The passphrase – the better password?

M.Sc. Chris Wojzechowski

The passphrase – the better password?

The need for a password is well known to many – but isn’t a passphrase better than indiscriminately using cryptic and above all random characters and letters? Meanwhile many people use whole and several words as passwords. Then we are talking about a passphrase.

The advantages are obvious: they are easier to remember and more secure. But there are exceptions. Not all problems are solved by using a passphrase.

What does a passphrase look like?

A passphrase is always a password. A password but not always a passphrase. A cryptic password is difficult to create. Tools such as kryptonizers can help, but if the tool is at home, but the password is needed on the road, few people will remember it.

The following tips and suggestions can help to create a safe phrase:

  1. Take your favourite dish, a holiday destination you have been to or your hobby e.g. Air Skydiving
  2. Look at the daily press – current news, events and happenings can also be inspiration e.g. pandemic
  3. Open your digital dictionary and choose a word at random e.g. Reticulum

Now you have three words from which you can form a passphrase:

“Air Skydiving Pandemic Reticulum”

Spaces are also characters in passwords. But you can also replace these characters. In this way you can meet the high requirements of a password. The following passphrase would also be possible:

“Air-Skydiving_Pandemic_Reticulum”

However, up to this point you do not meet all the requirements of typical password rules. You still have to add numbers. With

“1Air-Skydivin_2Pandemic_3Reticulum”

you would now have a very secure password. If you imagine it figuratively, it is easier to remember.

How secure is a passphrase?

The time it takes to guess a passphrase depends on its complexity. The selected words should always come from different contents. IT security experts advise against using lyrics. Also other popular scriptures, such as the Bible or the Koran, should not be used as a source of ideas. Then a passphrase is also safe.

Passphrase als Passwort - jetzt sicher

A passphrase as password quickly achieves a higher level of security than short but complex passwords. Screenshot: wiesicheristmeinpasswort.de

It will take you centuries to guess this passphrase. That is exactly what you want to achieve! However, it should only be used for a single website. The multiple use of passwords is a big problem. In our 10-Day IT-Security Challenge we present the problem and give recommendations for password managers and also help to check if your passwords have been stolen in the past.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.