What is a passphrase and why would you use it instead of a password?
A passphrase is a phrase that is unique to your life, hence lengthy but easy to remember! Length = strength. It has been shown that lengthier passphrases are harder to crack than shorter, more complex passwords. For more information, please see the following NIST guidelines which support this recommendation.
What are some passphrase guidelines and examples?
For maximum security, your passphrase should be 14+ characters and can include spaces. It is not recommended that you use lines from songs, jingles, poetry, your pet’s name, your birthday or information easily discoverable on your social media accounts or public facing websites. Remember, use of a unique passphrase for each account will protect other accounts if one of your accounts is compromised, and MFA (multi-factor authentication) is recommended because it protects you if your credentials get compromised by requiring a second layer of authentication via a device in your possession.
Keep in mind that password requirements vary, and that when setting up passphrases, you may need to incorporate numbers, symbols and capitalized letters.
Passphrase examples:
- I LOVE walking to work in the morning & picking up coffee along the way!
- Anna 2010 goes to camp every summer in Vermont
- WalkRunCycleSwim
What about those security challenge questions?
When selecting security challenge questions to answer in connection with your accounts, choose or create questions (if this option is available) that cannot be readily answered by other people. Tip: the answers you supply to these questions do not have to be truthful, you just need to remember them.
For more information and resources on passwords and other cybersecurity topics, please visit the Security Awareness web page.