Why You Should Have Passphrases, Not Passwords

By Miles Oliveira  |  

Business Development and Accounts Manager

Passwords are not hacked by a person anymore; they are hacked by software. The days of hackers sitting at a computer, furiously typing into a DOS-like interface and trying to guess your password via cross-site scripting are over. Anyone can download password hacking software for free and become a “hacker”—it’s never been easier.

While this is certainly unsettling, the experts at the recent Cyber Security for Manufacturers event from Oregon Business have recommended a simple trick for increasing the security of your login information.

In this article, we’ll cover the difference between a password and a passphrase, and why you and everyone you know should be using the latter.

What’s in a Password?

A password can only be created with inputs from a keyboard. To a password hacking algorithm, all it has to do is create every conceivable outcome from available keyboard strokes. It’s similar to a permutation in mathematics. The more numbers in the permutation, the more possible options and numbers, the more difficult it gets to compute.

A password’s length is its best defense against a hacker. The password “football” is just as secure (or insecure, we’ll get to that) as “F00tBalL”, which is just as secure as the password “(#f^{lp1”. The total number of characters is the same. Therefore, the hacking algorithm only sees 8 total characters. The algorithm doesn’t care if you wrote it in perfect English or put a random string of numbers and symbols together. The only thing that matters is length.

Go Long!

What’s nice, though, is that the time it takes to hack your password increases exponentially with each additional character added to the password. Here’s an estimate from Fortune on how the numbers break out:

Length of Password Time to Hack
4 characters (asdf) 5 hours
5 characters (asdfg) 5 days, 10 hours
6 characters (asdfgh) 4 months, 21 days
7 characters (asdfghj) 10 years, 2 months
8 characters (asdfghjk) 264 years
9 characters (asdfghjkl) 6,886 years
10 characters (asdfghjklm) 179,055 years

So, the longer your password, the better. But what about those randomly generated passwords from your IT person? Those tend to be quite long and, unfortunately, near impossible to remember.

Passphrase to the Rescue

To avoid having a treasure trove of passwords stored in the Notes app on your phone or written on a sticky note at your desk, the best thing to do is to implement what is called a passphrase.

A passphrase is created by combining a few short words together that are significant to the person creating it. Here are a few sources of inspiration:

  • Your favorite phrase from a novel or poem
  • The names of your children
  • All the street names you have lived on in chronological order

Tie any of these in with a 10-character minimum (as required by our IT staff here at Buildable) and a special character on top, and there you go! You have a passphrase.

New Password Policy, Anyone?

There are people from around the world who want to ruin your day and your business for their personal gain. As the tools used by hackers get more and more sophisticated, their motivation remains the same. They still want to gain access to your data and exploit it.

Your password policy should include a minimum character length. Get everyone in your organization on board, from the ground floor to the C-Suite to your customers. Anyone who accesses your data must have an excellent password.

If you’re now wondering about the cybersecurity of your business, we can help. Call us at (503) 468-4880 for a free audit →


"They were never afraid to show me their code, so I could always see what they were working on."

Adolf Valdez
Precision Analytical Inc.

"I found the best thing I liked about them is their communication. We were never left in the dark, like with other development companies."

Adolf Valdez
Precision Analytical Inc.

"Everybody here is more excited about the look and feel and being able to finally get live data. With the old system, we had to export text files and it always took a day. We're all excited to have something new, fresh, and with more functionality. The reports are more dynamic, and we can actually scale them."

Adolf Valdez
Precision Analytical Inc.

"Buildable Custom Software has people on our calls that are dedicated to our project, which is something we have not experienced before. Unlike past vendors that have experienced a lot of staff turnover, we have had the same team."

Josh Jones
CityCounty Insurance Services

"We haven't found many other vendors that can understand our unique business needs as well as Buildable Custom Software."

Josh Jones
CityCounty Insurance Services

"We have a rules engine that has hundreds of lines of code to develop these rates, and Buildable Custom Software condensed that down to seven or eight lines of code, and it works great."

Josh Jones
CityCounty Insurance Services

"The project manager puts the contract together and outlines what we're doing each sprint. She does an excellent job of organizing everything we need."

Josh Jones
CityCounty Insurance Services

"Buildable Custom Software has done a great job of understanding what our needs are."

Josh Jones
CityCounty Insurance Services

"They blew us out of the water with their proposal. They featured the latest and greatest software, and we were impressed by their past work."

Josh Jones
CityCounty Insurance Services

Web Design and Web Development by Buildable