Quotes Icon

Andrew M.

Andrew M.

VP of Operations

"We use TeamPassword for our small non-profit and it's met our needs well."

Get Started

Table Of Contents

    The word "passphrase" spelled out on dice on a piece of paper that has many words written down in different colors and that looks like code.

    What is a passphrase and should you use one?

    May 30, 20238 min read

    Password Management

    Passphrases are the newest way to create passwords. They are often considered more secure and easier to remember than traditional passwords, but what exactly is a passphrase? Simply put, passphrases are passwords created by putting multiple common words together instead of a randomly generated set of letters, numbers, and characters.

    Here’s everything you need to know about passphrases to decide if you should use them.

    • Passphrases are often better than passwords because they are longer.
    • Using unrelated words and adding characters and numbers makes passphrases more secure.
    • You should never use the same passphrase for multiple accounts.
    • A password manager can help you store and share your unique passphrases.

    TeamPassword is the best way to store passphrases online. Don’t believe us? Sign up for a 14-day free trial today and try for yourself.

    Table of Contents

    Table of Contents

      What is a passphrase?

      It seems like everyday we hear about a new “future of passwords” concept, from single sign on (SSO) to biometrics or multi-factor authentication (MFA). Unlike all of these other solutions, passphrases are really a low-tech way to make passwords more secure and easier to remember. 

      Simply put, passphrases are a set of three to five words put together to create a very long and therefore secure password. Here’s an example:

      Passphrase example: MonkeyPlainsMilkEurope

      At 22 characters long, it’s already pretty secure. However, you could make it more secure by substituting numbers and characters.

      Passphrase example: Monkey.Pl4ins.Milk.Eur0pe!

      What’s really valuable is how much easier it is to remember. In fact, you’ll probably remember “monkey plains milk Europe” a week from now.

      Passphrase vs. password

      Passphrases are a set of common words put together and used as a password. Conversely, when looking at a password, it’s a random jumble of letters, numbers, and characters. 

      Here’s an example from our free password generator: ac=oei$EdrN5`2k

      There’s no question that is a hard password to guess, but is it really that secure? At 15 characters long and no discernable pattern for a dictionary attack, it would force computers to run a brute force attack

      However, even the simplest passphrase could be more secure. Our example above, Monkey.Pl4ins.Milk.Eur0pe!, is also changed enough to make a dictionary attack impossible, is far longer (24 characters), and is easy to remember. 

      In fact, you might never forget “monkey plains milk Europe” again! 

      The problems with passwords

      XKCD summarized the problem with traditional passwords in one of their comics. Essentially, passwords are usually not long enough to trick computers running brute force attacks, but they are still too long and complicated for humans to remember.

      That’s completely backwards.

      Ideally, we want easy for humans, hard for computers passwords and not the other way around. That’s where passphrases come in. “Monkey.Pl4ins.Milk.Eur0pe!” is very, very hard for a computer to crack, while you’ve probably memorized for life “monkey plains milk Europe” at this point.

      How secure are passphrases?

      Passwords are only as secure as the way they are stored. That’s the same for passphrases. If you have a super complicated password on a sticky note in the corner of your monitor, then you do not have a secure password. Since passphrases are easier to remember, they are often stored in the brain, making them more secure than equally long random passwords.

      That being said, most people require hundreds of passwords, and even though passphrases are easier to remember, that doesn’t make 200 of them easy to remember. 

      The pros and cons of passphrases

      Passphrases can certainly be considered better in a lot of ways than passwords. However, they have some of the same shortcomings. Here are the advantages and disadvantages of passphrases.

      The advantages of passphrases

      Let’s look at the two main advantages of passphrases:

      1. Passphrases are easy to remember.

      2. Passphrases are long and complex.

      undefined

      Passphrases are easy to remember

      No human can remember passwords that look like the example above, “ac=oei$EdrN5`2k”. It’s just too hard. However, you can probably already say the passphrase we’ve been using without reading it, “monkey plains milk Europe”.

      Passphrases are long and complex

      Password complexity really comes down to two points:

      1. Longer is more complex.

      2. Using more types of characters (upper- and lowercase letters, numbers, and character) is more complex.

      Of these, the first point is more important. That’s why just “MonkeyPlainsMilkEurope” is already a very strong password. Changing it to “Monkey.Pl4ins.Milk.Eur0pe!” brings the complexity level even higher.

      Comparing both to a very complex password like “ac=oei$EdrN5`2k” above shows how much more complex a passphrase can be. 

