Security.com

passphrase

By Andrew Froehlich

What is a passphrase?

A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack. Typical passwords range, on average, from eight to 16 characters, while passphrases can reach up to 100 characters or more.

Using a long passphrase instead of a short password to create a digital signature is one of many ways that users can strengthen the security of their data, devices and accounts. The longer a passphrase is, the more likely a user is to incorporate bits of entropy, or factors that make it less predictable to a potential attacker. As more websites, applications and services increase their user security requirements, a passphrase is a fast and easy way to meet these criteria. For example, Phil Zimmermann's popular encryption program, Pretty Good Privacy, or PGP, requires the use of a passphrase to sign or decrypt a message.

While passphrases can be used as a substitute for a password anywhere that longer strings of characters are accepted -- such as Windows and macOS operating systems (OSes) -- the most common use of a passphrase is as an encryption key. Because a passphrase is typically longer than a password, it provides better protection against potential attempts to guess or crack it. The use of passphrases to secure password manager applications or services is also common. This provides added security for common passwords -- or those passwords that are difficult to remember.

Comparing a password to a passphrase

There are several differences between a password and a passphrase, as shown in the graphic. Here, the example password is a single string of alphanumeric characters, while the example passphrase consists of four seemingly random words.

Why are passphrases considered superior to passwords?

While passwords and passphrases are designed to accomplish the same goal, there are distinct differences between the two, including the following:

How to use a passphrase

The best way to create a passphrase is to combine a group of words into a phrase that makes sense to the user and is easily remembered but makes no sense to anyone else. Thus, it should not use common phrases or famous quotes, as these can be guessed or cracked far more easily. Instead, passphrases should include words and punctuation that only the user would understand.

Passphrase best practices

Best practices that users can incorporate when creating strong passphrases include the following:

Some ways of developing a passphrase include a personal story or memory specific to the user. Keywords can be used to tell this story -- but, to all others, the words seem completely random. Other methods include the use of mnemonics or random, dice-generated passwords, along with a random document or word list to select words from.

Organizations can implement several digital authentication methods to safeguard their systems and users.

25 Feb 2022

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement