What Makes a Good Passphrase?
Rather than lecture you about passwords and passphrases let’s simply recap the best practices you should adopt.
Simply stated: you must construct strong passphrases that are difficult for hackers to crack. This is one of the most fundamental aspects of your Internet security. Your accounts, information, devices and apps are only as secure as the passphrases you use to protect them.
This means using longer, more complicated and even random passphrases. As general rules:
- Passphrases should be at least 8 characters long, but the longer the better.
- Passphrases should use a mix of at least 3 character types (uppercase letters, lowercase letters and numbers). Ideally, you should also use symbols (! – +), if supported.
- Passphrases should not contain your name, username, birthdate, license plate number, phone number, favorite movie or any other personal information, including similar details for your spouse, partner or children.
- Passphrases should not contain any nouns (the names of persons, places or things).
- Ideally, passphrases should not contain words found in any dictionary of any language.
The last point is often ignored but important as it further protects your accounts from brute force dictionary attacks.
More About: Brute Force Dictionary Attacks – A brute force dictionary attack is a method that hackers use to crack passwords by applying all possible words found in dictionaries (and not only English-language dictionaries). Hackers use apps to enter every word as well as combinations and variants of words, to gain entry into your accounts. This hacking method can be surprisingly simple and fast.
When generating passphrases, pick something random and even ridiculous. If you follow these guidelines, it will simply take too long for hackers to crack your passphrases and they will move on to an easier victim.
Using Tools to Keep Track of Your Passphrases
While it may be a pain to keep track of many complicated passphrases, there are plenty of tools to help you quickly generate strong ones and to keep track of them. Many apps even help you automatically and seamlessly log in to your stored accounts.
- Dashlane (free & premium versions available) is a popular and reliable premium passphrase manager app. Dashlane even lets you change all of your passwords with a single click. This can be a lifesaver, especially in the face of large scale data breaches. See our in-depth Dashlane review.
- LastPass (free & premium versions available) is a handy passphrase management tool for all your online accounts. With LastPass, you set up one master passphrase and it keeps and manages all of your account passphrases. LastPass helps you construct strong passphrases with an easy wizard that automatically appears when you are creating a new passphrase. The underlying data is kept on LastPass’ encrypted servers – hence, using this service requires a degree of trust in the provider and confidence that they won’t be a victim of a widespread hack – but storing your data in the cloud this way also allows you to access your passphrases remotely from any device connected to the Internet. See our detailed Lastpass review.