What is a passphrase?

A passphrase is a password composed of a sentence or combination of words. The sequence of words can be entirely random or form a logic sequence. Passphrases aim to create a stronger barrier against unauthorised access because of their length and complexity.

As password length is the most important factor determining its safety, passphrases are less likely to be hacked than one-word passwords. Even contemporary industry standards, such as the NIST Digital Identity Guidelines, require the use of passphrases.

Passphrases are commonly used in encryption, secure authentication, and as a means to access sensitive information or accounts.

Key characteristics of passphrases

Length: Passphrases are typically longer than traditional passwords, often consisting of multiple words, making them harder to guess and harder to break using brute force attacks.

Complexity scaling: Passphrases can include a combination of words, numbers, and symbols to increase complexity. However, the primary focus is on length rather than complexity through special characters. Therefore, you can easily manipulate the complexity of a passphrase by simply adding more words, instead of choosing difficult-to-remember special characters.

Ease of Remembering: Passphrases are designed to be easier to remember than a random sequence of characters, as they consist of words or familiar phrases. This makes them more user-friendly.

Security: Longer passphrases offer better security against brute force attacks, where an attacker tries all possible combinations to guess the passphrase. The longer the sequence of words is, the higher level of security it provides.

Entropy:

Passphrases can have high entropy, which measures the unpredictability of a cryptographic key. Longer passphrases tend to have higher entropy and therefore result in a stronger cryptographic protection.

What passphrase should you choose?

Of course, you shouldn’t use well-known phrases or idioms. A good passphrase may consist of just four random words stitched together. Ideally, it should be 64 characters or longer.

When creating a passphrase, it’s essential to choose words that are not easily guessable or related to your personal information. The goal is to strike a balance between security and memorability.

For example, you may choose a phrase that has a personal reference for you, such as:

“good old dog lived twelve years“, or

“my mom’s soup contains too much salt“.

Here, in these two examples, you can easily notice that a passphrase is much easier to remember than a random mix of characters and safer at the same time.

Passphrases vs. passwords

Hackers may try to hack your password by several types of attacks. For example, a so-called dictionary attack uses a database of words and symbols to guess passwords. Passphrases are more immune to this kind of attack as they are made of multiple words.

Another way hackers try to harm you, a brute force attack, is a trial to guess the password by using personal information, such as birthdays, animals, and favourite sports teams. Sometimes, lists of commonly used passwords are used. Using a passphrase is a good way to avoid such types of attacks.

To sum up, using a passphrase is a simple way to improve your safety online. Of course, you must also take other well-known precautions, such as always using different passwords on different sites, and also avoiding leaking your passphrase or even its fragments to any person.