Secure Passwords

Passphrase vs. Password: Which Is Better?

Martin Gschwentner
Author
Last update

Most passwords have a few things in common; they're far too simple and easy for hackers to crack, and often just one word.

This doesn't have to be the case though, as there exist plenty of straightforward ways to protect your data. While many websites specify a minimum length for passwords, they rarely have a maximum limit. Some people use entire phrases for passwords, which are more difficult for hackers to guess. But is it worth the extra effort? This article explains how to create a passphrase, whether it truly is better than a password, and what we recommend using password managers for.

What Is a Passphrase?

Passphrases and passwords serve the same purpose. A passphrase is a series of words or a longer sequence of characters that exceed the typical password length of 8 to 20 characters.

The underlying principle is simple; the longer the password, the harder it is to crack. Phrases are longer than words, so a passphrase that contains more characters than a standard password is, at least in theory, more secure. This is especially true when fending off brute force attacks, in which cybercriminals try to figure out passwords by trial and error.

How to Create a Passphrase

Strong passwords contain random character combinations that are difficult for cybercriminals to guess. The same rule applies to passphrases; just having a long passphrase won't offer much protection against hackers. The first few lines of your favorite story or a chorus will likely be easy to crack.

Arbitrary word combinations are much better, such as:

Speaker Tiger Runway Moon Craters

Of course, you can also add numbers or special characters to make it even stronger:

Sp3aker-T1ger-Runw@y-M0on-Crater$

The combination of length and random word choice makes even basic passphrases more secure—and more difficult to crack than standard-length passwords. If you want help creating a passphrase, you can use an online tool like useapassphrase.com to create one automatically.

Remember your passphrase with a mnemonic device

Of course, it's important not to forget your new passphrase. Try inventing a story to remember your random word combination. Using our example, imagine a flight to the moon with a tiger as its captain: "Over the speaker, the tiger notified us that the runway on the moon is full of craters."

Can I Use the Same Passphrase for Multiple Services?

No. Like regular passwords, you should only use a passphrase once, i.e., for your most important program (or as a master password for your password manager, which we'll cover in more detail later). If someone figures out your passphrase—e.g., through a data leak—its strength becomes irrelevant, as all services which use it become vulnerable.

Are Passphrases a Good Alternative to Passwords?

Passphrases can be a useful alternative to traditional passwords. Their advantages include:

Easier to remember
Passphrases can be easier to remember than random, complex passwords. They also lend themselves to forming mnemonic devices.

More secure when used properly
Passphrases are typically longer than passwords, making them more robust against cyber threats such as brute force attacks. This is especially true if the passphrase contains combinations of words.

Despite the advantages above, there are several reasons why passphrases aren't widely used, including:

Secure passwords provide sufficient protection
Secure passwords typically offer enough protection against cyber attacks, meaning that passphrases are rarely necessary.

Not all services support passphrases
Some services limit password length, making it difficult to use a passphrase.

It takes longer to type
Entering passwords manually can be tedious; typing long passphrases is even more time-consuming. That being said, typing the words in a passphrase can be easier than inputting a password's random character combinations.

To stay secure online, you shouldn't use the same password or passphrase for more than one service. Because most of us have accounts on plenty of online services, it can be difficult to memorize a separate, random passphrase for each. Even the most clever mnemonic devices will help little if you need to remember dozens of combinations.

For that reason, we recommend combining security and convenience by using a piece of software known as a password manager.

Our Tip — Use a Password Manager

Password managers are programs that store passwords and autofill forms with your login information. They store all of your account credentials in a secure, virtual vault, access to which is through a single master password, known only to you. New passwords can be created automatically with built-in password generators.

Password managers like Dashline store all your passwords and accounts in one place.

These programs allow you to create long, secure passwords for all services that you use without having to remember them. Most password managers also offer other valuable features, storing banking information, addresses, or other data that can be auto-filled into the appropriate forms. A security dashboard that notifies you of potential security risks is often also included.

Use a Password Manager With a Passphrase

You can combine password managers with a passphrase for added protection. The "master password" that unlocks your password manager should be as secure as possible; it's the key to massive amounts of personal data. Using a passphrase will make your vault's defenses even more robust.

