Most of us type in a user name and password to login to accounts and forget about it.
Think about this…
A password is generally 7 or so characters made up of letters and numbers. Pretty easy to crack with a computer. A passphrase is a series of words and some salt (explained later) that makes it much harder to decrypt.
Passphrases are used in areas where the user is more than casually concerned about break-in. Wifi uses passphrases, the military, and PGP applications (are recommended) to use them. Unfortunately, not all logins can use a passphrase. Most are limited to the number of characters in a password.
Strictly speaking, a passphrase is just a long password - 20 to 40 characters typically. Of course the longer the password the harder it is to crack.
Passwords are ok for systems that do not allow computer break-in: such as logging into a system that shuts you off if the wrong password is entered more than 3 times, for example. Passwords are *not* ok for encrypted messages, such as encrypted email, because there is no penalty for trying an incorrect password. Thus an encrypted email’s security is strictly based on the quality of the passphrase: 40 characters being a minimum for maximum security.
One common method of picking a passphrase is to use several short words together. An example would be: savorthissteaktoday. The problem is that a computer can try different dictionary words catenated together until it figures out the passphrase. That is why salt is added.
Salt is an extra set of characters added on to a passphrase that are not in a dictionary: such as U83324.
If you have an option to pick a passphrase, such as encrypted email or wifi setup, use it and make sure it is at least 40 characters.
Doug
