We notice you are currently visiting the UK site. Would you like to visit our main site instead?

Password management. Laptop with memo stickies of complex passwords on the screen.

The benefits of passphrases

We’ve relied on complex passwords made of mixed-case letters, digits and special characters to keep our data secure – but the requirements that come with these complex passwords lead to common frustrations and frequent lock-outs.

Now, modern devices and log-in systems can provide a better way – passphrases. Passphrases are superior to the traditional “complex” password because of a powerful combination of benefits: they are easy to remember, but very difficult for humans or computers to guess. That’s why they’re recommended by NIST for advanced security.

The problem with complex passwords

Hacker attacks computer hardware microchip while processing data through internet network

The IT and cybersecurity leaders in enterprises set policies to protect sensitive data, but some of the strict password requirements in these policies can have unintended effects. When employees are required to change their passwords on a frequent basis, many will resort to reusing or slightly changing old passwords, resulting in weaker passwords for the sake of being easier to recall. Whenever a list of usernames and passwords is compromised, those passwords can end up in the hands of cybercriminals. With these real-word passwords, hackers can brute force thousands of the most common passwords to get access to protected data.

Easy to remember

Multiple character password entered into a password entry form

Because passphrases get their advanced security from length, not character complexity, they can be far easier for humans to remember than a sequence of numbers, letters and symbols. A passphrase can be anything from a song lyric, favourite quote, personal motto or inside joke – making for a memorable and easily typed passphrase.

Difficult to crack

With added length comes added complexity for the cybercriminal, and a stronger probability that your passphrase will be unique from others that may have been exposed in the past. The same type of brute-force attacks that hackers may use to crack traditional complex passwords will prove far more difficult to execute against a longer passphrase. While it may take a powerful computer a matter of seconds to attempt every possible combination of a 12-character-long password, passphrases of at least 15 characters – essentially a short sentence including spaces – take exponentially longer to crack. Brute-force password attack protection is a must – for those not familiar with this type of protection, this is the security that protects many mobile phones, such as Apple’s iPhone. After 10 retries, the phone will wipe all its data and reset to factory state.

Transitioning to passphrases

IKVP50 in laptop with passphrase password shown.

Currently, the main limitation to adopting passphrases in enterprise environments comes from legacy systems, which have short character limits and outdated password requirements. But the double-edged advantage of passphrases has made the feature the most requested among Kingston IronKey customers. That's why we provide passphrase capability across many devices in the IronKey hardware-encrypted flash storage lineup, including the IronKey Keypad 200 (which uses an alphanumeric keypad on the device itself), the IronKey Locker+ 50 and Vault Privacy 50 series USB drives, as well as the Vault Privacy 80 external SSD.

These devices allow users to select passphrase mode and can accommodate passphrases of up to 64 characters in length. This provides users with the flexibility to set long but memorable passphrases that leave their data more protected against breach attempts while being as easy to access as remembering a meaningful series of words.

Discover the passphrase capabilities and wide range of other ease-of-use features available on the Vault Privacy 50, Vault Privacy 80 External SSD, Keypad 200 and Locker+ 50 to determine which device is the best fit for your data needs – and start thinking of the passphrase you’ll use for your new, ultra-secure device. The next step is to change your internet passwords to passphrases that are customised to your website. Even with complex password requirements, passphrases will be easier to remember and type in, and harder to guess.


Ask an Expert

Ask an Expert

Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.

Ask an Expert

Related Articles