What is a passphrase?

A passphrase is an alternative to a password. Instead of a short, complex, and hard to remember password, a passphrase is a long combination of words that is hard to guess, but easy for the creator to remember. The problem with the traditional password, and the reason why the National Institute of Standards and Technology is recommending moving on to passphrases, is a matter of complexity. Many attackers with malicious intent may be able to crack your password even if it contains uppercase and lowercase letters, numbers, and special characters. Simply, the longer the method of authentication (password or passphrase otherwise), the more secure the user. Longer passphrases pose difficulties for attackers to guess or bruteforce their attempts at logging in, this is due to the variety of combinations that come with extra characters.

What makes a strong passphrase?

  • A strong passphrase is something the user can remember easily, while still being in the range of around 20-30 characters.

  • It should contain uppercase and lowercase letters and well as numbers and special characters

  • Idiosyncrasies also aid in the construction of a good passphrase, common lines from a book or song should be avoided

  • The use of proper nouns and the lack of dictionary words

Examples of a strong passphrase:

  • Z1ggY5tarDu5t&SpYtersFRM4thr0ck

    • Ziggy Stardust and the Spiders from Mars
  • BLakT0yotARa5tyresRc00l!

    • Black Toyota RAV4 tires are cool
  • St4rrCh1p&TerPr1CesT4rtReck

    • Starship Enterprise Star Trek

Note:  Do not use these, they are for example purposes and serve to illustrate the complexity that passphrases offer, while staying something easily memorable.