Top 3 Password Managers

If you think you'd benefit from a password manager, simply choose a provider and create an account. There's a wide selection of programs available; we thoroughly tested 12 of them in our EXPERTE.com password manager review. Here are our favorites:

1.

Dashlane

Best Overall 2022
Dashlane Password Manager Test
Dashlane Password Manager
(189,078)
high customer satisfaction
user friendly and intuitive
zero-knowledge encryption
automatic password changer
premium: built-in VPN
Dashlane is the all-rounder among the password managers, which makes the administration of your logins with many features, high security and an uncomplicated handling a minor matter.
Passwords
50 - ∞
Devices
1 - ∞
Users
1 - ∞
Dashlane Free
$0.00
monthly price
Visit Website »
Try for free
Review
4.6 / 5
excellent

Dashlane is a premium password manager that currently offers what, in our minds, is the best overall package on the market. Its autofill is reliable, the program is easy to use, and you'll get plenty of practical bonus features like an automatic password changer. Premium subscribers are treated to even more benefits, including a VPN.

Review
4.6 / 5
07/2021
excellent
Visit Website
Mobile Usage
4.7 / 5
Support
4.7 / 5
Features
4.7 / 5
Security
4.7 / 5
Installation & Usage
4.0 / 5
2.

1Password

1Password Password Manager Test
1Password Password Manager
(15,888)
zero-knowledge encryption
reliable autofill function
handy travel mode
14 days free trial
no free version
1Password's password vault is filled to the brim with features and scores with extra functionality like the travel mode, but also with excellent security and solid usability.
Passwords
unlimited
Devices
unlimited
Users
1 - ∞
1Password Standard
$2.99
monthly price
Visit Website »
Free 30 days trial
Review
4.3 / 5
good

1Password scores bonus points for strong security features, including a locally generated 128-bit "Secret Key", which is required to log in from a new device. It also has a handy travel mode that lets you automatically remove individual vaults from your devices during your trip (offering extra protection when traveling abroad). 1Password does all of the basics well too, with its autofill and security center performing nicely during our assessment.

Review
4.3 / 5
07/2021
good
Visit Website
Features
4.7 / 5
Security
4.7 / 5
Installation & Usage
4.3 / 5
Mobile Usage
4.3 / 5
Support
3.7 / 5
3.

Keeper

Keeper Password Manager Test
Keeper Password Manager
(259,631)
High customer satisfaction
Zero-Knowledge Encryption
Good business rates
14 days trial version
no free version
Keeper is one of the best password managers on the market thanks to its many features, high reliability and extensive configuration options.
Passwords
unlimited
Devices
unlimited
Users
1 - ∞
Keeper Security Personal
$2.92
monthly price
Visit Website »
Download Keeper
Review
4.3 / 5
good

Keeper has a big advantage over the competition, namely, the additional flexibility when organizing your records (such as accounts or IDs). You can create custom fields and choose to secure specific areas with expiring one-time passwords. The password manager is intuitive to use and has excellent autofill.

Review
4.3 / 5
07/2021
good
Visit Website
Mobile Usage
4.7 / 5
Features
4.7 / 5
Security
4.3 / 5
Installation & Usage
4.0 / 5
Support
4.0 / 5

Check out our password manager comparison for a detailed review of all 12 programs from our sample, including our Top 3 listed above.

Conclusion

Since passphrases are longer than passwords, they tend to be more secure. Still, you can make them safer by including random words and substituting letters for special characters or numbers. Passphrases are also easy to remember using mnemonic devices, whereas a password's arbitrary character sequence can be hard to recall.

At the same time, due to their length, remembering a unique passphrase for each service you use can pose a challenge. Most of the time, strong, traditional passwords are secure enough. Whatever you choose, we recommend using a password manager, since it offers a user-friendly way to manage all of your login credentials and automatically create strong passwords. For extra security, you can use a passphrase for your password manager master password.

Check out our EXPERTE.com password checker to test the strength of your passwords.

Author: Martin Gschwentner
Martin Gschwentner majored in American Studies and Media Studies in Germany, the USA and France and works as a freelance editor in Paris. He is a doctoral student at the Institute for English and American Studies at the University of Paris Diderot, where he is researching the influence of money on US politics. On EXPERTE.com he writes about IT security, data protection and software for the self-employed and small businesses.
Other languages:
Deutsch