Home / Definitions / Passphrase


Kyle Guercio
Last Updated July 26, 2021 5:01 am

graphic of a passphrase being entered in.

What is a passphrase?

A passphrase is a string of words used to help users remember longer, more complex passwords. The more characters, and varying types of characters, present in a password, the more difficult it will be for hackers to crack using a brute force attack.

This disparity in password strength can be demonstrated using sites that calculate how long a brute force attack would require to crack a password. In this case, we used howsecureismypassword.net/.

The first example shows that this string of eight characters lacking entropy would take an hour to crack. Password: “Passw0rd”

Image describing how long it would take to crack a password.

This example shows that a string of 100 characters that uses a variety of special and characters and numbers would take a massive 1 vigintillion years to crack with a brute force attack. Passphrase: “P@ssPhra$e$AreM0reS3cureTh&nSimp!ePasswords”

Image showing how long it would take to crack a password.

Passphrases typically take the form of a sentence or full statement. The phrase should have some sort of personal meaning to the user so the password it denotes will be easy to remember. The overall goal is to make it less stressful for users to regularly use more secure passwords.

Passphrases for encryption

Passphrases are commonly used to control access to and the operation of cryptographic systems, also known as encryption. This is a common technique used to secure data at rest and in motion.

Encryption is often used to secure entire systems for organizations large and small. This means that large amounts of sensitive information are at risk if encryption fails. Passphrases are typically used as encryption keys due to their increased security.

Passphrase best practices

There are a number of best practices for creating a passphrase to ensure it’s optimally secure.

Make them long

Passphrases should be substantially longer than an average password. Most passwords fall somewhere between eight to 16 characters in length. A passphrase can be up to 100 characters in length.

Make it meaningful

A passphrase should be a sentence or complete statement that holds personal meaning to the user. This helps ensure it is both easy to remember and it’s unique. Avoid using famous quotes, as others are likely to use similar passphrases.

Use special characters

Replace some letters in the passphrase with similar special characters or numbers. For example, replace “a” with “@” or “o” with “0.” Increasing the randomness of the characters in a password is called entropy and is one of the best ways to improve the security of passphrases and passwords alike.

Only use them once

Passphrases should not be reused for different systems. They are still more secure than passwords but they are not invulnerable. Passphrases should be easy to remember, making it easier to use multiple unique passphrases.

Keep them safe

If you’re going to store passphrases, make sure they are stored safely. Password managers are good tools for securely storing passwords. Learn about the best password managers.