惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
S
Secure Thoughts
月光博客
月光博客
美团技术团队
雷峰网
雷峰网
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Forbes - Security
Forbes - Security
W
WeLiveSecurity
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
爱范儿
爱范儿
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recent Announcements
Recent Announcements
Webroot Blog
Webroot Blog
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
罗磊的独立博客
The Register - Security
The Register - Security
Blog — PlanetScale
Blog — PlanetScale
T
Threat Research - Cisco Blogs
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
B
Blog
腾讯CDC
Microsoft Azure Blog
Microsoft Azure Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Engineering at Meta
Engineering at Meta
Latest news
Latest news
IT之家
IT之家
D
DataBreaches.Net
博客园 - 司徒正美
N
Netflix TechBlog - Medium
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

Comparitech

How to watch McGregor vs Holloway 2 (UFC 329) from anywhere Medical billing firm MCBS warns 300,000+ patients of data breach - Comparitech Ransomware Roundup: H1 2026 stats on attacks, ransoms, and active gangs - Comparitech Colorado Health Network warns 68,000+ people of data breach that leaked SSNs, credit cards, and medical records - Comparitech Middletown, OH warns 123,000+ people of data breach that leaked SSNs, financial and medical info - Comparitech DeGoogling your life: What is it and how do you do it? How to opt out of Meta AI data collection - Comparitech Is CurseForge safe? Common risks and how to mod safely - Comparitech Cybercriminals say they hacked New South Wales Rural Fire Service - Comparitech Grandview School District warns 9,000+ people of data breach 21 months later - Comparitech Which industry & country has the worst email security? An analysis of 5,800+ domains for SPF, DMARC, DKIM & MTA-STS protocols - Comparitech Kootenai County, ID warns residents of government data breach that leaked personal info - Comparitech What is Kik? Is it safe for kids? - Comparitech Cybercriminals say they hacked Reynella East College - Comparitech Are UK council websites adhering to government security guidelines? - Comparitech Bellflower Unified Schools warns students of data breach that leaked SSNs - Comparitech What are location services and how do they work? - Comparitech How to bypass Xbox age verification - Comparitech What is a Minecraft dedicated IP? Do you need one? The best Discord alternatives in 2026 - Comparitech How to watch UFC Freedom 250: Stream UFC White House online Taos Mountain Casino warns of data breach that leaked SSNs Cybercriminals give Delano Public Schools two weeks to pay ransom How to fix ‘Your connection is not private’ in Chrome Plaza Home Mortgage warns 138,000 people of data breach that leaked SSNs How to watch the NBA Finals live online from anywhere Cybercriminals take credit for Singing River Health System data breach How Spammers Are Hiding Behind Google and the New York Times Ransomware roundup: May 2026 Iowa hospital warns 24,000+ people of data breach that leaked SSNs, medical and financial info 80K+ people notified of data breach at Louisiana university that leaked SSNs & bank info Finance firm IMA warns 525,000+ people of data breach Auto lender IAC warns 79,000+ people of data breach that leaked SSNs Sandstone, MN says SSNs and financial info compromised in ransomware data breach Las mejores herramientas de gestión de Active Directory Die besten Active-Directory-Management-Tools I Migliori Strumenti di Gestione di Active Directory Las mejores herramientas de gestión de logs Die besten Log-Management-Tools I migliori strumenti di log management Watching You, Funded by You: Number of CCTV Cameras by UK Council & Police Force Las mejores herramientas SIEM para alertas de seguridad automatizadas Die besten SIEM-Tools für automatisierte Sicherheitswarnungen I migliori strumenti SIEM per gli avvisi di sicurezza automatizzati Software maker warns 200,000 Frost Bank customers in Texas of data breach Oregon employment firm notifies 142,000+ people of two data breaches claimed by ransomware gangs Cybercriminals say they hacked Harrison County, WV commission, demand ransom Cybercriminals say they breached AdvancedHealth, Tennessee clinic confirms Fluke Corp notifies 18,000+ people of data breach that leaked SSNs What is Token-Based Authentication? Tokens Explained Western Orthopaedics warns 113,000+ people of data breach that leaked SSNs, credit cards, and medical info What is ARP? ARP protocol explained What is symmetric encryption? Crunchyroll VPN not working? Fix buffering, errors & region blocks American Lending Center notifies 123,000+ people of data breach that leaked SSNs How to watch Oleksandr Usyk vs Rico Verhoeven online Cybercriminals say they hacked CarePoint Health, stole data Ransomware gang claims attack and data theft from UK city school Horizon Media reports data breach of SSNs, cybercriminals take credit Claude VPNs (and how to use Claude safely) What is GhostPairing on WhatsApp? What is a prompt injection attack? Where do leaked passwords end up? A statistical analysis of the dark web’s credential pipeline Ransomware roundup: April 2026 Suffolk, VA warns 157,000+ people of data breach that leaked SSNs, finances How to watch UFC 328 (Chimaev vs Strickland) from anywhere Cybercriminals say they hacked Winona County, MN (again) Keeper vs 1Password: Which password manager is best in 2026? What is F-Droid? Is it safe? Proton VPN Secure Core: What is it, and should you use it? What is an agentic browser? Features and how to use them safely Sandhills Medical Foundation warns patients of data breach Cybercriminals say they hacked Massachusetts Development Finance Agency, its second breach in 2 years STELIA Aerospace confirms cyber attack on North American systems. $2.07 million ransom issued Debt collector Rodenburg Law Firm warns 81,307 people of data breach Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches How to block ads on Paramount Plus A complete guide to smart speaker privacy What is the Great Firewall of China Cybercriminals say they hacked Rusk County, WI What is a decentralized VPN? Do you need a dVPN? Southern Illinois Dermatology warns patients of data breach that leaked SSNs 92,000 people notified of data breach following cyber attack at Puerto Rican hospital Cybercriminals say they hacked Minidoka Memorial Hospital, demand ransom What is sensitive data? Types and how to protect yourself Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace Phoenix Art Museum warns of data breach that leaked SSNs Mozilla VPN vs NordVPN – VPN Comparison Guide Cookeville Regional Medical Center warns 338,000 people of data breach Antimalware vs Antivirus: What’s the difference? What is URL phishing? Examples and how to stay safe How to use a VPN in Bhutan (and the best options) Cybercriminals give Brockton, MA hospital one week to pay ransom after hack Is Truth Social safe? Everything you need to know What is cyberwarfare? Medical implant maker TriMed warns 80,000+ people of data breach Ransomware roundup: Q1 2026 Heart South Cardiovascular Group warns 46,000+ people of data breach Cybercriminals say they hacked Community College of Beaver County Critical Infrastructure at Risk: 179 ICS Devices Exposed Online
What is a passphrase? Are they safer than passwords?
Richard Erns · 2026-04-17 · via Comparitech

