A passphrase is a bunch of words and characters that you type in to your computer to let it know for sure that the person typing is you. You use a passpharase when you want the computer to do something special, like encode or decode a secret message. The origin of the term is by analogy with "password".

Phil Zimmermann's popular encryption program PGP, for example, requires you to make up a passphrase that you enter whenever you sign or decrypt messages. So does the newer open-source version, GPG. An Internet service called HushMail provides free encrypted e-mail service, but its security depends almost entirely on the quality of the passphrase you choose. You should have your passphrase ready before creating your PGP or GPG key or opening a new Hushmail account.

Passphrases differ from passwords only in length. A password is usually short -- six to ten characters. Short passwords are OK for logging onto computer system that are programmed to detect a large number of incorrect guesses, but they are not safe for use with encryption systems. Passphrases are usually much longer -- 20 to 30 characters or more. Their greater length makes passphrases more secure. Modern passphrases were invented by Sigmund N. Porter in 1982.

Picking a good passphrase is one of the most important things you can do to preserve the privacy of your computer data and e-mail messages. A passphrase should be:

  • Known only to you
  • Long enough to be secure
  • Hard to guess -- even by someone who knows you well
  • Easy for you to remember and type accurately

One of the best ways to create a passphrase is to use dice to select words at random from a long list, a technique often referred to as diceware.