Search Information Security site

 

Picking a Passphrase

What is a "passphrase"?

A passphrase is a type of password that consists of multiple words that may form a sentence or other series of words in a certain context that is easy to remember for the user. 

Are they as secure as traditional passwords?

Yes.  As they tend to be longer than a password, that additional number of characters makes them more secure.  To test this, check out Kaspersky's password complexity checker (DO NOT put real passwords into the tool).

What should I avoid when making a passphrase?

As with any password, you should avoid selecting a passphrase that is easily guessed by another.  For example, if you have a favorite quote that you use on social media or frequently in conversation, that quote would not be a good choice as a passphrase for your accounts.  You should also avoid common phrases like those in nursery rhymes and popular song lyrics.

Do passphrases have any drawbacks?

Because a passphrase's security typically comes from its length, passphrases can be cumbersome for anyone who needs to enter their password frequently throughout the day.  For example, an average typist logging into a device or service twenty times a day using a forty character passphrase will lose between ten to fifteen minutes a day in password entry.  Always consider how using a long passphrase will impact your day before selecting one, and compensate for any reduction in length with an increase in complexity (such as exchanging letter characters with special ones).

 

 

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form