Password management. Laptop with memo stickies of complex passwords on the screen.

The Benefits of Passphrases

We’ve relied on complex passwords made of mixed-case letters, digits, and special characters to keep our data secure – but the requirements that come with these complex passwords lead to common frustrations and frequent lock-outs.

Now, modern devices and log-in systems can provide a better way – passphrases. Passphrases are superior to the traditional “complex” password because of a powerful combination of benefits: they are easy to remember, but very difficult for humans or computers to guess. That’s why they’re NIST-recommended for advanced security.

The problem with complex passwords

Hacker attacks computer hardware microchip while processing data through internet network

The IT and cybersecurity leaders in enterprises set policies in place to protect sensitive data, but some of the strict password requirements in these policies can have unintended effects. Many employees will resort to reusing or slightly changing old passwords when they are required to change their passwords on a frequent basis, resulting in weaker passwords for the sake of being easier to recall. Whenever a list of usernames and passwords is compromised, those passwords can end up in the hands of cybercriminals. With these real-word passwords, hackers can brute force thousands of the most common passwords to get access to protected data.

Easy to remember

Multiple character password entered into a password entry form

Because passphrases get their advanced security from length, not character complexity, they can be far easier for humans to remember than a sequence of numbers, letters, and symbols. A passphrase can be anything from a song lyric, favorite quote, personal motto, or inside joke – making for a memorable and easily typed passphrase.

Difficult to crack

With added length comes added complexity for the cybercriminal, and a stronger probability that your passphrase will be unique from others that may have been exposed in the past. The same type of brute force attacks that hackers may use to crack traditional complex passwords will prove far more difficult to execute against a longer passphrase. While it may take a powerful computer a matter of seconds to attempt every possible combination of a 12-character-long password, passphrases of at least 15 characters – essentially a short sentence including spaces – take exponentially longer to crack. Brute Force password attack protection is a must – for those not familiar with this type of protection, this is the security that protects many cell phones, such as Apple’s iPhone. After 10 retries, the phone will wipe all its data and reset to factory state.

Transitioning to passphrases

IKVP50 inserted in laptop, displaying passphrase entry screen

Currently, the main limitation to adopting passphrases in enterprise environments comes from legacy systems, which have short character limits and outdated password requirements. But the double-edged advantage of passphrases has made the feature the most requested among Kingston IronKey customers. That's why we provide passphrase capability across many devices in the IronKey hardware-encrypted Flash storage lineup, including the IronKey Keypad 200 (which uses an alphanumeric keypad on the device itself), the IronKey Locker+ 50 and Vault Privacy 50 series USB drives, as well as the Vault Privacy 80 External SSD.

These devices allow users to select passphrase mode and can accommodate passphrases up to 64 characters in length. This provides users with the flexibility to set long but memorable passphrases that leave their data more protected against breach attempts while being as easy to access as remembering a meaningful series of words.

Discover the passphrase capabilities and wide range of other ease-of-use features available on the Vault Privacy 50, Vault Privacy 80 External SSD, Keypad 200, and Locker+ 50 to determine which device is the best fit for your data needs – and start thinking of the passphrase you’ll use for your new, ultra-secure device. The next step is to change your internet passwords to passphrases that are customized to your website. Even with complex password requirements, passphrases will be easier to remember, type in, and harder to guess.


Kingston’s Ask an Expert icon on a circuit board chipset

Ask an Expert

Planning the right solution requires an understanding of your project's security goals. Let Kingston's experts guide you.

Ask an Expert

Related articles