Forget Passwords, Use Passphrases for Extra Security


Just about everything you do online, from posting a pic to transferring cash, requires that you log in with a password. Oh, passkey authentication is making inroads, but passkeys are far from universal. That leaves you trying to remember gobs of passwords. If you use a simple, easy-to-remember password, a cybervillain might crack it using what’s called a dictionary attack. If you carefully memorize a complex password like f7y885hw0vNmBb] (generated for me just now by Keeper) and then use it on every site, a security breach at one site could expose all of your other accounts. And yet, remembering a different strong and complex password for every site is just not possible—unless you learn the trick of using passphrases instead of plain old passwords, that is.


What Is a Passphrase?

Using passphrases involves starting with a memorable phrase and, as I’ll explain in the next section, boiling it down to a collection of letters, numbers, and symbols like F+Wsd4adoe&h, or taking a word you can remember and replacing letters with leetspeak equivalents. The wags who write the xkcd webcomic ridiculed the latter approach, advising that you instead combine random common words to get a long password like CorrectHorseBatteryStaple, and then come up with a story that links those words. “Long password” is the key concept here—the longer the password, the tougher it is to crack. Instead of boiling down a memorable phrase, consider using the phrase in its entirety.


How to Create a Passphrase

A passphrase is simply a phrase or sentence that you use instead of a word or set of characters. Most password systems don’t allow the space character, so you’ll typically capitalize the first letter of each word instead or insert a punctuation mark such as the dash between words. The key to creating a strong passphrase for a given website is to use something that’s meaningful to you, but that also wouldn’t be easily guessed.

The Best Password Managers We’ve Tested

Suppose you want to create a passphrase for the Bank of America website. If you have a historical bent, you might use something like A.P.GianinniFoundedTheBankOfItalyIn1904. That’s plenty strong; it has uppercase and lowercase letters, digits, and special characters. Did you notice my sly tweak? I tend to misspell Giannini, so even if clever hackers somehow guessed my passphrase, that misspelling might throw them off.

Maybe your association is the sculpture nicknamed “The Banker’s Heart” outside what used to be the Bank of America Center in San Francisco. OK, how about TheBanker’sHeart@555CaliforniaStreet for a passphrase? The point is to use a phrase describing something that you associate with the site, and to use as lengthy a phrase as you can bear to type.

As I mentioned earlier, the strongest password in the world isn’t secure if you use it for every one of your secure sites. You do need to come up with a different one for each site. Maybe you regularly use PayPal to pay the kid down the block for mowing your lawn. Your PayPal password could be something like KeepItTrimmed,Kid,AndI’llGiveYou$$. See? It’s not so hard.

It's Surprisingly Easy to Be More Secure Online
PCMag Logo It’s Surprisingly Easy to Be More Secure Online

A Few Drawbacks

Occasionally you’ll find a site whose password length limit makes using a passphrase tough. In that case, you might consider boiling down the passphrase to just the first letter from each word, retaining any digits or special characters. And of course, you still have to be alert for phishing sites. If the page looks like PayPal but the Address Bar shows www.pyapal.gotcha.ru or some such, get out of there fast! The strength of your password is irrelevant if you give it away to fraudsters by entering it at a phishing site.

Recommended by Our Editors

For an accomplished typist, typing in a passphrase on the keyboard is almost effortless. However, entering that same passphrase on a smartphone or tablet will be supremely difficult. One possible solution is to install a cross-device password manager and use a passphrase as the master password that unlocks all the rest of your passwords.

There are many paths to password perfection. Some may prefer to rely on a password manager to generate and manage strong passwords. For others, the passphrase solution offers a dandy balance, being both easy to remember and tough to crack.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.



We will be happy to hear your thoughts

Leave a reply

Funtechnow
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart