Passphrases are the more secure version of passwords 

Passphrases are made up of four or more random words making them longer than a traditional password. This makes them harder to guess but easy to remember.  

Changing your passwords to a passphrase is a great way to improve your cyber security.  

Before you try out passphrases, have you set up MFA?

Multi-factor authentication (a combination of something you know, something you have or something you are) is an effective way to protect your accounts against unauthorised access. However, where multi-factor authentication is not available, a strong passphrase is your best defence. 

Using passphrases

Learn about passphrases and why they're more secure than passwords. You can store them in a password manager but don't reuse them.

Case study: The importance of using secure passphrases 

Paula worked in sales at an online retail outlet and was admin for several accounts. She used the same password, “Admin1”, so she wouldn't have to remember different ones. She thought this was safe since it had upper and lowercase letters and a number, but it wasn't. 

One day, the company's IT department told Paula that someone had hacked their database and stolen customer data. It turns out Paula's password was the one the hacker used.  

The company had to shut down their store for a week to fix the issue. This cost the company thousands in lost sales and customers. It also cost Paula the promotion she was hoping for. 

Paula learned a valuable lesson about how easy it was for hackers to guess passwords. Things like “123456”, “qwerty” and “password” are some of the most common in use.  

This case show's why it's important to use passphrases instead of passwords. It also shows the risk of using weak passwords. Paula's account would have been much more secure if she used a passphrase instead. A passphrase is a strong type of password that has four or more random words like “crystal onion clay pretzel”. Passphrases are easy for you to remember and hard for cybercriminals to crack. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is here to help all Australians affected by cyber incidents. Call our hotline 24/7 on 1300 CYBER1 (1300 292 371) if you need help or go to ReportCyber

When you choose your passphrase, make it: 


The longer your passphrase, the better 

Aim for at least 14 characters long. Four or more random words that you will remember is great. For example: 'purple duck potato boat'.


The less predictable your passphrase, the better  

A good passphrase is made up of four or more random words. Sentences don't make great passphrases as they can be easier to guess. For example, it is predictable to have spaces between words, a capital letter at the beginning and punctuation at the end. Using a mix of random words is far more unpredictable and makes stronger passphrases. 


Don’t recycle your passphrases 

Use different passphrases for different accounts. Your Facebook password should be different to your email password and so on. 

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it