Picking a Passphrase

What is a "passphrase"?

A passphrase is a type of password that consists of multiple words that may form a sentence or other series of words in a certain context that is easy to remember for the user. 

Are they as secure as traditional passwords?

Yes.  As they tend to be longer than a password, that additional number of characters makes them more secure.  But the important thing is length, not complexity.  A passphrase of 16 or more characters (e.g., So one like this.) takes MUCH longer to crack than an 8 character complex one (e.g., N0t2-be!).

What should I avoid when making a passphrase?

As with any password, you should avoid selecting a passphrase that is easily guessed by another.  For example, if you have a favorite quote that you use on social media or frequently in conversation or just like, that quote would not be a good choice as a passphrase for your accounts.  You should avoid common phrases like those in nursery rhymes and popular song lyrics. Also avoid University specific phrases like Wahoowa, Hoos, or Cavman as these are easily guessable.

Do passphrases have any drawbacks?

Because a passphrase's security typically comes from its length, passphrases can be cumbersome for anyone who needs to enter their password frequently throughout the day.  For example, an average typist logging into a device or service twenty times a day using a forty character passphrase will lose between ten to fifteen minutes a day in password entry.  Always consider how using a long passphrase will impact your day before selecting one, and compensate for any reduction in length with an increase in complexity (such as exchanging letter characters with special ones). Password managers, like University provided LastPass, can help remove this drawback, autofilling your passwords, saving you time.