When most people think of a password, they think of something like Orange971$ or Summer2019#. A single word, a number, and finally a special character. Sometimes they will mix up the order or even replace some letters with similar-looking numbers or special characters such as Or@ng397 or 5ummer#2019. But most people don’t think about another option which I use everywhere I can: the passphrase.
What is a passphrase?
Simply put, a passphrase is a sentence or portion of a sentence (a phrase) which frequently includes spaces, punctuation, and standard word capitalization. Any one of the sentences in this article could be considered a passphrase.
Benefits of the passphrase
The passphrase has two significant benefits. They’re easier to remember than a standard-style password with random numbers and special characters. The easier a password is to remember, the better. Users will usually write down their password if given or forced to use a complicated standard password. Another advantage to the passphrase is the increased length. Passwords become more secure the longer they get. According to the password test on Security.org, the passphrase “Is this a passphrase” would take eight quintillion years to crack using standard cracking methods at current processing power. The password “$ummer2019” appears to protect you for a maximum of 1 month. Summer2019 comes in at one day.
Pitfalls of the passphrase
Compatibility is the single biggest hurdle with using passphrases today. There are still many systems and websites that will not allow users to use spaces in passwords. For example, a coder might deny spaces in a password if there is a limitation with the website backend they use. Older systems might see the passphrase “This is my #1 password” as just “This” because it truncates everything after the first space. A lot of systems also have stricter password requirements which negate the simplicity of the passphrase. The passphrase “This is a wonderful password for me to use” is perfectly acceptable and far more secure than a standard password such as P@ssword1. But a site or system that requires a special character and number will deny the passphrase and allow the insecure password.
Summing it up
It is pretty clear that, if you can, you should use passphrases in place of traditional-style passwords on your accounts. IT pros such as myself would love to see their users utilizing these stronger passphrases. Give them a shot the next time you need to choose a new password and see how they work for you!
Comments are closed