5 min read

What’s a passphrase? Answer: Good data protection.

Featured Image

Passwords have their limitations, passphrases are not so limited.


When it comes to protecting information online, passwords are the most used form of authentication. Password authentication requires users to create a key (password) that only they know as a way to access online accounts and systems.


The problem with passwords is that security and convenience are constantly at war with each other. There are aspects of password management that can be included in a company policy that affords a reasonable effort at ensuring passwords are strong without inconveniencing users, but they still have ‘word’ limitations.


So, out with the password and in with the passphrase.


What should a passphrase look like?


  1. It should be a long ‘passphrase’ rather than a long ‘password’: A passphrase should not be less than 15 digits/letters, the longer the better and intentionally misspell some words.

  2. Throw digits, numbers and symbols into the mix but don’t make it obvious: Systematically substituting some letters in the word with certain numbers or symbols, like ‘e’ with ‘3’ and ‘s’ with ‘$’ are no longer effective as hackers can easily crack these. The use of symbols needs to be random rather than systematic.

  3. Add random caps and lowercase plus the odd space bar also helps


Other things to think about


If you have a tough enough passphrase, you only use it once and you don’t disclose it to anyone else there in no need to change it more than annually. Changing passphrases frequently only encourages passphrases to be reused and simple passphrases to be used.


Tough passphrases are exactly that – tough enough to keep.


If you need more than just a passphrase for security look at other options


  1. Implement two factor authentication – email or SMS: This is a standard for managing access to corporate servers or high risk information such as privacy sensitive data. Two factor authentication requires users to confirm their identity with one-time code sent to their mobile device or using a personalized USB token. This solution also provides information about user’s activity on business networks. This is an addition to the traditional password where a once only password is sent via SMS or email.

  2. Use password encryption

  3. Opt for biometric recognition - fingerprints and facial recognition: This is the fingerprint recognition that serves as a password. The device reads the fingerprint and unlocks the device when it recognises the biometric. As no two fingerprints are the same there is an assured high degree of security. Apple also provides Face ID for facial recognition.

  4. Store passwords in a password manager: Password managers like 1Password, LastPass, KeePass and Keeper allow users to store and organise their passwords. These applications often come with tools to generate more secure passwords. Using these tools only requires a single password/phrase to be remembered.