Passphrase vs Password For Security

In this article we learn about passphrases, how to make a strong passphrase and what the benefits are over passwords.


Security is a major issue for any user and administrator. Sometimes we do not provide permission for a user to create his own password, instead we create a random password and provide it to the user to access their accounts. Once this password is generated the user can login into their accounts. When the user logs in the first time then he/she uses that password that has been randomly generated and given to him/her. After successfully logging in the first time the user can change their password but there is one thing here that is mandatory; the user must follow the rules that we make for a password. If we send a randomly generated password for a user and the user forgets this password then we will again send a new password for the user. Here one thing is known, when the user change his password then first it is salted and hashed then it is stored in the database.

What a Passphrase is

Passphrases were invented by Sigmund Porter in 1982. As we know, a password is a string formed by characters or numbers to access a user's account, a passphrase word is formed using two words, one is pass and the other is phrase. The pass word means it is password and a phrase word means a collection of two or more words. A passphrase is a combination of words, numbers and special symbols that are long in nature compared with passwords. At the present time in the security world applications usually ask for a long password and that long password is known as a passphrase. Sometimes when you enter your passphrase then programmers use your passphrase to form a cryptographic key for encryption of your data thereby increasing the security level. Always make a strong passphrase to make strong security. For example you make a passphrase like "My Wife's is Celebrated on the 12/12/2014".

The following shows the difference between a password and a passphrase:

The following provides a list of characters and numbers for making a passphrase stronger.

Sometimes we make a password or passphrase with all the characters shown in the table after all our passphrase or password goes to weak the category, for example we make the password HELLORizwan123@ and the passphrase is like "HELLO! how are you?". So to make them stronger change them to something like "H3ll0 R1zwan 123@" and change the phrase to something like "H3ll0! H0w Are y0u?". Always make the passphrase stronger and more complicated so attackers will not easily crack your passphrase. Like if you have the passphrase "I am love to play cricket" then you can change it into "Imlov2plycricket@". Please do not forget these things when choosing a passphrase.

  • It is not as hard as when you enter in the text box and many times you enter the wrong spelling. Due to that it will lock up your account.
  • Never share your passphrase since someone else may harm you.
  • As I said above a passphrase should always be meaningful, but never choose a very long phrase such as three to four sentences.
  • Always make a passphrase that is not easy to guess because sometimes someone that knows you might be able to access your account because that person knows information about you.

A passphrase has all the complexity necessary to make an account secure because in a passphrase we use uppercase, lowercase, punctuation, numbers and so on. As I said, a passphrase is long but is very easy to remember compared to passwords because passphrases may be your favorite song, it may be your favorite poem, a favorite movie dialogue and so on. So remember, a passphrase is easy compared to a password. A passphrase is usually used in a Wi-Fi network system with the encryption key so the security of your system and the system of which you send the request to depends on the complexity of the passphrase that you choose. Many digital currency companies use a passphrase for security purposes because sometimes if they don't then they have the problem of currency misappropriation. At the current time many operating systems like Windows XP, Windows 8 and Mac OS provide the facility to choose a long passphrase for accessing your account instead of a short password. Passphrases ususally work with disk encryption so most companies require disk encryption for laptops and systems for getting important data. A popular internet service known as the HushMail provide the facility for its users to encrypt their email data but it totally depends on the complexity of your passphrase that you choose. 

We can also create a random password for the users and send the password to them using email or a mobile SMS. When the user does log in the first time then he/she uses this password, if he/she wants to change the password then they must follow the rules and change the password.

Code for generating a Random Password

  1. <form id="form1" runat="server">  
  2.    <div>  
  3.        Password Length:    <asp:TextBox ID="txtPassLength" runat="server"></asp:TextBox>  
  4.         <br />  
  5.         Random Password: <asp:TextBox ID="txtpassword" runat="server"></asp:TextBox>  
  6.         <br />  
  7.         <br />  
  8.         <asp:Button ID="Button1" runat="server" onclick="Button1_Click"  
  9.             Text="Generate Password" />  
  10.         <br />  
  11.     </div>  
  12.     </form>  
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.UI;  
  6. using System.Web.UI.WebControls;  
  8. public partial class _Default : System.Web.UI.Page  
  9. {  
  10.     protected void Page_Load(object sender, EventArgs e)  
  11.     {  
  13.     }  
  14.     protected void Button1_Click(object sender, EventArgs e)  
  15.     {  
  16.         string allowedChars = "";  
  17.         allowedChars = "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,";  
  18.         allowedChars += "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,";  
  19.         allowedChars += "1,2,3,4,5,6,7,8,9,0,!,@,#,$,%,&,?";  
  20.         char[] sep = { ',' };  
  21.         string[] arr = allowedChars.Split(sep);  
  22.         string passwordString = "";  
  23.         string temp = "";  
  24.         Random rand = new Random();  
  25.         for (int i = 0; i < Convert.ToInt32(txtPassLength.Text); i++)  
  26.         {  
  27.             temp = arr[rand.Next(0, arr.Length)];  
  28.             passwordString += temp;  
  29.         }  
  30.         txtpassword.Text = passwordString;  
  31.     }  
  32. }  

Finally I can say this. A passphrase is a very important part of security because it is stronger compared to simple passwords. It provides more options for the users to make theirr accounts more secure. Using the passphrase we can make our accounts safe from the Brute force Type of attacks. As we know attackers are very active in nature so please be careful in your choice of passphrase. I think this article is helpful to you for understanding passphrases.