The 411 on Strong Passphrases

Passwords are so early 2000’s and let’s be honest, us humans are pretty terrible at creating secure passwords, myself included. In today’s day and age, unique passphrases, in addition to using multi factor authentication, are key to keeping scammers from hacking your accounts and stealing your personal or financial information. The best types of passphrases are the ones that contain a string of unrelated words and are easier to remember than passwords containing random letters, numbers and symbols.

How to create strong passphrases:

  1. Use passphrases that are longer than 15 characters and include multiple words that do not have any obvious connection between them. The key to passphrases is randomness. Use words that are easy to remember, but difficult for hackers to guess.
  2. Separate each word with a hyphen, space, period, capitalized first letter or number to add more complexity to your passphrase.
  3. To remember your passphrase, create a story that ties all the words together. For example, if your passphrase is “Lyrics-Unicorn-Stained-Fancy”, the story could be that, You sang lyrics to a unicorn but during the concert you stained your fancy shirt.

What not to do when creating a new passphrase:

  1. Don’t repeat passphrases. At the very least, your email, bank and health accounts should have different unique passphrases for each specific account. Using the same passphrase among multiple accounts may be convenient, but it increases your vulnerability to hacking. If you use the same passphrase across different accounts, a hacker only needs to breach one account to get your login credentials for all your other accounts.
  2. Don’t use personal information like your pet’s name, your birthdate or your hometown. A hacker can quickly figure out this information based on your social media accounts and other information available online. People who know you personally might even try to login in to one of your accounts this way.
  3. Don’t replace letters in your passphrase with numbers or symbols. Swapping in an “@” symbol for an “A” may have worked in the early 2000s, but nowadays hackers can guess “p@ssw0rd” just as easily as they can guess “password.”  Instead, as mentioned above, use hyphens, spaces, periods, capitalized letters or numbers to separate each word in the passphrase and add more complexity.

Bonus tip: Don’t store passphrases on sticky notes, spreadsheets or digital documents. It might seem practical to store your passphrases this way, but if it falls into the wrong hands all your accounts will be compromised. If you can’t recite your passphrases from memory, consider using a password manager that encrypts your data.

Once you have created your passphrase, learn how to set up multi factor authentication to add an extra layer of security to your accounts.