Passphrase vs. Password: Which Is Better?
Most passwords have a few things in common; they're far too simple and easy for hackers to crack, and often just one word.
This doesn't have to be the case though, as there exist plenty of straightforward ways to protect your data. While many websites specify a minimum length for passwords, they rarely have a maximum limit. Some people use entire phrases for passwords, which are more difficult for hackers to guess. But is it worth the extra effort? This article explains how to create a passphrase, whether it truly is better than a password, and what we recommend using password managers for.
What Is a Passphrase?
Passphrases and passwords serve the same purpose. A passphrase is a series of words or a longer sequence of characters that exceed the typical password length of 8 to 20 characters.
The underlying principle is simple; the longer the password, the harder it is to crack. Phrases are longer than words, so a passphrase that contains more characters than a standard password is, at least in theory, more secure. This is especially true when fending off brute force attacks, in which cybercriminals try to figure out passwords by trial and error.
How to Create a Passphrase
Strong passwords contain random character combinations that are difficult for cybercriminals to guess. The same rule applies to passphrases; just having a long passphrase won't offer much protection against hackers. The first few lines of your favorite story or a chorus will likely be easy to crack.
Arbitrary word combinations are much better, such as:
Speaker Tiger Runway Moon Craters
Of course, you can also add numbers or special characters to make it even stronger:
The combination of length and random word choice makes even basic passphrases more secure—and more difficult to crack than standard-length passwords. If you want help creating a passphrase, you can use an online tool like useapassphrase.com to create one automatically.
Remember your passphrase with a mnemonic device
Of course, it's important not to forget your new passphrase. Try inventing a story to remember your random word combination. Using our example, imagine a flight to the moon with a tiger as its captain: "Over the speaker, the tiger notified us that the runway on the moon is full of craters."
Can I Use the Same Passphrase for Multiple Services?
No. Like regular passwords, you should only use a passphrase once, i.e., for your most important program (or as a master password for your password manager, which we'll cover in more detail later). If someone figures out your passphrase—e.g., through a data leak—its strength becomes irrelevant, as all services which use it become vulnerable.
Are Passphrases a Good Alternative to Passwords?
Passphrases can be a useful alternative to traditional passwords. Their advantages include:
Easier to remember
Passphrases can be easier to remember than random, complex passwords. They also lend themselves to forming mnemonic devices.
More secure when used properly
Passphrases are typically longer than passwords, making them more robust against cyber threats such as brute force attacks. This is especially true if the passphrase contains combinations of words.
Despite the advantages above, there are several reasons why passphrases aren't widely used, including:
Secure passwords provide sufficient protection
Secure passwords typically offer enough protection against cyber attacks, meaning that passphrases are rarely necessary.
Not all services support passphrases
Some services limit password length, making it difficult to use a passphrase.
It takes longer to type
Entering passwords manually can be tedious; typing long passphrases is even more time-consuming. That being said, typing the words in a passphrase can be easier than inputting a password's random character combinations.
To stay secure online, you shouldn't use the same password or passphrase for more than one service. Because most of us have accounts on plenty of online services, it can be difficult to memorize a separate, random passphrase for each. Even the most clever mnemonic devices will help little if you need to remember dozens of combinations.
For that reason, we recommend combining security and convenience by using a piece of software known as a password manager.
Our Tip — Use a Password Manager
Password managers are programs that store passwords and autofill forms with your login information. They store all of your account credentials in a secure, virtual vault, access to which is through a single master password, known only to you. New passwords can be created automatically with built-in password generators.
Password managers like Dashline store all your passwords and accounts in one place.
These programs allow you to create long, secure passwords for all services that you use without having to remember them. Most password managers also offer other valuable features, storing banking information, addresses, or other data that can be auto-filled into the appropriate forms. A security dashboard that notifies you of potential security risks is often also included.
Use a Password Manager With a Passphrase
You can combine password managers with a passphrase for added protection. The "master password" that unlocks your password manager should be as secure as possible; it's the key to massive amounts of personal data. Using a passphrase will make your vault's defenses even more robust.
Top 3 Password Managers
If you think you'd benefit from a password manager, simply choose a provider and create an account. There's a wide selection of programs available; we thoroughly tested 12 of them in our EXPERTE.com password manager review. Here are our favorites:
Dashlane is a premium password manager that currently offers what, in our minds, is the best overall package on the market. Its autofill is reliable, the program is easy to use, and you'll get plenty of practical bonus features like an automatic password changer. Premium subscribers are treated to even more benefits, including a VPN.
1Password scores bonus points for strong security features, including a locally generated 128-bit "Secret Key", which is required to log in from a new device. It also has a handy travel mode that lets you automatically remove individual vaults from your devices during your trip (offering extra protection when traveling abroad). 1Password does all of the basics well too, with its autofill and security center performing nicely during our assessment.
Keeper has a big advantage over the competition, namely, the additional flexibility when organizing your records (such as accounts or IDs). You can create custom fields and choose to secure specific areas with expiring one-time passwords. The password manager is intuitive to use and has excellent autofill.
Check out our password manager comparison for a detailed review of all 12 programs from our sample, including our Top 3 listed above.
Since passphrases are longer than passwords, they tend to be more secure. Still, you can make them safer by including random words and substituting letters for special characters or numbers. Passphrases are also easy to remember using mnemonic devices, whereas a password's arbitrary character sequence can be hard to recall.
At the same time, due to their length, remembering a unique passphrase for each service you use can pose a challenge. Most of the time, strong, traditional passwords are secure enough. Whatever you choose, we recommend using a password manager, since it offers a user-friendly way to manage all of your login credentials and automatically create strong passwords. For extra security, you can use a passphrase for your password manager master password.
Check out our EXPERTE.com password checker to test the strength of your passwords.