Passphrase

graphic of a passphrase being entered in.

What is a passphrase?

A passphrase is a string of words used to help users remember longer, more complex passwords. The more characters, and varying types of characters, present in a password, the more difficult it will be for hackers to crack using a brute force attack.

This disparity in password strength can be demonstrated using sites that calculate how long a brute force attack would require to crack a password. In this case, we used howsecureismypassword.net/.

The first example shows that this string of eight characters lacking entropy would take an hour to crack. Password: “Passw0rd”

Image describing how long it would take to crack a password.

This example shows that a string of 100 characters that uses a variety of special and characters and numbers would take a massive 1 vigintillion years to crack with a brute force attack. Passphrase: “P@ssPhra$e$AreM0reS3cureTh&nSimp!ePasswords”

Image showing how long it would take to crack a password.

Passphrases typically take the form of a sentence or full statement. The phrase should have some sort of personal meaning to the user so the password it denotes will be easy to remember. The overall goal is to make it less stressful for users to regularly use more secure passwords.

Passphrases for encryption

Passphrases are commonly used to control access to and the operation of cryptographic systems, also known as encryption. This is a common technique used to secure data at rest and in motion.

Encryption is often used to secure entire systems for organizations large and small. This means that large amounts of sensitive information are at risk if encryption fails. Passphrases are typically used as encryption keys due to their increased security.

Passphrase best practices

There are a number of best practices for creating a passphrase to ensure it’s optimally secure.

Make them long

Passphrases should be substantially longer than an average password. Most passwords fall somewhere between eight to 16 characters in length. A passphrase can be up to 100 characters in length.

Make it meaningful

A passphrase should be a sentence or complete statement that holds personal meaning to the user. This helps ensure it is both easy to remember and it’s unique. Avoid using famous quotes, as others are likely to use similar passphrases.

Use special characters

Replace some letters in the passphrase with similar special characters or numbers. For example, replace “a” with “@” or “o” with “0.” Increasing the randomness of the characters in a password is called entropy and is one of the best ways to improve the security of passphrases and passwords alike.

Only use them once

Passphrases should not be reused for different systems. They are still more secure than passwords but they are not invulnerable. Passphrases should be easy to remember, making it easier to use multiple unique passphrases.

Keep them safe

If you’re going to store passphrases, make sure they are stored safely. Password managers are good tools for securely storing passwords. Learn about the best password managers.

 

Kyle Guercio
Kyle Guercio
Kyle Guercio has worked in content creation for six years contributing blog posts, featured news articles, press releases, white papers and more for a wide variety of subjects in the technology space.

Related Articles

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...

Infographic

An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...

Phishing

What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...