Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure

How to create secure passphrases

Multi-factor authentication (MFA) is one of the most effective ways to protect your accounts from cybercriminals. However if MFA is not available, then you should consider using a strong password or passphrase to protect your account.

What is a passphrase?

A passphrase uses four or more random words as your password. For example, ‘crystal onion clay pretzel’ or 'red house sky train'. The longer the passphrase, the harder it is for adversaries to crack.

A unique, strong passphrase can better protect your account compared to a simple password.

To create a strong passphrase you should consider making it:

  • Long.
  • Unpredictable.
  • Unique.

If a website or service requires a complex password including symbols, capital letters, or numbers, then you can include these in your passphrase.

Use a password manager to create and manage passwords

If you have multiple accounts with different passwords or passphrases, a password manager can help control them for you. A password manager is an application or program that stores passwords or passphrases for all of your accounts. With a password manager, you only need to remember one master password.

You can also use a password manager to create secure, long and randomly generated passwords. The longer and more random, the better. Make sure to generate a different password for every account.

Our practical publications

Take a look at our guides below for more detailed advice on how you can create secure passphrases and use a password manager, to further protect your online accounts and personal information.

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it