What is a passphrase?
A passphrase is a string of words used to help users remember longer, more complex passwords. The more characters, and varying types of characters, present in a password, the more difficult it will be for hackers to crack using a brute force attack.
This disparity in password strength can be demonstrated using sites that calculate how long a brute force attack would require to crack a password. In this case, we used howsecureismypassword.net/.
The first example shows that this string of eight characters lacking entropy would take an hour to crack. Password: “Passw0rd”
This example shows that a string of 100 characters that uses a variety of special and characters and numbers would take a massive 1 vigintillion years to crack with a brute force attack. Passphrase: “P@ssPhra$e$AreM0reS3cureTh&nSimp!ePasswords”
Passphrases typically take the form of a sentence or full statement. The phrase should have some sort of personal meaning to the user so the password it denotes will be easy to remember. The overall goal is to make it less stressful for users to regularly use more secure passwords.
Passphrases for encryption
Encryption is often used to secure entire systems for organizations large and small. This means that large amounts of sensitive information are at risk if encryption fails. Passphrases are typically used as encryption keys due to their increased security.
Passphrase best practices
There are a number of best practices for creating a passphrase to ensure it’s optimally secure.
Make them long
Passphrases should be substantially longer than an average password. Most passwords fall somewhere between eight to 16 characters in length. A passphrase can be up to 100 characters in length.
Make it meaningful
A passphrase should be a sentence or complete statement that holds personal meaning to the user. This helps ensure it is both easy to remember and it’s unique. Avoid using famous quotes, as others are likely to use similar passphrases.
Use special characters
Replace some letters in the passphrase with similar special characters or numbers. For example, replace “a” with “@” or “o” with “0.” Increasing the randomness of the characters in a password is called entropy and is one of the best ways to improve the security of passphrases and passwords alike.
Only use them once
Passphrases should not be reused for different systems. They are still more secure than passwords but they are not invulnerable. Passphrases should be easy to remember, making it easier to use multiple unique passphrases.
Keep them safe