Building a Strong Defense: The Passphrase Strategy

If you cannot use single words, names, dates, or sequences, what should you use? The modern gold standard for online security is the “passphrase.”

A passphrase is a sequence of four or more completely random words strung together. Length is mathematically far more important than complexity when it comes to defeating hacking software. A password like “Tr0ub4dour!” might look tough, but it is relatively short and easy for a computer to crack. However, a passphrase like “purple-coffee-blanket-sunrise” is incredibly long, making it nearly impossible for brute-force software to guess within our lifetimes.

The beauty of a passphrase is that it is highly secure against computers, yet remarkably easy for a human brain to visualize and remember. You can picture a purple coffee mug sitting on a blanket during a sunrise. When creating your own passphrase, follow these simple guidelines:

• Choose at least four random words that have no logical connection to each other.
• Do not use famous quotes, song lyrics, or common idioms, as these are included in dictionary attack databases.
• Separate the words with a dash or a space (if the website allows spaces).
• Add a number or a special character at the very end if the specific website’s rules require it.