Passphrase
What is Passphrase?
PassphraseA long sequence of words or characters used as an authentication secret, typically chosen for high entropy and memorability rather than complexity.
A passphrase is essentially a long password built from multiple words — for example, four to six random dictionary words selected via a method like Diceware. Because entropy scales with length, a passphrase of 20+ characters can resist brute force far better than a short, complex password while remaining easier for a human to remember. Passphrases are widely used to protect disk encryption keys, SSH private keys, GPG keys, and password-manager vaults. Best practice is to choose words at random rather than constructing meaningful sentences, never reuse the passphrase across systems, and combine it with MFA or a hardware key where supported.
● Examples
- 01
Unlocking a Bitwarden vault with a four-word Diceware passphrase.
- 02
Protecting a LUKS-encrypted disk with a long human-memorable passphrase.
● Frequently asked questions
What is Passphrase?
A long sequence of words or characters used as an authentication secret, typically chosen for high entropy and memorability rather than complexity. It belongs to the Identity & Access category of cybersecurity.
What does Passphrase mean?
A long sequence of words or characters used as an authentication secret, typically chosen for high entropy and memorability rather than complexity.
How do you defend against Passphrase?
Defences for Passphrase typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Passphrase?
Common alternative names include: Pass phrase, Master passphrase.