What is a passphrase?
- IAM Glossary
- What is a passphrase?
A passphrase is a string of words used as a password to log in to an online account or application. Since passphrases consist of a combination of random words, they are typically longer than traditional passwords. Strong passphrases consist of at least 16 characters but can go upwards of 100 characters, making them both easy to remember and difficult for cybercriminals to crack or guess.
Passphrase vs Password: What’s the difference?
The key differences between passphrases and passwords are how they’re created, memorability and which is considered to be more secure.
Creation
Passphrases consist of multiple words strung together. The more words a passphrase is made up of, the longer it is and the more difficult it’ll be for cybercriminals to crack. Passwords, on the other hand, consist of a random string of characters. They are recommended to be at least 16 characters long and include a random combination of letters, numbers and symbols. While both passphrases and passwords can be created by users, there are also free password and passphrase generators available to use online.
Memorability
Since passphrases are made up of multiple words, they’re often easier for users to remember than passwords. Memorising strong passwords is almost impossible to do because they consist of random letters, numbers and symbols that users would be unable to remember on their own.
Security
In terms of which is more secure, both passwords and passphrases can be secure. However, because many individuals attempt to remember traditional passwords on their own, they are often weak or reused across multiple accounts. This increases the likelihood of those passwords being cracked or easily guessed by cybercriminals. Passphrases, on the other hand, are typically more secure because they’re longer, contain spaces or separators, have uppercase and lowercase letters and include symbols.
Types of passphrases
There are many different types of passphrases, but here are two of the most common types that are used.
Random passphrases: A random passphrase is just as its name implies – random – meaning it contains completely random words. These passphrases can be created on one’s own or using an online passphrase generator tool.
Mnemonic passphrases: A mnemonic passphrase is a passphrase that is made up of random words but is memorable by the individual who creates it. These passphrases are created by associating the passphrase with something the user will easily remember, like a memory they have.
How to create a strong passphrase
Before we get into how to create a strong passphrase, you first have to know what you shouldn’t include in a passphrase. Never include the following in a passphrase:
- Personal information
- Popular sayings or phrases
- Song lyrics
Now that you know what not to include in a passphrase, here’s what a passphrase should contain.
- At least 16 characters – this means at least four four-letter words
- Symbols
- Uppercase and lowercase letters
- Random words
Keep in mind that passphrases don’t need to form a proper sentence or be grammatically correct. The more random the words are, the better. If you’re planning to use passphrases for each of your online accounts, be sure each of them has its own, unique passphrase.
Examples of strong passphrases
Here are a few examples of strong passphrases.
- fragrancE underfoot! erasure happiness fastness
- appetite-Corporate-pap@ya-deduce-acquire
- statistcsuitoreggp!antcannonstarboArd
The benefits of using a passphrase
Here are some of the benefits of using passphrases over traditional passwords.
Easier to remember than traditional passwords: Most individuals find that remembering four or more random words is easier to remember than a complex password that consists of random characters.
More secure than traditional passwords: Since passphrases can be made with upwards of 100 characters, they are considered to be more secure than traditional passwords that don’t follow password length best practices.
Can’t be as easily cracked as traditional passwords: Passwords are often created without following password best practices, meaning they are short and not complex. While cybercriminals have several types of password-cracking methods, cracking a long passphrase would take more time for a cybercriminal than a short, weak password.
The disadvantages of using a passphrase
The main disadvantage of using passphrases is that because they’re longer than most traditional passwords, some websites and applications may have limits on how many characters you can include in your passwords. For these types of websites and apps, you’ll be forced to decide between a shorter passphrase, which is less secure, or a strong password that you won’t be able to remember. Some websites also don’t allow spaces in passwords, so you may have to string all the words together or use separators in the passphrase.
Easily remember login credentials with passphrases
With so many accounts, using passphrases can make it a lot easier for users to remember their passwords without compromising their security. As long as the user follows passphrase best practices and also enables Multi-Factor Authentication (MFA), their accounts will be secure from password-cracking attempts.