passphrase
A passphrase is a sentence-like string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack. Typical passwords range from 8-16 characters on average while passphrases can reach up to 100 characters in length.
Content Continues Below
Download: Your Complete Guide to IAM
Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more.
Using a long passphrase instead of a short password to create a digital signature is one of many ways that users can strengthen the security of their data, devices and accounts. The longer a password is, the more likely a user is to incorporate bits of entropy, or factors that make the password less predictable to a potential attacker. As more websites increase their user security requirements, a passphrase is a fast and easy way to meet longer lists of criteria. For example, Phil Zimmermann's popular encryption program, Pretty Good Privacy, requires a passphrase when you sign or decrypt a message.
The shorter and more common a password, the easier it is for hackers to use a brute force attack (trying many combinations over and over) to break into a system. Just adding one additional character to the length of a password automatically increases the password's security exponentially, so encouraging password creators to use full phrases has a strong positive impact on security.
Passphrase best practices
Best practices individual users can implement to make passphrases the most secure include:
- Using an easy to remember but uncommon phrase.
- Adding spaces.
- Using capital letters, or making certain words all capitalized letters.
- Adding punctuation.
- Using unusual or abbreviated spellings of words.
- Making some letters numbers.
Join the conversation
1 comment