When securing your business’s sensitive information, the most minor changes can be some of the most effective. For example, having your employees create passphrases rather than passwords could be the difference between a secure network and a costly data breach. But what is a passphrase, exactly?

Passphrases & Passwords: What’s the Difference?

Though often grouped under the term “password,” passphrases and passwords have distinct differences in terms of their definition and how well they keep your information secure.

A password is a short set of characters, including letters, numbers, and symbols, and they tend to be 8 to 12 characters. On the other hand, a passphrase is a string of text that forms a complete sentence or phrase, often comprised of 4 to 10 words. For example, a password might look like Y#1C5b27C^ws, while a passphrase could be “rapid cheese extension broadcast.”

Which Is More Secure?

At first glance, a password may seem more secure. After all, who could guess such a random combination of characters? When chosen thoughtfully, however, passphrases are almost always more effective than passwords. Despite looking relatively simple, long passphrases contain more components than passwords (five words compared to 11 different characters). This makes it significantly more difficult for even advanced software to figure out. Plus, passphrases are generally easier to remember.

Tips for Creating a Strong Passphrase or Password

Whatever you do, do not use common words or phrases.

The effectiveness of your passphrase depends on not just its length but its randomness (or “entropy”). If you use any personal information, like relatives’ names, or a common phrase, like “the early bird gets the worm,” your passphrase becomes much less effective than most 12-character passwords.

Today, bad actors have tools dedicated to cracking passphrases, and their job is made easier considering just 3,000 words in the English language form about 95% of everything we say regularly. This means having a strong passphrase is critical, and it should always follow a few fundamental rules:

  • Avoid famous sayings and song lyrics.
  • Consider using nonsense words.
  • Use longer passphrases (five words are better than four).

Unlike “the early bird gets the worm,” a random string of words like “seismic giraffe uncanny bicycle laughter” will more effectively protect your account.

To make your passphrase stronger, mix things up.

The more entropy your passphrase has, the more secure it will be. To strengthen our example, we might capitalize some letters, add special characters, or throw in some numbers, so “giraffe uncanny bicycle laughter” becomes “Gir@affe unc@nny bicycle laughter!3”

Use a password manager 

It may be tempting to keep track of your passwords the old-fashioned way, but a slip of paper could easily be discovered in the workplace (or any public area, for that matter). A password manager can securely store your login credentials and even help you create effective passwords.

Do not reuse passphrases or passwords

If a cybercriminal can crack your passphrase or password, you don’t want them gaining access to multiple accounts. Having a unique passphrase or password for every website or application is critical.

Ready to Level Up Your Cybersecurity?

As your partner and Managed Security Service Provider, we’re here to help you improve all aspects of your security with technology solutions scaled to your business. From security awareness training to network monitoring, cloud adoption, and more, we become your all-in-one technology partner. Learn more about what AccountabilIT can do to support your business.