What is a passphrase

A passphrase is a sequence of words you string together to protect your accounts, and it can be more secure than a traditional password if you construct it properly. By using multiple random words, you increase unpredictability, which makes guessing or brute-force attacks much harder.

This guide explains what a passphrase is, how it differs from a password, and the different types you can use. We also dive into the pros and cons of using one, the key traits of a strong passphrase, and practical tips for creating and securely storing one.

What is a passphrase?

A passphrase is a sequence of words you string together to secure an account. You pick each word from a list randomly, so it’s unpredictable. Unlike a normal password, it relies on multiple words rather than just letters or symbols, making guessing much harder.

Passphrases work because each word adds bits of entropy, which is a measure of unpredictability. When you use four or more words chosen randomly, it becomes strong enough to resist a wide variety of password attacks. You can type it more easily, and it’s easier to remember than a random jumble of characters.

What is an example of a passphrase?

An example of a passphrase could be “ocean pencil window guitar.” Each word is ordinary, but together they create a long string that’s hard for attackers to guess. The words don’t need to make sense, and randomness is what keeps it secure.

You can create your own by rolling dice or using a random generator to pick words from a list. That way, you get a sequence that’s easy to remember but still very strong, so you can log in without writing it down or struggling to recall it.

What is the difference between a passphrase and a password?

The main difference between a passphrase and a password is length and structure. A passphrase uses multiple words in a sequence, while a password usually relies on a shorter mix of letters, numbers, and symbols to create security.

Passphrases focus on being easier to remember and type, while passwords try to cram entropy into fewer characters. You get more security per word in a passphrase because attackers can’t rely on predictable patterns, making guessing much harder compared to standard passwords.

Is a passphrase more secure than a password?

For the most part, passphrases are more secure than passwords, especially if you choose several words at random from a large list. Each word adds entropy, and together they create a huge number of combinations, which makes brute-force attacks far harder to pull off.

That said, platform limitations can make passwords preferable to passphrases in some cases. For instance, if a site limits you to 12-20 characters, a fully random short password can pack more entropy per character.

