What Is A Passphrase?

Date First Published: 4th July 2023

Topic: Cybersecurity

Topic: Security Mechanisms & Technologies

Computer Terms & Definitions

Difficulty Level: 3/10

Learn about what a passphrase in this article.

A passphrase is a sequence of words and letters, separated by spaces that is used to authenticate a user before signing in. They are used in combination with usernames or email addresses as a security feature, or for separate authentication. Although a passphrase has the same security feature as a password, it is slightly different. Unlike a password which is only a string of characters, a passphrase is a string of multiple words and is longer, providing better protection against any attempts to guess or crack it.

Methods Of Choosing Passphrases

Passphrases can be developed using specific personal phrases, memories, and stories that are well-known by the user, but not other people. Some passphrases are randomly selected from a long list, a technique known as diceware.

Another method of choosing a passphrase is by taking two phrases, turning one into an acronym, and using it as the passphrase. For example, 'the cat sat on the mat in the kitchen' would become tcsonmitk and 'the family moved house to a quieter place in November' would become tfmhtaqpin. Combining the two phrases would result in the 20-character passphrase 'tcsonmitk tfmhtaqpin'.

Benefits Of Passphrases

Compared to passwords, the benefits of passphrases are:

• They are usually easier to remember. Compared to a long password that contains a mix of numbers, letters, and symbols, 4-8 words that are 20-30 characters in length are generally easier to remember.
• They are often more secure. Because passphrases are usually longer than passwords, they are often more secure. Passphrases can be up to 100 characters and contain symbols, making them much more difficult to guess or crack than a password. Even very advanced tools may not be able to successfully brute force a passphrase that contains random words.
• They are supported by most modern applications and operating systems. Since most modern applications and operating systems support passwords of over 30 characters, passphrases can be used instead of passwords. As long as a system doesn't limit the length of a password by a maximum of 30 characters, a passphrase can be used.

Best Practices For Passphrases

Some best practices for passphrases are:

• Use an easy-to-remember phrase, but do not use phrases that can be easily guessed, like song lyrics, well-known quotes, and common sayings.
• Capitalise certain words in the passphrase to make it harder to guess.
• Always use spaces within and between words to make them more memorable.
• Consider using numbers and special characters, like commas and ampersands to make the passphrase stronger.
• Do not reuse passphrases across multiple sites, applications, or sources. If someone correctly guessed the passphrase, all other accounts using that same passphrase would also be at risk as they might try the same username and passphrase combination on other applications and sites in the hope of correctly guessing it.
• Consider using abbreviated spellings of words to make them stronger.
• Make the passphrase long enough so that it cannot be easily guessed. Ideally, a passphrase should be at least 20 characters. The more characters a passphrase contains, the stronger it is. Avoid using very short passphrases as these are much easier to guess.

Your like or dislike has been added successfully. To see the changes, reload the page.

Log in to like or dislike this comment.

Comments