Brandon Lee on the IT Security Guru site discusses “What characteristics make up an effective password policy?” Lee comes down for using passphrases instead of passwords.
“Passphrases,” he explains, “offer many benefits over traditional passwords. These benefits include easier to remember than passwords with special characters. They are much longer and stronger passwords that can be unpredictable for attackers hoping to compromise accounts. As an example, note the following comparison (larger bits equal stronger password)
1. MyP@$$w0rd1$ (84 bits)
2. Is.My.Password (100 bits)
“Arguably, the second password, a passphrase, is much easier to remember and type, and it is a stronger password.”
That might seem surprising, but if you’ve been using passwords, as many of us do, it’s worth considering the advantage of passphrases over passwords.