To protect your accounts and systems from unauthorized access, as well as related problems like data theft, you must use strong passwords. According to a study by Verizon Enterprise Solutions, over four-fifths of all data breaches involve the exploitation of weak passwords. While you can always create a conventional alphanumeric password, though, an alternative solution is to use a passphrase.
What Is a Passphrase?
A passphrase is a format for creating passwords that’s characterized by the use of multiple words. A typical passphrase consists of three to six intelligible words that, when sequenced together, form the password used for the respective login.
Conventional passwords, on the other hand, don’t — or shouldn’t, at least — contain intelligible words. Rather, they use an alphanumeric format consisting of random letters, numbers and special characters. An example of a conventional password is “4btT!J[q,” whereas an example of a passphrase is “Ballpark substantial Pioneer.” Of course, the latter example assumes the login supports spaces in the password. If a login doesn’t support spaces, the passphrase would be “BallparksubstantialPioneer.”
Advantages of Using a Passphrase over a Password
In 2017, the National Institute of Standards and Technology (NIST) revised its password guidelines for U.S. government agencies and contractors. Along with increasing the maximum number of characters in passwords to 64, NIST now recommends the use of passphrases instead of conventional passwords.
Why does NIST favor passphrases over conventional passwords? Passphrases offer several advantages, one of which is ease of remembrance. A study conducted by MasterCard found roughly one-third of online shoppers abandon their cart because they can’t remember their password for the e-commerce website. Whether it’s for an e-commerce website, Wi-Fi, online banking system, cloud storage service or any other protected account, passphrases are easier to remember than passwords because they contain intelligible words.
Most importantly, passphrases — when created properly — offer a higher level of security than conventional passwords. Statistics show the average length of a conventional password is eight characters. Passphrases, however, contain far more characters. The passphrase “Ballpark substantial Pioneer,” for instance, contains 28 characters when accounting for spaces, meaning it’s over three times longer than the average conventional password.
With more characters, passphrases require more resources and time to crack than conventional passwords. The most common intrusion method used by hackers to infiltrate protected systems and accounts is a brute force attack, which involves the use of software to automatically enter different words in the password field. If the software doesn’t guess the right password, it will enter different words or strings or text.
But the success of a brute force attack is heavily influenced by the length of the password. Because most passwords are only eight characters, hackers usually initiate a brute force attack by attempting short passwords. If a hacker doesn’t guess the password, he or she will then attempt longer passwords consisting of more characters. Therefore, passphrases are more difficult for hackers to crack during a brute force attack than conventional passwords.
