You may have recently come across the term “Pass Phrases” and likely found it in the same paragraph or sentence as the word “password.” Many users are now adopting the use of Phase Phrases in place of passwords to increase security.

What exactly is the difference between a pass phrase and a password? Well if you look at the use of traditional passwords, most people just choose as word (unfortunately, for some this is actually the word “password”). More complex passwords include the use of different characters and cases such as Pa$$WorD@, of course making it more difficult for an attacker to figure out. A pass phrase on the other hand consists of more than one word, which may or may not form a complete sentence. This means a pass phrase will contain spaces and be significantly longer than a password.

So which one is better to use - a password or a pass phrase? That of course must be based on personal preference. There are advantages and disadvantages to using each one. Take for example, the end users. Some may find it extremely difficult remembering a pass phrase and there is the issue of accurately typing in all the words. Be prepared for a few account lockouts if users continuously make errors when typing in the pass phrase. On the other hand, some may find it simpler to remember a string of words as opposed to a single word with numerous different character types.

For myself, I haven’t quite jumped on the pass phrase bandwagon yet and I’m still confident that my passwords are secure topped with my password policy. However, if you are interested in reading more, you should check out the TechNet article called The Great Debates: Pass Phrases vs. Passwords.