Sontiq logo

Replace Passwords with Passphrases for Safer Logins

computer screen

Cybercriminals have been getting more sophisticated in their attacks, employing advanced technologies like automation and artificial intelligence (AI) to make their attacks more effective. While it once was considered secure to use a six- or eight-character password to keep your personal information safe, today’s cyber landscape requires stronger, more secure password protection.

Cybersecurity standards for logins have evolved. Law enforcement, cryptologists and cybersecurity leaders now agree that the longer and more complex a password is, the more secure the account it protects. One organization shows that the longer and more complex, the time required to crack the password can change from mere seconds to thousands of years.

One approach for creating secure logins is to replace traditional passwords with passphrases. Let’s look at what those entail.

Creating Secure Passphrases

While a password is typically a short character set of mixed digits, a passphrase is longer — at least 12 characters long and comprised of a mix of upper and lowercase letters, numbers and special characters. One way to create a passphrase would be to put four random words together or use a unique phrase that is special to you that is easy to remember. Then mix in different letter cases and swap special characters for letters.

To illustrate, let’s take 2022’s song of the year, Leave the Door Open by Silk Sonic. By changing upper- and lower-case letters and replacing numbers and symbols, you end up with a 16-character passphrase of L3@v3TH3d00r0p3N.

This approach can be used with movie titles, artist names, books, etc. Just don’t choose something that has a strong personal connection that can easily be guessed: If you run a Scarlett Johansson fan page, for example, it’s best not to use variations of her name or movie titles since cybercriminals might guess that might be what you would use.

Checklist for More Secure Passphrases

When selecting the phrase you’ll use to make your passphrase, there are a few additional considerations to help keep you protected. TransUnion recommends asking a few questions when selecting a passphrase:

  • Does it include identifiable information? Using your place of birth or birthday might make it easier to remember, but it can also make it easier for attackers to break — especially given all the personally identifiable information (PII) that can be gleaned from your online activities. A scan of social media, comment threads and public documents can reveal those details, so it’s best to avoid them in your passphrase.
  • Is it sufficiently different than my other passphrases? If you simply use variations of the same password—adding a different number at the end for each account, for example—if a cyberthief gets the passphrase for one account, they might try variations to get into other your accounts. Having unique passphrases for each account offers greater security.
  • Is multi-factor authentication (MFA) available and, if so, is it enabled? Multi-factor authentication (sometimes known as two-factor authentication, or 2FA) requires additional verification steps to access your accounts. In addition to your password, you may need to enter a temporary passcode that is texted to you or use a fingerprint scanner or facial recognition software. Even if a thief knows your password, these additional verification steps would make accessing your info more difficult.

Different Passphrases for Different Logins

One piece of advice that does not change is to keep your login credentials unique for every device and account. You don’t want to use the same passphrase for multiple places. Otherwise, if one set of login credentials is compromised in a data breach, attackers could potentially gain access to other accounts that use the same passphrase.

That’s particularly important since many apps, devices and accounts are interconnected. If a bad actor successfully gets into one account, they could use the same credentials to access your other accounts.

Remembering a long list of unique passphrases can be tricky, but you should not write them on a piece of paper since that’s too easy to steal. To keep your passphrases and accounts safe, you may want to consider a password manager — a tool that securely stores a user’s login credentials.

As identity thieves, cybercriminals and scammers enhance their attack tactics, it is important that we all raise our cybersecurity game. Strengthening the logins that protect our devices and accounts — and all the valuable information they contain — is the first step to thwarting the efforts of those attackers.