What is a passphrase and should you use one?
Passphrases are the newest way to create passwords. They are often considered more secure and easier to remember than traditional passwords, but what exactly is a passphrase? Simply put, passphrases are passwords created by putting multiple common words together instead of a randomly generated set of letters, numbers, and characters.
Here’s everything you need to know about passphrases to decide if you should use them.
- Passphrases are often better than passwords because they are longer.
- Using unrelated words and adding characters and numbers makes passphrases more secure.
- You should never use the same passphrase for multiple accounts.
- A password manager can help you store and share your unique passphrases.
TeamPassword is the best way to store passphrases online. Don’t believe us? Sign up for a 14-day free trial today and try for yourself.
Table of Contents
What is a passphrase?
It seems like everyday we hear about a new “future of passwords” concept, from single sign on (SSO) to biometrics or Passkeys. Unlike all of these other solutions, passphrases are really a low-tech way to make passwords more secure and easier to remember.
Simply put, passphrases are a set of three or more words put together to create a very long and therefore secure password. Here’s an example:
Passphrase example: MonkeyPlainsMilkEurope
At 22 characters long, it’s already pretty secure. However, you could make it more secure by substituting numbers and characters.
Passphrase example: Monkey.Pl4ins.Milk.Eur0pe!
What’s really valuable is how much easier it is to remember. In fact, you’ll probably remember “monkey plains milk Europe” a week from now.
Passphrase vs. password
Passphrases are a set of words put together and used as a password. Conversely, when looking at a password, it’s a random jumble of letters, numbers, and characters.
Here’s an example from our free password generator: ac=oei$EdrN5`2k
There’s no question that is a hard password to guess, but is it really that secure? At 15 characters long and no discernable pattern for a dictionary attack, it would force computers to run a brute force attack.
However, even the simplest passphrase could be more secure. Our example above, Monkey.Pl4ins.Milk.Eur0pe!, is also changed enough to make a dictionary attack impossible, is far longer (24 characters), and is easy to remember.
In fact, you might never forget “monkey plains milk Europe” again!
The problems with passwords
XKCD summarized the problem with traditional passwords in one of their comics. Essentially, passwords are usually not long enough to trick computers running brute force attacks, but they are still too long and complicated for humans to remember.
That’s completely backwards.
Ideally, we want easy for humans, hard for computers passwords and not the other way around. That’s where passphrases come in. “Monkey.Pl4ins.Milk.Eur0pe!” is very, very hard for a computer to crack, while you’ve probably memorized for life “monkey plains milk Europe” at this point.
How secure are passphrases?
Passwords are only as secure as the way they are stored. That’s the same for passphrases. If you have a super complicated password on a sticky note in the corner of your monitor, then you do not have a secure password. Since passphrases are easier to remember, they are often stored in the brain, making them more secure than equally long random passwords.
That being said, most people require hundreds of passwords, and even though passphrases are easier to remember, that doesn’t make 200 of them easy to remember.
The pros and cons of passphrases
Passphrases can certainly be considered better in a lot of ways than passwords. However, they have some of the same shortcomings. Here are the advantages and disadvantages of passphrases.
The advantages of passphrases
Let’s look at the two main advantages of passphrases:
-
Passphrases are easy to remember.
-
Passphrases are long and complex.
Passphrases are easy to remember
No human can (or is willing to) remember multiple passwords that look like the example above, “ac=oei$EdrN5`2k”. It’s just too hard. However, you can probably already say the passphrase we’ve been using without reading it, “monkey plains milk Europe”.
Passphrases are long and complex
Password complexity really comes down to two points:
-
Longer is stronger (each additional character adds exponentially more entropy).
-
Using more types of characters (upper- and lowercase letters, numbers, and character) is more complex.
Of these, the first point is more important. That’s why just “MonkeyPlainsMilkEurope” is already a very strong password. Changing it to “Monkey.Pl4ins.Milk.Eur0pe!” brings the complexity level even higher.
Comparing both to a very complex password like “ac=oei$EdrN5`2k” above shows how much more complex a passphrase can be.
