Skip to main content

As of 1 October 2025, OpenCerts will be maintained by Infocomm Media Development Authority (IMDA).

OpenAttestation will no longer be maintained, and users are encouraged to transition to IMDA's TrustVC. For more details or enquiries, please visit https://trustvc.io.

Government Technology Agency of Singapore (GovTech Singapore)
  1. Home
  2. TechNews
  3. Why passphrases are much more secure than passwords
Cybersecurity and Scam Prevention

Why passphrases are much more secure than passwords

28 April 2023

National Password Day! Discover why longer beats complex in cybersecurity. Elevate your online security game with memorable passphrases!

Lock up your digital accounts and personal information securely with passphrases as alternatives

Maybe its time for us to rethink our password habits!

Did you know that the first Thursday of May is “National Password Day”? Well, we didn’t until we started writing this article! Passwords, alongside death and taxes, are one of those things that every one of us must contend with.

Chances are, you created a new password recently. Whether it’s for a new online shopping account, a new bubble tea shop membership, or a new work account, digitalisation means even more passwords to create and remember.

To get around this issue, consider using passphrases instead. What are they? Well, we’ll explain everything you need to know about passphrases, plus why they are superior to passwords.

So what’s this passphrase thing?

As its name suggests, a passphrase is a string of words that are easy for a human to remember but difficult for a computer to crack. Passphrases are longer and, therefore, contain more characters, making them harder for computers to guess through the sheer “brute force” of inputting thousands of guesses every second.

By stringing together random words that have no grammatical links to each other, it also makes the phrase that much harder to guess.

Length beats complexity

You might think that a complex password such as “W@5h1ngt0N!” might be more secure than a simple phrase such as “cheetah-scream-teleport-crocodile”, but you would be wrong.

According to cyber security experts at the US Federal Bureau of Investigation: “Simple passwords, even those with special characters, are easier for someone to crack. Password length is more important than complexity. Instead of using short, complex passwords, use passphrases that combine multiple words and are longer than 15 characters.”

Passphrases are easier to remember

A typical strong password looks like “P@ssw0rd123!”, with random special characters, numbers substituting letters, and capital letters. It’s tough to remember the unique combination. Many people end up writing them down on scraps of paper or on their phones, which can compromise security.

This also means that when forced by computer systems to change their password periodically, most people make perfunctory changes, say from “password1” to “password2”.

Passphrases, on the other hand, are random words. “Bird carrot portrait gigantic” makes a good one. Just visualise a bird that’s made out of carrots painting a portrait that’s gigantic in size. The sillier, the more out of the world, the easier it is to stick the visual memory in your brain.

And when the time comes to change a passphrase, simply let your imagination run wild and dream up another phrase.

Try coming up with a few of these for yourself. Just remember, it’s important the words make no sense together to anyone except you. “My little beautiful pony” is not a good passphrase.

More systems accept longer passcodes

In the past, many systems had a maximum of about 15 characters for the passcodes they accept, making it harder for users to deploy passphrases.

But that has changed over time as cyber security increasingly becomes a concern. Most major operating systems allow up to a whooping 127 characters!

Many systems nowadays also require you to include a combination of small and capital letters, numbers, and special characters. These are elements you can easily incorporate into the passphrase you have in mind.

TLDR tips for good passphrases

If you remember just one part of this article, make it this section.

1) The more words in your passphrase, the stronger your security.

2) Pick a bunch of words that are memorable to you but don’t make sense to anyone else. So, song lyrics and famous quotes are out. Inside jokes are good. For example, remember the time you were at Bedok Mall with your cousin eating meepok and he had a strand of noodles stuck to his face? “Bedok-cousin-meepok-face” is a good choice.

3) Use patterns to help you remember the different passphrases for different accounts, such as by adding certain letters from the website or service to parts of your passphrase.

4) If you must write down your passphrase somewhere, keep them in a locked safe or a password-protected document.

Keeping defences strong

One of the leading causes of cybersecurity breaches is a weak password. Yet, this is also among the easiest weaknesses to rectify.

With cyber attacks growing in Singapore and around the world, having a strong passphrase is more important than ever.

So, the next time you set up your new account, try out a passphrase instead!

Back to top