I think you all know the guidelines for a strong password. Must be at least 8 characters or more. Use a combination of upper and lower case letters, numbers, and special characters. Avoid using words found in the dictionary. So on... It should look like a series of random characters, not a sentence. Also, substituting look-alike characters for letters or numbers is no longer sufficient. In simple, the advice is to increase the length and complexity. A passphrase is a collection of common words combined together randomly into a phrase. Security experts advise using passphrases instead of passwords because they're far easier to remember than conventional passwords yet far harder for hackers to crack. Let's compare these two in an example. Password: Xy9n4h&w]Lo>FIbT2Vk[u3R/JmZS • Length: 28 - PASS • Complexity - PASS Upper Case Letters ✔ Lower Case Letters ✔ Numbers ✔ Special Characters ✔• Vulnerability to dictionary attack - PASS • Usability: Hard to Remember - FAIL Passphrase: correct horse battery staple • Length: 28 - PASS • Complexity - FAIL Upper Case Letters X Lower Case Letters ✔ Numbers X Special Characters X• Vulnerability to dictionary attack - FAIL • Usability: Easy to Remember - PASS The password has all the things a strong password should have. It's totally random. But one could hardly remember it. On the other hand, the passphrase is easy to remember. But it's full of words that can be found in a dictionary. So being easy to remember is the only reason to use a passphrase instead of a password. Should we compromise security for usability? I don't think so. And as experts say, if passphrases are harder for hackers to crack, why isn't everyone using them? Why don't websites prompt us to use them instead of passwords? Password Vs. Passphrase. What's your opinion on this? Let's discuss.