The disadvantages of passphrases
It’s hard to come up with specific disadvantages of passphrases. However, it is important to remember that they still have three of the same big vulnerabilities as passwords:
-
A passphrase is not necessarily more secure.
-
Passphrases are still vulnerable to the same storage mistakes.
-
A passphrase is easy to remember, but hundreds are not.
A passphrase is not necessarily more secure
Remember that dictionary attacks exist. If you pick words that are commonly used in passwords to make your passphrase, then you are at risk of dictionary attack. For example, “PasswordPasswordPassword” is still going to be cracked in seconds. If your words are short, for example “DogIceUp”, then you still have an easy-to-crack password.
Passphrases are still vulnerable to the same storage mistakes
If you store passphrases in unsafe locations, for example a sticky note on your monitor or a Google Sheets document, then it is still at risk of being stolen. If someone can find your passphrase, then it doesn’t matter if it’s long and complex.
A passphrase is easy to remember, but hundreds are not
You are probably getting tired of “monkey plains milk Europe” at this point because it is stuck in your head. However, if you need 200 accounts, then it might not be the easiest task to remember 800 words.
If you cheat and use the same passphrase across your accounts, then getting pwned once means hackers have all of your information.
This leads to the next question.
Should I use a passphrase?
Yes, passphrases are great. If you are looking for a super strong password for your email account or password manager, then a passphrase is a great option. Use a super complex passphrase to keep these key accounts safe.
However, it’s not recommended to use passphrases for every single account you need to access. Trying to remember hundreds of passphrases is impossible. It’s best to use a handful of passphrases to protect key accounts and then let a password manager remember the rest of them for you.
6 steps to creating and remembering a strong passphrase
Building a passphrase is easy. Actually, it can even be fun!
Here are 6 steps to follow to create and remember a strong passphrase:
-
Avoid common phrases: Using four random words can create a strong passphrase. Using a common phrase like “TomBradyIsTheGOAT” will leave you vulnerable to dictionary attacks.
-
Jokes are easier to remember: If you think something is funny, then you’ll remember it. However, it won’t necessarily be an easy to predict phrase for a computer or someone making a social engineering attempt. For example, “NoisyGiraffeInfestation” is funny but not exactly what you’d think would go together.
-
Add an unusual word or two: This is the point where you pull out your thesaurus and pick one of the alternative words. For example, I’ve always liked “parsimonious” instead of “cheap” to describe someone unwilling to spend money.
-
Avoid common password words: We all know “password” should be avoided, but did you know ice, rice, tea, and pie are the most common food items in passwords? It’s best to avoid anything in the top 100 most common passwords at a minimum.
-
Substitute in numbers and symbols: Just like normal passwords, passphrases should also have upper- and lowercase letters, numbers, and symbols. Where possible, consider unusual substitutions to prevent advanced dictionary attacks. While “4” is often used for “A”, consider “7” for an upside-down “L”.
-
Practice typing your passphrase: Type out your passphrase 20 or 30 times to make sure you don’t forget. Even if you’ve memorized “monkey plains milk Europe” for life, “Monkey.Pl4ins.Milk.Eur0pe!” isn’t quite as easy. Since passphrases should be used to protect your most important accounts, you don’t want to forget yours!
TeamPassword is the best way to store and share passphrases and passwords
Passphrases are a great new way to create complex passwords that are still easy to remember. If you’ve read this far, you’ll never forget “monkey plains milk Europe” and that’s the whole point. They are long and easy to remember.
However, it is still not easy to remember hundreds of passphrases, so use them for your core accounts and then let a password manager create, store, and update your other passwords for you.
For example, we strongly recommend creating a passphrase to use as your master password for your TeamPassword account. This password unlocks your entire vault, and is not stored by us, so we cannot reset it if you lose it!
Your master password must be strong and memorable.
Sign up for a 14-day free trial today to see why TeamPassword is the easiest way to store passwords online and share them with your team.
Enhance your password security
The best software to generate and have your passwords managed correctly.