      The disadvantages of passphrases

      It’s hard to come up with specific disadvantages of passphrases. However, it is important to remember that they still have three of the same big vulnerabilities as passwords:

      1. A passphrase is not necessarily more secure.

      2. Passphrases are still vulnerable to the same storage mistakes.

      3. A passphrase is easy to remember, but hundreds are not.

      A passphrase is not necessarily more secure

      Remember that dictionary attacks exist. If you pick words that are commonly used in passwords to make your passphrase, then you are at risk of dictionary attack. For example, “PasswordPasswordPassword” is still going to be cracked in seconds. If your words are short, for example “DogIceUp”, then you still have an easy-to-crack password.

      Passphrases are still vulnerable to the same storage mistakes

      If you store passphrases in unsafe locations, for example a sticky note on your monitor or a Google Sheets document, then it is still at risk of being stolen. If someone can find your passphrase, then it doesn’t matter if it’s long and complex.

      undefined

      A passphrase is easy to remember, but hundreds are not

      You are probably getting tired of “monkey plains milk Europe” at this point because it is stuck in your head. However, if you need 200 accounts, then it might not be the easiest task to remember 800 words. 

      If you cheat and use the same passphrase across your accounts, then getting pwned once means hackers have all of your information. 

      This leads to the next question.

      Should I use a passphrase?

      Yes, passphrases are great. If you are looking for a super strong password for your email account or password manager, then a passphrase is a great option. Use a super complex passphrase to keep these key accounts safe. 

      However, it’s not recommended to use passphrases for every single account you need to access. Trying to remember hundreds of passphrases is impossible. It’s best to use a handful of passphrases to protect key accounts and then let a password manager remember the rest of them for you.

      8 steps to creating and remembering a strong passphrase

      Building a passphrase is easy. Actually, it can even be fun!

      Here are 8 steps to follow to create and remember a strong passphrase:

      1. Avoid common phrases: Using four random words can create a strong passphrase. Using a common phrase like “TomBradyIsTheGOAT” will leave you vulnerable to dictionary attacks.

      2. Jokes are easier to remember: If you think something is funny, then you’ll remember it. However, it won’t necessarily be an easy to predict phrase for a computer or someone making a social engineering attempt. For example, “NoisyGiraffeInfestation” is funny but not exactly what you’d think would go together. 

      3. Add an unusual word or two: This is the point where you pull out your thesaurus and pick one of the alternative words. For example, I’ve always liked “parsimonious” instead of “cheap” to describe someone unwilling to spend money. 

      4. Avoid common password words: We all know “password” should be avoided, but did you know ice, rice, tea, and pie are the most common food items in passwords? It’s best to avoid anything in the top 100 most common passwords at a minimum.

      5. Substitute in numbers and symbols: Just like normal passwords, passphrases should also have upper- and lowercase letters, numbers, and symbols. Where possible, consider unusual substitutions to prevent advanced dictionary attacks. While “4” is often used for “A”, consider “7” for an upside-down “L”.

      6. Practice typing your passphrase: Type out your passphrase 20 or 30 times to make sure you don’t forget. Even if you’ve memorized “monkey plains milk Europe” for life, “Monkey.Pl4ins.Milk.Eur0pe!” isn’t quite as easy. Since passphrases should be used to protect your most important accounts, you don’t want to forget yours!

      7. Update your passphrase regularly: Just like all of your passwords, passphrases will eventually be stolen by a hacker. To protect yourself from stolen passphrases, update yours regularly (roughly every three months is recommended). 

      TeamPassword is the best way to store and share passphrases and passwords

      Passphrases are a great new way to create complex passwords that are still easy to remember. If you’ve read this far, you’ll never forget “monkey plains milk Europe” and that’s the whole point. They are long and easy to remember.

      However, it is still not easy to remember hundreds of passphrases, so use them for your core accounts and then let a password manager create, store, and update your other passwords for you. 


      Sign up for a 14-day free trial today to see why TeamPassword is the easiest way to store passwords online and share them with your team.

      Enhance your password security

      The best software to generate and have your passwords managed correctly.

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      Related Posts
      Employees standing around computer discussing code

      Cybersecurity

      November 15, 202410 min read

      Creating a Company Culture for Security | 5 Actionable Insights

      Security is both a technical and cultural issue. Employees who value and promote security will prevent cyberattacks, protect ...

      CPA working at computer using password manager

      Business

      November 14, 20246 min read

      3 Best Password Managers for CPAs and Accounting Firms

      CPAs need password managers that offer security, efficiency, and affordability. Learn about top options for managing credentials, sharing ...

      username and password in green lettering

      Cybersecurity

      November 14, 202413 min read

      What Is Password Management? [Complete Guide]

      What is password management? Learn how to effectively manage your passwords with these best practices, tools, and more. ...

      Never miss an update!

      Subscribe to our blog for more posts like this.

      Promotional image