graphic of a passphrase being entered in.

What is a passphrase?

A passphrase is a string of words used to help users remember longer, more complex passwords. The more characters, and varying types of characters, present in a password, the more difficult it will be for hackers to crack using a brute force attack.

This disparity in password strength can be demonstrated using sites that calculate how long a brute force attack would require to crack a password. In this case, we used

The first example shows that this string of eight characters lacking entropy would take an hour to crack. Password: “Passw0rd”

Image describing how long it would take to crack a password.

This example shows that a string of 100 characters that uses a variety of special and characters and numbers would take a massive 1 vigintillion years to crack with a brute force attack. Passphrase: “[email protected]$e$AreM0reS3cureTh&nSimp!ePasswords”

Image showing how long it would take to crack a password.

Passphrases typically take the form of a sentence or full statement. The phrase should have some sort of personal meaning to the user so the password it denotes will be easy to remember. The overall goal is to make it less stressful for users to regularly use more secure passwords.

Passphrases for encryption

Passphrases are commonly used to control access to and the operation of cryptographic systems, also known as encryption. This is a common technique used to secure data at rest and in motion.

Encryption is often used to secure entire systems for organizations large and small. This means that large amounts of sensitive information are at risk if encryption fails. Passphrases are typically used as encryption keys due to their increased security.

Passphrase best practices

There are a number of best practices for creating a passphrase to ensure it’s optimally secure.

Make them long

Passphrases should be substantially longer than an average password. Most passwords fall somewhere between eight to 16 characters in length. A passphrase can be up to 100 characters in length.

Make it meaningful

A passphrase should be a sentence or complete statement that holds personal meaning to the user. This helps ensure it is both easy to remember and it’s unique. Avoid using famous quotes, as others are likely to use similar passphrases.

Use special characters

Replace some letters in the passphrase with similar special characters or numbers. For example, replace “a” with “@” or “o” with “0.” Increasing the randomness of the characters in a password is called entropy and is one of the best ways to improve the security of passphrases and passwords alike.

Only use them once

Passphrases should not be reused for different systems. They are still more secure than passwords but they are not invulnerable. Passphrases should be easy to remember, making it easier to use multiple unique passphrases.

Keep them safe

If you’re going to store passphrases, make sure they are stored safely. Password managers are good tools for securely storing passwords. Learn about the best password managers.


Kyle Guercio
Kyle Guercio has worked in content creation for six years contributing blog posts, featured news articles, press releases, white papers and more for a wide variety of subjects in the technology space.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...


Telecommunication refers to telephony and cellular network technology. However, the broader definition includes...


What is spoofing? As it pertains to cybersecurity, spoofing is when a person disguises...

How to Indent in...

Microsoft Word is a graphical word...