. Consider mixing up these words. A mixed-up passphrase may not necessarily be harder for a computer to hack, but it can be more challenging for a human being to guess.

For example, “My Favorite Food Is Pizza” may be easier for your roommate to guess than “Is Pizza Food Favorite My.”

3. Use unique passphrases for different accounts 

You’re putting all your accounts at risk by using one passphrase or password for all your accounts. One cracked passphrase will allow a hacker to breach multiple accounts instead of one. Fortunately, it’s easier to set unique passphrases for different accounts because they’re more straightforward to remember.

4. Don’t use personal information 

Some of the rules for creating a good password also apply to passphrases. Some of your personal information can be found on social media pages and can be used to hack your login credentials. So, avoid using personal information such as your name, address, or birthdate in your password.

5. Update passphrases regularly 

Another important rule of good password hygiene is to update your passphrases regularly. While passphrases are harder to crack, they’re not impossible to breach. Update them to stay one step ahead of threat actors. The good news is that passphrases are easier to update regularly because they’re simpler to memorize.

6. Keep passphrases private 

Never share your login credentials with anyone. Even if it’s someone without malicious intent, they may be careless with your passphrases. Your passphrases are your digital keys and must be kept secret. You may also avoid sharing passwords with your partner if they’re careless about cybersecurity.

7. Keep passphrases memorable 

While it’s important to mix up your passphrases, you should try to keep them memorable to avoid forgetting them. Find the right balance between complexity and memorability to keep your account secure and optimize your user experience.

8. Use a passphrase manager 

A top password manager will remember your long passphrases too. It will also help you update your passphrases and make your digital life easier. Just remember to stay safe from phishing attacks. Especially with Google sponsored ads malvertising targeting users of popular password managers such as 1Password.

If you avoid passphrase managers, you may consider using a password management book. Yes, they have some flaws, but overall, Internet password books are okay — just don’t lose them. 

See also: Passkey