A passphrase is essentially the same as a password. It is a secret only you should know that allows you to identify yourself as the owner of your account. The technology hasn't changed, and you'll still find it referred to as a password in many systems. However, where it differs is the parts that comprise it, and the degree of security it provides.
Unlike a traditional password, a passphrase is constructed using several dictionary words that may or may not form a complete sentence eg, "fuzzypeanutsandshinypurses" (fuzzy-peanuts-and-shiny-purses). The recommendations for creating a passphrase are as follows:
- Minimum length of 14 characters
- Maximum length of 32 characters
- Composed of 4 or more dictionary words*
- It should be memorable but hard to guess
- It should not be a single long dictionary word or numeric sequence
- It should not contain any personal information
*If you prefer to use a password manager, a passphrase using 14 random characters is still a suitable choice.
