Creating a Secure Passphrase

What’s the difference between a password and a passphrase?

A password is generally a string of random symbols, such as “R*n]2eB%d” or a combination of symbols to create a word, such as “P@s$w0rd.

A passphrase typically has spaces between words and is longer than most passwords, thus providing extra protection against hackers.

To create a passphrase, take a phrase or sentence you can remember and alter it with character substitutions. (Just in case it’s not obvious, please DO NOT use one of these examples!)

T@0manysecrets!
Allw@rkAndn0play
Gr3en EGg$ @Nd H@mmy!
My lizard eat$ 6 crickets daily
Mix peanuts & oil 2 make peanut butter
shopping@Macys 4 new furniture
2 much talking = big cell phone bill$

Why is a passphrase better?

From the standpoint of password guessing or cracking, a 5- or 6-word passphrase is roughly as strong as a completely random 9 character password. Passphrases provide better security against hackers and automated password cracking programs. And most people can remember a 6-word passphrase much easier than a totally random 9-character password.

How To Build a Secure Passphrase

  • Be creative. Make it personal to you.

  • Use words from a poem, line from a song or a familiar quote with lots of substitutions!

(e.g., Gr3en EGg$ @Nd H@mmy!)

  • Select a phrase that is more than 15 characters and at least 4 words long

  • Stay away from common phrases or quotes if not using substitutions.

  • Mix short and long words and remember that sentences need not be intelligible

  • Character substitutions and/or misspelling strengthen the passphrase

  • Mix languages

  • Exclude some of the spaces between words.

What if I STILL forget my passphrase?

Check out our Guide to Selecting a Secure Password Manager and let it do the remembering for you! 

Additional Password Resources:

TechDad's Guide to Hacker-Proof Passwords
Americans Hate Remembering Passwords