Best Passphrase Use
A passphrase is best used to enhance security by providing a longer and more memorable alternative to traditional passwords. Passphrases are typically longer than passwords, often consisting of four or more words, which makes them harder to crack through brute force attacks. They are easier to remember than random strings of characters, reducing the likelihood that users will write them down or use simple, easily guessed phrases.
To create a strong passphrase, follow these guidelines:
- Use at least four words, each with four or more letters.
- Include spaces between words to increase complexity.
- Consider using a mix of uppercase and lowercase letters, numbers, and special characters to add complexity.
- Avoid common phrases, song lyrics, or easily guessed sequences.
- Use a passphrase generator or a method like diceware to ensure randomness (in my view not recommended as you could leave a trace of the phrase online).
- Store your passphrases securely using a password manager.
For example, a passphrase like “flew cat book through there!” is easier to remember and harder to crack than a complex password like “p%9y#k&yFm?”.
Using a passphrase can significantly improve security, especially when combined with multi-factor authentication something that we are no longer able to bypass. This combination provides an additional layer of protection, making it even more difficult for unauthorized users to access your accounts.
By following these best practices, you could effectively leverage passphrases to help protect your online accounts and data.
From the table above, you can see that to be safe we need a password of complexity with at least 10 characters, this will give a 5 year safety margin and by that time I presume that the data will be out dated and of little value. This table however does not tell the full story as we move into the next generation of computing, Quantum computing will drastically shorten these times. To ensure we stay relevant, I recommend anything above 13 characters with complexity.