Types of passphrases

Passphrases can take different forms depending on how you choose the words or elements. Each has its own way of helping you remember it while keeping your accounts secure:

  • Keyboard pattern passphrases: Each word starts with a letter that follows a keyboard layout pattern (like the QWERTY standard). Example: Quiet Words Enemy Rose Thames Yellow.
  • Random passphrases: In this case, you pick the words randomly from a large list. This makes the passphrase harder to guess, but also to remember. One example is ForestTrumpetLadderComet.
  • Mnemonic passphrases: You take a sentence or phrase that’s easy to remember and turn it into a passphrase, so it looks random but sticks in your mind. For instance: Sunsets-over-hills-brinG-calm-eveninGs.
  • Image-based passphrase: Pick words inspired by a picture or scene you can visualize, like a particularly wild New Year’s party. Example: Champagne Glass Shards Everywhere Ouchie.

What are the advantages of using a passphrase?

Passphrases are a simple way to keep accounts secure without struggling to remember complicated passwords. Here’s how passphrases make life easier and safer online:

  • Easy to remember: You can recall a passphrase by picturing the words together, making it easier to log in without writing it down.
  • Strong against attacks: Randomly chosen words add real unpredictability, so guessing or brute-forcing the password takes much more effort, even from powerful supercomputers.
  • Stops repeated passwords: Using a unique passphrase for each account keeps hackers from gaining access to multiple accounts with the same login. You don’t have to reuse what’s easy to remember.
  • Smoother login process: Fewer special characters and simpler words mean less hassle when logging in. Passphrases are also easier to input on different devices.

What are the disadvantages of using a passphrase?

Passphrases only have the upper hand if the platform actually supports them and doesn’t force super strict rules during account setup:

  • Platform limitations: Some apps, websites, and enterprise services only accept short passwords, so long passphrases may not be an option.
  • Complexity requirements: Platforms may force you to use symbols, numbers, and mixed cases, which breaks the natural flow of word-based passphrases.
  • User friction: Creating a long passphrase that meets strict rules can slow down account setup and logins, as well as make them harder to remember than a typical password.

What are the characteristics of a good passphrase?

A good passphrase is long and random, with a nice degree of complexity, while still being memorable enough. Here are the specifics.

Word and character count

Aim for at least four separate words totaling 15 or more characters. Since each added word increases the total number of possible combinations, attackers will have a much harder time trying to guess your passphrase.

Think of each word as a random character in a typical password. However, instead of being limited to 95 keyboard characters per slot, you can work with 7,776 unique words per position if you use Diceware lists. You can also include spaces or symbols if a site allows them, which further increases the total combinations.

Entropy level (or unpredictability)

Entropy tells you how hard it would be for someone to guess or brute-force your passphrase. The more random and independent each element is, the higher the entropy. For example, picking four words randomly from a 6,000-word list gives more unpredictability than picking four words you like or recognize, since attackers can’t rely on patterns.

Being easy to remember

Randomness doesn’t mean it has to be confusing. A good passphrase works best when you can recall it without writing it down. Choosing words that you can visualize or link together helps you remember the sequence, so you can log in quickly while keeping your account secure.

How to create a strong passphrase

Here’s a quick checklist of what goes into making a strong passphrase and how to keep them away from prying eyes:

  1. Go for longer phrases: Four words and 15 characters is the minimum, but don’t hesitate to add more and make it even stronger against attacks.
  2. Shuffle your words: Rearranging words makes patterns harder to guess. You can take a familiar sentence or list of words and mix the order so it’s still memorable but less predictable to anyone trying to crack it.
  3. Make it easy to remember: Pick words you can visualize or link together in a story. When you can picture the phrase, you’re less likely to forget it, and you’ll find it easier to type on any device. If you run into strict requirements, follow a simple rule like “capitalize every third word and add a #” so you stay consistent and avoid mistakes.
  4. Give each account its own phrase: Using the same passphrase everywhere puts all your accounts at risk if one is breached. Use unique phrases for each login, just like you would with regular passwords.
  5. Avoid private details: Words like your name, birthday, or address can be found online and make guessing easier. Stick to unrelated words or concepts that can’t be linked back to you personally.
  6. Change passphrases periodically: Even strong passphrases aren’t unbreakable forever. Updating them every few months or after a potential data breach keeps your accounts safer and prevents long-term exposure.
  7. Don’t share your phrases: Sharing passphrases, even with trusted people, increases the chance they could be leaked or misused—so keep them private.
  8. Use a password manager: A good manager remembers all your passphrases, lets you generate new ones, and keeps them organized. This helps you use long, strong phrases without needing to memorize every single one.

Passphrase FAQs

Are passphrases easy to hack?

Passphrases are hard to hack when you pick enough random words from a long list. Each word adds unpredictability, and a properly made passphrase gives attackers a huge number of combinations to guess, making brute-force attacks extremely difficult.

Why are passphrases better than passwords?

Passphrases give you more security without making you remember random characters. Using multiple random words creates strong entropy, makes accounts safer, and lets you type something you can actually remember instead of juggling letters, numbers, and symbols.