Blog

Passwords or Passphrases – What is the Difference?

A complex password might be the most secure thing you can use to protect your online accounts, but if you can’t remember it then it doesn’t do you much good. This makes the question of whether you should use a passphrase or a complex password an important one to answer. While for the past few years, the primary drive has been towards complex passwords, more and more, people are starting to lean towards passphrases– and many experts believe they provide even better security than complex passwords!

People are starting to lean towards passphrases– and many experts believe they provide even better security than complex passwords!

1) How to Create Longer, Harder-to-Crack Passwords

Longer passwords are more difficult to crack, but that doesn’t mean they have to be a pain to type. If you can create a passphrase instead of just a password, you’ll have both an easier time typing it in and better cybersecurity overall. In order to do so, here are some tips on how to make long passphrases easier to use: first, you want to use a string of multiple words, but not words that someone (or AI) would put in a sentence, or put together. This is important because if you used, for example, “thequickbrownfoxjumpsoverthelazydog”, this is a passphrase that could easily be guessed, as it’s an existing sentence that’s commonly used. Similarly, something like “passwordpasswordpassword” would be weaker, since “password” is still (!!) very commonly used as a password, and repeating the same word weakens your passphrase significantly. However, let’s say your mom used to take you to the Portland farmers’ market on Thursdays, and you would get fresh fruit there. You could use “ThursdayfruitfarmerPortlandmom” and, according to HowSecureIsMyPassword.net, it would take a computer about 2 decillion years to crack it! That’s 1,000,000,000,000,000,000,000,000,000,000,000 years! Even better, every time you enter that password, you’ll remember your Thursday outings with your mom. Remember you still need different passwords for every site, though, which gives you lots of memories to choose from. And you may want to consider storing your passwords in a password manager like Easeenet so you don’t have to recall which passphrase goes with which site!

2) Why Are Longer Passphrases Safer Than Longer Complex Passwords?

You’ve probably heard of passphrases, typically described as passwords that are long (usually 20+ characters) and easy to remember. However, you may not know why they’re considered safer than complex passwords. A complex password uses symbols, numbers, upper- and lowercase letters in combination with special characters. While this sounds safe to our brains, the reality is that when companies enforce complex passwords, their users are much more likely to reuse passwords, or slightly vary them from site to site, as opposed to choosing entirely new words in a passphrase. So, while C0lorful1! may seem like a strong password, a computer can hack it significantly faster than “horseappleelephant”.

3) Is It Possible to Crack Complex Passwords Faster than Passphrases?

Complex passwords are typically created by making a random combination of upper and lowercase letters, numbers, and special characters. But how much security do they provide? Do hackers have an easier time cracking longer complex passwords than longer passphrases—as some people suggest—or are long passphrases actually better for cybersecurity? According to respected cryptographer Bruce Schneier, complexity doesn’t matter. There are algorithms today that computers can run to bypass the added “security” that complexity adds, and the strongest passwords combine length, novelty, and usability— combining commonly used words in a passphrase allows for an average user to rate higher on each of these three critical elements.

Done remembering passwords? Great! Let Easeenet help. Create one last password (or, as you now know, passphrase) to remember, and let us remember everything else. Get started in under 3 minutes and never forget a password– or passphrase– again!