What is a Passphrase?

A passphrase is a series of letters, characters, or words that can be combined like a password. They are used for many computer programs, to gain access to systems, data, or messages. It is similar to shorter passwords in use, but a passphrase can be as long as 100 characters and offer extra protection when needed. They can be used as a digital signature or to encrypt messages, and are often employed by important systems vulnerable to outside hackers.

Whereas a password is generally 4-16 characters, a passphrase is typically at least 20-40. The common passphrase should be known only to the user, should be long enough to remain difficult, hard to guess, easy to remember, and easy to type quickly and accurately. The passphrase should not be a common phrase or one from literature or culture. It should not be something with obvious meaning to the user or something that can be easily identified, even by people who know the user.

Different passphrases, just like different passwords, possess varying passphrase strengths. This is determined by the length of the phrase, the randomness of the phrase, and its use of characters available in the common lexicon. A phrase such as “IAmTheKingOfTheWorld” would not be good because it is not particularly original or uncommon. Replace the vowels with numbers, or a word with an anagram or a nonsensical string of words, and the phrase becomes more difficult. “I4m7heK1ng0fTheW0r1d,” for example, would be much more difficult.

A passphrase can be easy or difficult to remember, and can be written down. Certain passphrase are made of random groupings of numbers and letters, though a sense of structure makes them easier to remember. One method of formulating a passphrase is called Diceware. This tool is comprised of a list of 7776 short English words, and is determined by rolling dice. With a certain number of corresponding letters for each number on the die, different combinations of letters make different words. These different words can be combined into a phrase with more than 2,000,000,000,000,000,000 possibilities.

The modern idea of the passphrase was invented by Sigmund N. Porter in 1982 as a means of extra protection as computer systems began to enter mainstream culture. Pretty Good Privacy, a popular passphrase method, revolutionized the practice in 1991. Created by Phil Zimmerman in the United States, it was used to encrypt e-mails, and features a public and a private passphrase encryption key. A private key is used to open and send messages personally, and the public key of someone else is used to receive or send messages to them.