What is a Passphrase?

• IAM Glossary
• What is a Passphrase?

A passphrase refers to a password that is created using a string of words rather than random characters like a password. While passphrases may be easier to remember than complex passwords, it’s important to consider the risks of using a passphrase.

Passphrase vs Password

Unlike passwords, passphrases are not as complex because they use common dictionary words that are strung together to create a password. Passwords on the other hand should be created using password best practices, which many people don’t do. One password best practice is to ensure you are not including dictionary words when creating them. The best way to create a strong password is by using a random password generator so that the password is unique and cannot be easily cracked by a cybercriminal.

Passphrase examples

Passphrases use a phrase that usually means something to the one who created it. For example, if someone loves ice cream they might make a phrase based on that such as “I love ice cream so much!” As you can tell, using this as a password for one of your accounts can be risky since it uses common dictionary words.

Another example of a passphrase would be using random words altogether like “Soup Shelter Summer Indeed Rod 9” which also uses common dictionary words. If this were used as a password, it places the account at risk of becoming compromised using a dictionary attack.

The Benefit of Using a Passphrase

Using a passphrase does come with one benefit, but other than that one, there are not many other benefits to using a passphrase as a password.

Easier to remember than a password

Since passphrases use a string of words, it’s easier for someone to be able to remember it on their own. This is because people will oftentimes use passphrases that mean something significant to them. However, this also goes against password best practices, which emphasize passwords should not include personal information. Including personal information makes it easy for cybercriminals to compromise an account because they can check your digital footprint to try to guess what your password could be.

The Disadvantages of Using a Passphrase

Here are a few disadvantages of using a passphrase as your password.

Can’t remember them for ALL your accounts

While passphrases can make it easier for you to remember your passwords, it’ll be impossible to remember different passphrases for each of your accounts. Today, we have accounts for every service we use, so remembering the logins for all of them without reusing passwords would be impossible to do.

May lead to reuse across multiple accounts

When people aren’t able to remember their passphrases, they often settle for reusing passwords created from passphrases across multiple accounts. If one of those accounts were to become compromised, it places all the other accounts at risk of becoming compromised as well.

Susceptible to dictionary attacks

A dictionary attack is an attack on passwords using a word list. This word list contains dictionary words and phrases, as well as common passwords that have been exposed in data breaches. Once a cybercriminal gathers a word list, they input it into a program that will try to guess passwords one by one on a user's account. The program speeds up the process for the cybercriminal and makes cracking passwords easy for them to do, especially for passwords containing dictionary words.

Stick to Strong, Unique Passwords – Not Passphrases

While using passphrases as your passwords can make them easier to remember, it’s important to keep in mind that passphrases make compromising your accounts easier for cybercriminals.

The best way to secure your accounts is by using a strong, unique password for each one – and a password manager simplifies the process of doing this. A password manager is a tool that aids you in generating, securely storing, sharing and managing your passwords all in one encrypted vault that can only be accessed with your master password.