A passphrase is a sentence-like string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack. Typical passwords range from 8-16 characters on average while passphrases can reach up to 100 characters in length.
Using a long passphrase instead of a short password to create a digital signature is one of many ways that users can strengthen the security of their data, devices and accounts. The longer a password is, the more likely a user is to incorporate bits of entropy, or factors that make the password less predictable to a potential attacker. As more websites increase their user security requirements, a passphrase is a fast and easy way to meet longer lists of criteria. For example, Phil Zimmermann's popular encryption program, Pretty Good Privacy, requires a passphrase when you sign or decrypt a message.
The shorter and more common a password, the easier it is for hackers to use a brute force attack (trying many combinations over and over) to break into a system. Just adding one additional character to the length of a password automatically increases the password's security exponentially, so encouraging password creators to use full phrases has a strong positive impact on security.
Passphrase best practices
Best practices individual users can implement to make passphrases the most secure include:
- Using an easy to remember but uncommon phrase.
- Adding spaces.
- Using capital letters, or making certain words all capitalized letters.
- Adding punctuation.
- Using unusual or abbreviated spellings of words.
- Making some letters numbers.