Upon looking at the title, you might think the following: “Huh? Passphrase? Isn’t that the same thing as a password?” And the answer is: “Well, No…” They both are types of authentication strings, but they’re not the same thing. Let’s discuss this in more detail, shall we?
A password is any set of characters that form a string, which is used to authenticate into a server through an account. The most typical scenario is one in which a person inputs a username and a password to get into a web service. A password can be anything from “12345” to “(FDJ#$*FD.” Typically, a password is a string of anywhere between 8 and 16 characters, the absolute average in many cases being somewhere around 7 – a dangerously low number.
People typically use very generic passwords that don’t really offer any level of security. And so, the purpose of a password is defeated by using a mere easily-recognizable phrase. Quite sad, isn’t it?
Now, let’s look at what a passphrase is like.
The Passphrase, truth be told, you wouldn’t be too wrong if you’d say that a password is basically the same thing as a passphrase. But here’s where you will see a difference: A passphrase is typically an arrangement of words separated by spaces, like: “Twilight has come and the bell shall soon toll.” The words don’t even have to make a whole lot of sense, and the characters can include symbols, so long as the “words” are separated by spaces. Another example: “Th3 sp@rt@ns sh@ll r153 4g41n.”
As long as it’s easy to remember, there’s nothing wrong with using a passphrase. In fact, it usually is the more secure option for one important reason: Most password cracking attempts just give up after the 10-character mark. After that, they just move onto the next account. Why A Passphrase Is Better There are several reasons why you should use a passphrase rather than a password:
- Passwords are more easily cracked because of how short they typically are.
- Passphrases ring bells. You can remember lyrics from your favorite song or a line from your favorite movie more easily than you can remember a 10-character string.
- Brute forcing a passphrase will take long enough to make the hacker quit.
- Virtually all operating systems accept very long passwords, allowing you a lot of flexibility with passphrases.
But Are They Completely 100% Hacker-Proof?
It seems not. Security professional Per Thorsheim says they can still be attacked using certain dictionary attacks geared at grabbing passphrases with common quotes. According to the link provided, the most common passphrases are:
- happy healthy wealthy and wise,
- elvis has left the building,
- big trouble in little china,
- save the cheerleader save the world,
- crisscross applesauce, and
- work smarter not harder.
The site adds that Bartlett’s Familiar Quotations would make the perfect dictionary for such an attack. So, famous quotes are out of the question.
Passphrase Best Practices
If you don’t want your passphrase to be guessed easily, there are a few steps you can take in the process of making one up:
- Use a passphrase that’s not really so easy to guess. Try using a group of words that aren’t coherent in a sentence, but can stick to one another in a way you can remember easily.
- Use a passphrase in another language. If you speak a foreign language fluently, you can use a passphrase in that language. This way, your passphrase will be harder to guess.
- There are more hacking attempts on English-speaking sites than on sites of other countries, and the tools targeting English-speaking users are much more advanced.
- Include grammatical errors in your passphrase that you can remember easily. Grammatical errors can thwart dictionary attacks. More on this below!
How To Make A Grammatically Strong Passphrase
A passphrase’s grammar, intriguingly enough, has a lot to do with math. The math part revolves around how many of each type of word there is in a particular language. The order of word quantity in each lexical class is as follows, from the lowest to the highest number of words:
- Pronouns (he, she, it)
- Prepositions/Postpositions (at, in, on)
- Verbs (ate, collected, sold)
- Adjectives (beautiful, many, permanent)
- Nouns (oysters, fish, dogs)
Because nouns are more numerical in the English language, it would be difficult to crack a passphrase composed almost completely of nouns. For example, “Sally collected oysters on the shore” (noun, verb, noun, preposition, article, noun) is more effective than “she sold many oysters” (pronoun, verb, adjective, noun). Take this into consideration when creating your passphrase. The best ones contain the most nouns and adjectives, since they’re the most difficult to crack!
Some Final Words
The truth is that passphrases and passwords will always be hacked at one point or another. But you stand a better chance in the fight against hackers if you use a smart strategy with your online accounts. Today, the Internet has become a place where people put their money and other valuable information. Don’t let yourself be a victim. Fight the fight by fortifying your defenses!