How long should a passphrase be?

Illustration of password field

You may have heard that longer passwords are stronger passwords, but is that really the case? What is the best password length for security? How long should a passphrase be? In this quick guide, we’ll go over the basics for creating a secure online password. 

The difference between a password and a passphrase

The terms password and passphrase are often used interchangeably, but they are slightly different. A password is a set of letters and symbols that are written in succession. A passphrase is a combination of words separated by spaces. 

  • Password: T3amL0gic
  • Passphrase: team logic it

Not all websites support passphrases because of the spaces between words. Passphrases are also less secure in some instances because they typically include common words. For this discussion, we’ll look at how long passwords should be.

Longer passwords are not always stronger

Most password prompts will encourage you to create a long password for security. This is true to an extent, but a long password isn’t necessarily a strong password. The eight characters in the password Brb15#49 are more secure than the 16 characters in ThisIsMyPassword. It’s more important to focus on the content of the password that the overall length. 

Characteristics of a good password or passphrase

Here are some components of a strong, secure password or passphrase:

  • Easy for the user to remember but not easy for a hacker to figure out
  • Fulfills all website requirements (character length, capital/lower case letters, and symbols)
  • Unique from other important passwords (bank logins, business emails, etc.)
  • Does not use common words or years
  • Does not use common substitutions, like the number zero in place of the letter O

Memorability is crucial. If you cannot remember the password, you’ll most likely write it down somewhere or forget it the next day. Writing it down leaves you vulnerable to someone seeing the password. Forgetting it leads to unnecessary calls to your IT company. Of course, we’re happy to help, but you can save yourself a great deal of hassle by making sure your passwords are easy to remember.