Doug Bedell — August 11, 2021, 10:22 am

Passwords or Passphrases? Which are Preferable?

Brandon Lee on the IT Security Guru site discusses “What characteristics make up an effective password policy?” Lee comes down for using passphrases instead of passwords.

“Passphrases,” he explains, “offer many benefits over traditional passwords. These benefits include easier to remember than passwords with special characters. They are much longer and stronger passwords that can be unpredictable for attackers hoping to compromise accounts. As an example, note the following comparison (larger bits equal stronger password)

1. MyP@$$w0rd1$ (84 bits)
2. Is.My.Password (100 bits)

“Arguably, the second password, a passphrase, is much easier to remember and type, and it is a stronger password.”

That might seem surprising, but if you’ve been using passwords, as many of us do, it’s worth considering the advantage of passphrases over passwords.

1 Comment »

RSS feed for Comments on this post.

  1. Comment by Dennis Owen @ August 11, 2021, 1:31 pm

    I like the idea of a passphrase. Unfortunately most sites dictate that their passwords include numbers and frequently special characters, and would reject a phrase such as Is.My.Password.

    One site I visited recently limited password length to 11 characters, meaning Is.My.Password would again be rejected.

    Until the use of phrases alone becomes widely accepted about the best you could do would be Is.My.Password1$ and hope you don’t run afoul of length limits.

Leave a comment

Plain text comments only.