passphrases

The latest news in password safety is to stop using passwords.  Use passphrases instead.

passphrase log in graphic

Passwords were invented in the mid 1960s at MIT.  They are the bane of tech users everywhere.  If the passwords are too easy, users risk being hacked, and if the passwords are too complicated their users will forget them or have difficulty typing them in accurately.    Almost half of Americans have had their accounts hacked in the last year.  Not all websites can accept passphrases yet.  If a website limits passwords to under 16 characters, try to make it as complicated as possible and hope the site will enable passphrases soon.

The difference:

As you know, a password is usually 8-10 letters or symbols or a combination of both.  A passphrase is longer than a password and often contains spaces between words, like “Humpty Dumpty loved Mother Goose!”.  A passphrase can also contain symbols and does not have to be grammatically correct or even a complete sentence.  The primary difference between the two is that passwords do not have spaces, passphrases can, and passphrases are longer than most passwords.

Why switch:

  • Passphrases are easier to remember
  • Passwords have become too easy to hack
  • All major operating systems support passphrases (up to around 127 characters long)
  • Passphrases are almost impossible to crack due to their length
  • A passphrase protects users against ‘dictionary attacks’ more than a password does
  • The longer length of passphrases prevents users from using personal information like a pet’s name or child’s birthday which is very easy for hackers to discover

Secure passphrases:

  • Do not use a passphrase that is a common lyric or quote that someone familiar with you can guess. Use your favorite line from an obscure book or movie, or a phrase that has meaning only to you, “My very favorite cats 0f all time were named Max and Fuzz” for example.  Note the use of the number 0 instead of the letter o.
  • Passphrases that are 40 or 50 characters long are very secure. Four words are fine but five are better.
  • Don’t choose common words. Random unusual words are best and throwing in a word in another language is even better.
  • Use a unique passphrase for every important account you have. That way, if one is hacked, the others are safe.
  • Feel free to add upper case letters, symbols, or numbers which will increase the strength of the passphrase.
  • One website suggested scanning the room you are in and making up a passphrase based on what you see, like “Desk photo Computer mug cha1r” (note the use of the number 1 in place of an i).
  • There are lists of words in many languages you can pick from. Here is one in English.
  • Don’t forget to write down your passphrases somewhere and store them in a password manager.

For information about password managers read this ASE article: