Skip to main content

Blog/Online Security ABC/

What is a passphrase — and how does it compare to a password?

Ruta Tamosaityte

Content Writer

What is a passphrase?

Riddle: What works like a password but isn’t one?

Passwords continue to be the most used method for verifying your identity when logging into online services and applications, which isn't necessarily an issue provided that you handle your passwords properly. Specifically, you must always make sure the complexity and length of your passwords are optimal.

A strong password should be at least 8 characters long and include a random mix of uppercase and lowercase letters, numbers, and special symbols. However, we highly recommend creating longer passwords for better cybersecurity. While such a password may be difficult to remember, it's always better to prioritize strength over memorability.

But what if we told you there's an alternative—a credential that can be stored and managed just like passwords, yet is easier to remember and believed by many to offer even better security? Ever heard of passphrases? That's the alternative we're referring to.

What is a passphrase, exactly?

Generally speaking, a passphrase is similar to a password in that it is a sequence of words or other text used to authenticate your identity. It is, as you can imagine, typically longer and, hence, safer than a password. This is especially true because it can include spaces between words, numbers, and special characters. In its updated password security guidelines, the National Institute of Standards and Technology (NIST) advises using longer passwords rather than more complex ones. NIST recommends using passphrases that are up to 64 characters long and random, yet easy to remember.

For example, let’s take a random phrase like 'no more riddles in this article'—this entire 31-character sequence of words can be used as a passphrase. Of course, since most systems have no limits, your passphrases can be even longer. So, if you want to use one of Shakespeare’s sonnets or what’s written out on the first page of the American Constitution as your passphrase, you are free to do so.

The way you set up a passphrase for your online account is by entering it when a service or application prompts you to create a password. That’s why we said you can manage your passphrases just like you handle your passwords—the difference lies only in the combination of characters you use to log in.

How to create a strong passphrase

If you want to create a truly strong passphrase, be sure to combine unrelated words or phrases that are memorable to you but difficult for others to guess. The words can describe anything: your favorite color, the type of animal you have, the title of your favorite movie, or the food you dislike—just make sure to select a few and arrange them sequentially.

Examples of different types of passphrases

Similar to strong passwords, you can create passphrases in several different ways, and it all comes down to what works for you:

  • Random passphrases. To create such unique passphrases, you’ll have to rely on a password generator—some password managers, like NordPass, allow you to generate passwords out of words if you choose so. In turn, you’ll get a gibberish-like sentence that can sound like: “nieces blackfly replying invoice”.

  • Sentence passphrases. Next, come sentences or combinations of several sentences that can be personally meaningful or simply just random ones that are easy for you to remember. Let’s say, “No one was up at 5 AM. Julliete started to think about riddles and parties!” could be a good example. As you can see, it’s rather long, but, as we already stated, the longer the unique passphrase, the better.

  • Mnemonic passphrases. You can create such passphrases by building a string of words or phrases that are personally meaningful to you. A unique passphrase like this will be easier to remember, and can be based on song lyrics, a favourite movie quote, or even a mix of random facts. Just make sure it’s not a commonly known fact about you or a famous line from a book, song, or movie. To increase security, mix these facts or lines together. For example, take “spicy food causes hiccups I lived in 1990s Berlin” or “never water cactus it’s lovely to live in Tokyo”. Sounds like nonsense, right?

  • Hybrid passphrases. You can also make your passphrases even stronger by including a mix of uppercase and lowercase letters, numbers, and symbols, just as you would do with complex passwords. In this case, you can use any strategy listed above for your words, just add an additional set of special characters or numbers, so you would get something like this: “nieces87blackfly3**replying905@”.

Passphrase vs. password: which one is better?

Passphrases are widely recognized as safer than traditional passwords for several important reasons:

  • Length. Their extensive length and the option to include multiple words and spaces between them can greatly enhance security against brute-force attacks and make them tougher to guess than passwords.

  • Complexity. Passphrases derive their strength from length and numerous, surprising combinations of words, whereas passwords rely on complex characters that can make them too easy to crack.

  • Memorability. Crafting passphrases from meaningful phrases or sentences can significantly improve usability by making them easier to memorize. In contrast, traditional passwords, with their shorter length and complex character requirements, can be challenging to remember and susceptible to cracking, posing a higher security risk in both scenarios.

Passphrase vs. password: which one is better?

Passphrases are widely recognized as safer than traditional passwords for several important reasons. Their extensive length and the option to include spaces between words can greatly enhance security against brute-force attacks. Crafting passphrases from meaningful phrases or sentences can significantly improve usability by making them easier to memorize.

In contrast, traditional passwords, with their shorter length and complex character requirements, can be challenging to remember and susceptible to cracking, posing a higher security risk in both scenarios.

When to use a passphrase and when to use a password

For optimal security, we recommend using passphrases since they can be both easy to remember and highly secure. Consisting of multiple words or a full sentence, passphrases are ideal for online accounts where usability and strong security are essential. In contrast, using a traditional password is more suitable in situations requiring shorter, more complex combinations that are challenging for automated tools to crack.

How to create a strong passphrase

If you want to create a truly strong passphrase, be sure to combine unrelated words or phrases that are memorable to you but difficult for others to guess. The words can describe anything, such as your favorite color, the type of animal you have, the title of your favorite movie, or the food you dislike—just make sure you select a few and arrange them sequentially.

You can also make your passphrases even stronger by including a mix of uppercase and lowercase letters, numbers, and symbols, just as you would do with passwords.

Where can you securely store and manage your passphrases?

Since the process of creating and using passphrases is similar to that of handling passwords, using a password manager for passphrases is highly recommended. However, it's important to choose not just any password manager but one that offers features and design ensuring enhanced security and usability.

A good choice would be NordPass due to its encrypted vault, which allows you to securely store your credentials in one safe place. NordPass also offers convenient autosave and autofill functionalities that can simplify and enhance your login experience. If you prefer using passwords, NordPass can further improve your digital life with features like the Password Generator that instantly creates complex passwords and automatically stores them in your vault.

So, give NordPass a try and see what it can do to boost your cybersecurity.

Frequently Asked Questions (FAQ)

How often should I change my passphrase?

Ideally, you should change your passphrase every few months to enhance security. However, if you suspect it may have been compromised or there are any security concerns, you must update your passphrase immediately.

Can a passphrase be too long?

A passphrase can technically be as long as the system allows, but excessively long passphrases may become impractical to remember or type in accurately. So, it's generally a good practice to balance length with usability when creating a passphrase.

What should I do if I forget my passphrase?

If you forget your passphrase, you should follow the recovery process provided by the service or application where the passphrase is used. This usually includes using account recovery options such as security questions, email verification, or getting in touch with customer support.

How can I remember my passphrases without writing them down?

To remember your passphrases without writing them down, just use a password manager. This will allow you to securely store and organize your passphrases, ensuring they're accessible whenever needed without compromising your security.

Is it safe to store my passphrases in a password manager?

Storing your passphrases in a password manager is generally safe. However, the level of security can vary depending on the specific password manager you choose. Using a tool like NordPass ensures you receive robust protection, with features designed to keep your passphrases secure and protected against unauthorized access.