What Is Better: Complex Passwords Or A Passphrase?

As we enter the third decade of the 2000s the password is still king when it comes to securing online accounts. Using a strong password can be the only thing that prevents your account from being hacked but for many people they are too hard to remember. Of course one option for that is to use a password manager but there is another option. Have you considered using a passphrase?

Finding The Perfect Password

There is no one way to properly craft a password. Some people will change the case of letters or insert numbers and special characters into their password while others simply generate a random string of gibberish. Both of these can work and can make the password much more difficult to crack but the latter can be impossible to remember.

How Long Does It Take To Crack A Password

One thing is for sure, the longer the password is the better. Using the calculator on betterbuys.com we will illustrate this. Taking one of the most commonly used passwords of the past decade, password, we entered that in. For a bot to crack it it needs .2 milliseconds. Variants of that include passw0rd and Password take even less time to crack at .19 seconds  but p@ssword and Passw0rd would take over two months and four months for a bot to crack. A simple change like that can make a big difference but it is hardly secure.

Using a variant like that is not secure. For passwords like these dictionary attacks are the most common method and it is easy to try simple variants. You might think that you have a secure password but you don’t.

What about a string of gibberish? We went to passwordsgenerator.net. to generate a random password. An eight character password bc7FP6AC would take almost 5 months to crack. The 12 charachter password 3HRSrTNeRPFU would take millennia to crack and the 16 character password 4fNe2SNrt9aAjyb5 could never be cracked. That is great, but you will never remember that.

At the same time a 16 character word (you know the kinds of words that only scientists, professional Scrabble players or the kids at spelling bees know how to spell) can also be effective. Taking a random sampling from this list of 16 character words we see that anemographically would take 81016 milenia to crack, as would electrocolloidal, ichthyophthirius and tapeinocephalism. Organoleptically would not be able to be cracked.

Bet you never thought you would come across those words today did you?

Could A Passphrase Work?

So, is there a way you can get the same level of protection while being able to remember the password at the same time? Yes, use a passphrase. The passphrase thispasswordisstrong could never be cracked just like the 16 character random password and we could bet that you would be able to remember it. No special characters or capital letters necessary!

That means no more need to remember if it is a 0 or an O in your password and did you add a # to the end. There is no more need to change the letter a to a @. No need to remember if you thought you would outsmart yourself and use a different word and start the process over again. 

How Long Does It Take To Crack A Passphrase?

Other examples like ilovegoodpasswords would take 54,814,136 millennia to be cracked and crookshatestrongpasswords would never be able to be cracked as would nicelydonesitesisgreat. More personal examples like ilovemywife would take over 6 years as would ilovemykids and ilovemywifeandkids would take 54,814,136 millennia to be cracked. Less positive ones like ihatemyjob would take 3 months and ihatemyboss would take almost 7 years. 

For a reference the Earth is about 45 million millennia old and humans have only roamed this planet for 200 millennia with our earliest ancestors going back about 6,000 millennia.

Passphrases Are Being Recommended

No need to change or add characters, no need for random gibberish. Instead you have a password that you can remember. It seems like a win/win for everyone. Over the course of the past 20 years people have had somewhat of a false sense of security with a strong password that would be difficult for a person to crack but extremely easy for a bot to crack. A passphrase takes care of that. In fact there is a recommendation from the National Institute of Standards and Technology (NIST) to increase the size of the password field to 64 characters to accommodate passphrases and the Department of Homeland Security has echoed it.

This certainly seems ideal. They are secure and they are easy to remember. That will be until cyber criminals change their tactics.

Comments are closed.

Scroll to Top