BlogDefence14TH DEC 2023
AuthorSamir Yawar
6 min read
Defence

Tired of Passwords? Use a Passphrase Instead

Twitter
Facebook
WhatsApp
Email
LinkedIn
A feature image about passphrase

There are times when a password just doesn't cut it. Many passwords fall short against brute force attacks that keep guessing the magic word until they gain access to your data. But hey, you can always use a passphrase.

A passphrase you say?

It's true. After human error, bad passwords represent the weakest link in cybersecurity.

And a passphrase? It can take care of a lot of bad cybersecurity practices. They can be better than passwords.

How? Let us explain.

What is a passphrase?

In simple words, a passphrase serves as a longer and more secure alternative to traditional passwords. Just like their young cousin, passphrases are also used for authenticating and securing access to digital resources.

"Passwords" + "phrase" = passphrases.

Passwords are short. Passphrases are long. Both serve the same purpose. Only passphrases make it harder to crack through brute-force attacks.

That sounds easy enough to remember.

What you need to make a strong passphrase?

Three things can help you keep the baddies out with a strong passphrase:

Length

  • The main characteristic of a passphrase, it can be at least 15 characters in length. The longer it is, the better.

  • Experts say a 15 character passphrase is a tougher cookie to crack than a 12-character password with sophisticated stuff.

  • Passphrases can be lengthened with spaces. Woo for more personal space (and security).

Examples of lengthy passphrases: MyComputerIsBetterThanYours and My Computer Is Better Than Yours.

Memorability

A misconception about passphrase length is that the bigger they are, the more harder they are to remember. Wrong!

You see, a passphrase is easier to remember if its a short sentence.

Example of a memorable passphrase: This icecream doesnt taste good.

Complexity

A long passphrase is more secure than a shorter but complex password. They offer enhanced password security.

But just like in a password, you can use a combination of different types of characters, such as uppercase and lowercase letters, numbers, and symbols.

Example of a complex passphrase: @reYOUNOTentertained!

To summarize:

How to create a passphrase

We're so glad you asked. Here's how you can make a passphrase:

  • Select four words to ten words.

  • Think up a sentence at least 15 characters long. It can be a song lyric you wrote, a favorite quote, or something else.

  • Or you can check your surroundings for a few random objects and combine them for a passphrase.

  • Now you have yourself a nice passphrase. For better protection, consider changing up a few of those letters with capitalizations or symbols for a more complex passphrase.

Types of passphrases

Want to make it more easy to think up passphrases? How about we look at some common types of passphrases to get you thinking:

Mnemonic passphrases

A mnemonic phrase consists of a series of words or other data easy to remember. The term is often used with an easily recognized song, picture, or other association.

Think of this passphrase as a poetic symphony of words, as you create a memorable sentence like "I saw a purple bear at the pier." It's like crafting a story only you know, turning your security into a captivating tale. Easy to remember, yet hiding a mysterious narrative behind its seemingly random dance of words.

Random passphrases

Imagine your digital fortress guarded by a whimsical combination of words dancing together e.g. something like DropmangohammerlaptoppeacocK.

It's like a secret language only you understand, making your passphrase difficult to guess by anyone else. Just remember, it's a bit like taming a wild unicorn – challenging but oh-so-magical.

Keyboard pattern passphrases

What if you use your keyboard to type some letters in a specific pattern? It's like a dance party for your security, where each word knows the perfect move.

Your passphrase becomes a rhythmic dance, with each word gracefully starting where its neighbor left off.

Image-based passphrases

Unleash the artist within to create a passphrase inspired by your favorite images. Picture family photos from a sunny beach day transforming into Sandwich Gone Thanks 1 N@sty $eagull.

It's like turning memories into a secret code, where each word paints a vivid scene, and only you hold the brush.

Benefit of using a passphrase

There's plenty of reasons why passphrases are better than passwords:

Disadvantages of passphrases

There are a few concerns that hinder the adoption of passphrases over passwords:

Passphrases vs Passwords - Conclusion

The choice between passphrases and passwords hinges on a delicate balance between security and usability. Passphrases, with their longer length and complexity, offer enhanced resistance to attacks, making them a robust option for safeguarding digital assets. However, the perceived complexity and potential usability challenges must be weighed against the straightforward nature of passwords.

Striking the right balance involves considering the specific context, user preferences, and the security requirements of the system. Ultimately, both passphrases and passwords have their merits, and the optimal choice depends on finding the sweet spot that aligns with individual and organizational needs.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
A passphrase is a sequence of words or other text used to gain access to a system, application, or digital account. It is a form of authentication, often replacing or complementing traditional passwords.
While a password is typically a shorter combination of characters, including letters, numbers, and symbols, a passphrase is longer and often composed of multiple words. Passphrases aim to be more secure and memorable than traditional passwords.
Passphrases offer increased security because of their length and complexity. Longer combinations of words are generally more resistant to brute-force attacks and provide a more user-friendly authentication experience.