Passwords vs. Passphrases

Share This

What’s the difference between Passwords vs. Passphrases? What is a passphrase? A passphrase is a password composed of a sentence or combination of words. Passphrases generally tend to be longer and more complex than the average password, which increases overall security. While passphrases should be something that the user can remember, it is highly discouraged to use a common phrase. An example of a passphrase could be four random words, such as, “engineerworksharrisstudying” (engineer, works, harris, studying).

While it may seem counterintuitive to use a series of random words for a credential, phrases like these are more memorable and far more secure than a password, which typically seeks security through a mix of numbers, special characters, and upper and lowercase letters.

Passwords like this—for example, “GenIusc0de123!”—are in fact easier to crack while at the same time more difficult to remember for the user.

Sites such as can help to generate a completely random passphrase.

Why Is It Important to Use Passphrases?

Are passphrases more secure than passwords? We are in an age where simple passwords no longer retain the security they once did, which is why passphrases have become so essential. The benefit of passphrases is that they make it easier for a user to generate entropy and a lack of order—and thus more security—while still creating a memorable credential. Generating entropy through randomized characters can be difficult, but this also makes it more difficult to launch a cyberattack against you.

  • 91% of respondents understand the risks of using the same password across multiple accounts, but 59% do it anyway.

Once a password has been hacked, this information can be used to penetrate other accounts with the same or similar passwords.

Passphrase vs Password: Time to Hack

The biggest factor in the consideration of passphrases vs passwords is simply the amount of time it takes to crack a password. Hackers employ a form of cyberattack called a “brute-force” attack, whereby an automated program repeats password combinations over and over again until the password is cracked.

  • Over 80%of breaches caused by hacking involve brute force or the use of lost or stolen credentials.

For methods of hacking like these, the length of the password is a greater determinant of its strength than its variety. In other words, your password with an upper-case first letter and an exclamation mark at the end is not nearly as secure as you think it is. Over at Hive Systems, they’ve created a useful chart that demonstrates how powerful various types of passwords are, including long passwords with no special characters and short passwords with many special characters. What Hive Systems found was exactly in line with what the recommendations for adopting passphrases would suggest.

For example, if you take a look at the graph, you will notice that a short password (seven words) that includes uppercase letters, lowercase letters, numbers, and special characters, can be broken in about six minutes. Now compare this to a passphrase using only lowercase letters but that is 14 characters instead of seven—this would take approximately 51 years for a hacker to crack. 6 mins for a password vs 51 years for a passphrase!

Key Takeaways

  • Human error is a key factor in the increasing volume of cyberattacks we’ve seen in recent years
  • Cyberattacks rely on human error and weak credentials in order to exploit users.
  • Password length, rather than character variety, is the primary component of a password’s strength, meaning passphrases are far more secure than passwords—even if they feature no special characters at all.
  • In the Passwords vs. Passphrases war, Passphrases keep you better protected

Keeping your network and personal data protected is getting more difficult as hackers find new ways to infiltrate everyday digital environments.  Global CTI offers penetration testing, user training and many more tools to help you evaluate the state of your network, endpoint security and user awareness, all of which provides valuable information as you develop network protocols and protection points!

Related Blogs

  If you don’t have one already, there’s a good chance that...
  At its core, a firewall acts as a barrier between a...
How Does Teams Play In Today’s Evolving Work Environments? Increasing pressures on...
Mitel Product Updates for UCaaS When Mitel announced its strategic partnership two...
  Penetration testing is typically run by human penetration testers while vulnerability...
  Endpoint protection involves all the practices, protocols, tools, and teams involved...

Join Our Newsletter & Learn

Get our latest content delivered to your inbox.