← All Tips/PASSWORDS
PASSWORDS

Use a Passphrase, Not a Password

Length > Complexity. "correct-horse-battery-staple" is harder to crack than "P@ssw0rd1!".

The Problem With "Strong" Passwords

For decades, the advice has been the same: mix uppercase, lowercase, numbers, and symbols. The result? Passwords like "P@ssw0rd1!" that are simultaneously hard for humans to remember and relatively easy for computers to crack.

Modern password crackers use dictionary attacks, rules, and GPU brute-force that shred these "complex" passwords in hours. A dictionary attack tries every known word and common substitution (@ for a, 0 for o, 1 for l). Your "clever" substitutions aren't clever to a machine.

Why Passphrases Win

A passphrase like correct-horse-battery-staple is four random common words strung together. It's 28 characters long. Even if an attacker knows you're using this technique, the math is brutal for them:

  • Assuming a vocabulary of 7,500 common words
  • 4 random words = 7,500⁴ = 3.16 trillion possible combinations
  • At 100 billion guesses/second (high-end GPU cluster), that's 8 hours to crack
  • Add a 5th word and it becomes 880 years

"P@ssw0rd1!" with full complexity rules? A well-equipped attacker cracks it in under a minute.

How to Generate a Good Passphrase

  1. Use a password manager (Bitwarden, 1Password) to generate truly random passphrases
  2. Dice roll method (Diceware): Roll a real die 5 times, look up the word in the Diceware word list. Repeat 4–6 times.
  3. Never use phrases from songs, movies, or famous quotes — those are in the dictionaries

Storing Passphrases

A passphrase is still a password — don't reuse it across sites. Use a password manager:

  • Bitwarden — free, open source, audited
  • 1Password — best UX, teams feature
  • KeePassXC — offline, local storage

The Bottom Line

The strongest password is one you didn't choose — generated randomly and stored in a vault. But if you must memorize a password for your vault master key or emergency access, make it a passphrase. 4+ random words, no predictable substitutions.

Length beats complexity every time.

Get your site properly hardened.

The Voice of Cash delivers professional security audits and hands-on implementation.

Speak to a Specialist →
Next →
Clear Your Cookies Weekly