In a world of unlimited online connectivity and increasing malicious cybercriminal activity, keeping personal software and hardware safe is a priority for almost everybody today. The US government’s Cybersecurity and Infrastructure Security Agency (CISA) recently reported that up to 1 in 3 homes (with computers) are infected with malware and that around 47% of American adults have had their personal details exposed online by cybercriminals.
With such sobering figures to consider, it’s important that all users understand that good cybersecurity (on almost any device) often starts with a simple passphrase. Slightly different to a conventional password, this guide will help you to keep your home computer (and online accounts or other digital devices) safe by explaining what a good or “strong” passphrase is, what it looks like and how to make one.
What is a Passphrase?
Quite simply, a passphrase is a sentence or string of words used to gain access to a digital system, software, or online service, such as a computer or an account on a mobile application or streaming service. They are also often referred to as a “memorable phrase” and are equally used in a variety of other sectors as a layer of security. For example, memorable passphrases are used in the banking industry to confirm the identities of telephone banking customers when they are trying to access their account and other banking services.
The meaning of the word passphrase is “password phrase”, as it is a shorthand term often used in software and cybersecurity circles. Passphrases are considered by cybersecurity experts to be easier to remember but sometimes not as secure as their more varied counterpart, the password.
Passphrase examples
Some examples of passphrases that are widely used are memorable phrases that hold some kind of meaning for their user. Examples include:
- A family member’s favorite saying or idiom, like “one in the hand is worth two in the bush” or “don’t beat around the bush, just bite the bullet.”
- A childhood memory like “I live on the top of the smaller hill” or “I played ball every Sunday and Tuesday until the sun went down.”
- Random words linked by a common theme, like “Cool Clowns Catch Cats and Cauliflowers” or “Dizzy Days Doing Dogs Dinners Don’t Delight.”
The clear problem with all of these passphrases is that they are constructed using words from the dictionary and can be, therefore, cracked and decoded easily by cybercriminals using various techniques. In particular, a type of brute force attack called a “dictionary” attack.
A dictionary attack involves a hacker using a list (consisting of multiple words in a dictionary or a list of popular phrases) in conjunction with specialist software to repeatedly try and guess the passphrase to a user’s account. This software is also capable of inputting the guesses in a variety of different forms (including capitalizing letters and substituting combinations of numbers and symbols into each guess) and can equally be used to guess some keys used in certain encryption processes.
However, with the added variation of numbers, uppercase and lowercase characters, computation can take so long that it is unfeasible or too risky for the hacker to continue their work. This is the reason that passphrases need to be “strong” and unique (which will be covered later in this article).
Passwords Vs Passphrases
In general, passphrases are usually considered to be less complex (and, therefore, easier to crack) than passwords because they, by definition, do not usually contain additional numbers, symbols, or special characters. Equally, passwords today are usually created with best practices in mind. This means that the passwords are unique, 10-12 characters long and contain a mix of special characters, numbers, uppercase and lowercase letters. One way that users often take out the hard work of creating strong passwords is to use a “password generator” to automate the process. However, some cybersecurity experts argue that unique passphrases can be more secure than passwords. This is because of the increased use of password generators and hacking software designed to mimic the generators’ processes. Adding a “human” element via a memorable phrase might be more difficult for a machine hacking algorithm to solve. In general, though, a weak passphrase will always be easier to hack than a unique strong password.
What is a Strong/Good Passphrase?
As passphrases are considered to be easier to hack, a good or strong passphrase should always consist of around 15-20 characters, uppercase and lowercase letters, and at least one punctuation mark. The string of words should be mostly random and/or unrelated to each other or any personal information that could be discovered by browsing the user’s online information (although, not so random that the user can’t remember the passphrase itself).
Additionally, a good or strong passphrase should be treated more like a password and created using special characters and random sets of numbers to replace letters or words (this means avoiding familiar sequences like “5, 6, 7, 8” or “1, 2, 3”).
How to make a Strong/Good Passphrase?
Making a strong or good passphrase primarily involves avoiding some of the most common mistakes that users make when choosing a passphrase. First of all, avoid using short phrases. The longer the passphrase is, the more difficult it is to hack and guess. Next, try your best to be unpredictable. Common passphrases in English will follow traditional grammar and sentence structures, like spacing and phrasing. When creating a strong passphrase, try removing or adding spaces randomly or switching round the order of nouns and adjectives. You could even try constructing a phrase using the grammar from another language. In fact, using words and letters from other languages is a great way to strengthen a passphrase.
The most important aspect of making a strong or good passphrase is that it is unique and not similar or reused on another account. None of your new passphrases should be used to protect multiple hardware or software. And if you’re still concerned about remembering your strong passphrases, then why not add a word into the phrase that helps you to remember where it should be used. This could be something as simple as the name of the digital service that the passphrase is used to access. For example, “Crystal Notepad Hydrogen Disk Facebook” for Facebook or “game onion clay pretzel twitter” for Twitter.
Good Security Passphrase Examples
Here are some examples of good security passphrases for you to emulate, which combine the above recommendations:
- “PenGuins cAN’t volEr, même 2getheR” this password combines French words with numbers, punctuation marks, uppercase and lowercase letters (it reads “penguins can’t fly, even together”).
- “tHe LionS 1 HigH Stagioni!” this password combines Italian with a number, uppercase and lowercase letters (it reads “the lions won high season!”).
- “TheSe Red-SÖcks are Perfect f0r BasebÅll 0n NetfliX” this password uses Swedish lettering, a zero instead of an “o”, uppercase and lowercase letters (it reads “these red-socks are perfect for baseball on Netflix”).
Remember, please don’t use the exact examples above, they are only meant as a guideline to help create your own good security passphrases. One of the most important parts of a strong or good passphrase is the fact that it is unique.
If you’re concerned about remembering all your passphrases or passwords, then we recommend using a password manager (sometimes referred to as a password vault) to store and retrieve them as and when you need to use them. Kaspersky Password Manager keeps your passwords and documents in a secure private vault, which you can access with one click from all your devices. Passwords are kept secure in an encrypted vault and deciphering industry-standard encryption, like 256-bit AES, Advanced Encryption Standard, is almost impossible.
Passphrase FAQs
What is a Passphrase?
A passphrase is a sentence or string of words used to gain access to a digital computer system, software, or online service. Although more memorable, passphrases are considered to be easier to hack than passwords using a mix of special characters, numbers, uppercase and lowercase letters.
What is a Strong Passphrase?
A strong passphrase looks a bit like a password and contains at least 15 characters with random words, uppercase and lowercase letters. Strong passphrases should also contain numbers to replace letters, punctuation marks and random spacing. Equally, they should not contain information that is derivable from the user’s online data.
What is a Good Passphrase?
A good passphrase should consist of around 15-20 characters, non-sequential numbers, uppercase and lowercase letters, and at least one punctuation mark or special character. The phrase should be somewhat random and unrelated to the user’s personal information (or any identifying data readily available online or on social media).
Passwords Vs Passphrases
A password is a short set of characters (between 10 and 12) consisting of digits, punctuation marks, uppercase and lowercase letters, or all of the above. A passphrase is a longer string of words or text that makes up a memorable phrase or sentence (which can include the above variations).
Related articles:
- What are Password Managers and are they Safe?
- The Power of a Password Manager
- Tips for Generating Strong and Unique Passwords
- How to Generate Strong Passwords for Social Media Accounts?
Recommended products:
- Kaspersky Premium with Password Manager
- Kaspersky VPN Secure Connection
- Kaspersky Password Manager
