A strong and secure password is your small business’s first line of defense against cyber threats. According to a study conducted by Verizon, over four in five data breaches are attributed to hacked passwords. You don’t have to use a traditional password for all your small business’s logins, however. An alternative option is to use a passphrase. So, what is a passphrase, and is it more secure than a password?

What Is a Passphrase?

A passphrase is technically a type of password that, like all passwords, is used to log in or otherwise access a protected system. But passphrases are unique because they consist of multiple words, which are either directly connected or separated with spaces (if spaces are supported by the protected system). In comparison, traditional passwords consist of any random combination of upper-case letters, lower-case letters, numbers and special characters.

An example of a passphrase is “meadow sunshine lollipop bicycle.” The words within the passphrase are seemingly random, but they are pieced together to form a passphrase. An example of a traditional password, on the other hand, is “d7@!hD4.”

Benefits of Using a Passphrase

In recent years, passphrases have become a popular alternative to traditional passwords, largely because they are easier to remember. It’s frustrating when you can’t remember your password. For security reasons, you can’t just write down your password on a notepad or save it in an unencrypted text file on your computer. As a result, many people forget their passwords and are unable to log in to their protected systems.

Password vs Passphrase Security

Both traditional passwords and passphrases can offer a high level of security and protection against cyber attacks. With a traditional password, though, a hacker usually has fewer characters to crack than with a passphrase. Research shows the average length of a password is just eight to nine characters. Even if these characters consist of random letters, numbers and characters, a hacker can probably crack it with relative ease by performing a brute force attack.

Passphrases usually have significantly more characters, typically ranging from 15 to 50 characters. The words within a passphrase are real words, which a hacker can target, but the long character length makes them naturally protected against most brute force attacks.

How to Create a Strong Passphrase

If you’re going to use a passphrase, you need to make it strong enough so that hackers can’t easily crack it during a brute force attack. At minimum, include at least four words in your passphrase. The words you use, the better protected your passphrase will be against brute force attacks.

Regardless of how many words you use in a passphrase, make sure it’s at least 15 characters long (including spaces). Using fewer than 14 or fewer characters increases the risk of a hacker cracking your passphrase using automated software.