Passwords VS Passphrases

This is mostly from an article that I originally published on PublishOx a while back. Since then I got into a conversation on the topic with friends on Noisecash. Since they don't use PublishOx, they asked me to put it here. I think readcash is a better choice for publishing, what do you think.

I was doing some research on Cryptotaxes when I had to create a new account to try a site’s service.  When I opened my password manager (Bitwarden) to set up a new account, I was surprised by the choice of a password or passphrase.  All of a sudden, I was sidetracked and started finding information to satisfy my own curiosity on which is more secure, a password or a passphrase.

After a few searches, I found myself at https://xkcd.com/936/.  If you have never been there and you love math and code, check it out.  This site had the following comic explaining the advantage of a passphrase over a password on a level that I could understand.

So. in order to understand this dilemma, we need a few definitions (exposition).  First, if you are doing any crypto investing or even have an email, you know that a passcode is, hopefully, a line of nonsense that is protecting your accounts.  If you are still using easy-to-remember passwords, don’t.  If it’s easy to remember and a password, then it’s following patterns.  Patterns are easy for hackers to hone in on and exploit. 

If you have a cryptowallet, you are familiar with passphrases.  These are the random words that are listed for access to our wallets.  If you’re unfamiliar with this, it looks like: accustom-lazily-polka-display-hardened-partridge-bottling-snaking-procurer-dreaded-distress-obsession.

As I poured through the internet, all the articles I found agreed that passphrases are more secure.  This included the FBI.  It seems we have been brainwashed to think that passwords are better because they are hard to remember and guess.  Unfortunately, that is from the human perspective only.  For computers, they are nothing.  Remember, the longer a passcode, the more secure it is.  And there is another benefit; passphrases are easier to commit to memory.  You can use a set of words that have a meaning for you but are not related to your personal information, such as birthdays, kids, pets, or Splinterland cards.  If you have a passphrase generator, they can spit out the words and then you make sense of them in a way that you can remember.  And if you want a cherry on your passphrase, add a nonsense word or two with upper and lower case letters, along with symbols.

 The following was Protonmail’s advice for passphrases.

“When you use passphrases, also keep the following in mind:

• Four words should be sufficient. Five words are better.

• Don’t choose from the most common words, and don’t choose quotes or sayings. The words should be as random as possible.

• Use a unique passphrase for every account you own. That way, if one passphrase is ever exposed, the other accounts remain secure.”-Protonmail

Finally, I mentioned both Protonmail(email) and Bitwarden(passcode generator).  These are services that I trust and I only use their free features.  If you are interested, you can look them up.