Passwords are an authentication method composed of a string of characters, determining whether or not a system should allow access to a requested resource. They are widely used in almost all types of software to keep data under their control safe from unauthenticated users or processes.
Passphrases are a way of constructing passwords in which a sequence of words takes the place of a mix of a meaningless mix of characters. However if normally formed sentences are chosen, this reduces the entropy of the passphrase, and therefore makes it easier to break.
The brute-force method of breaking a password involves trying all possible combination of characters to try to guess the correct one. However, this also means that in order to have a password that is difficult for a brute force method to break, it needs to take the method a long time to work. With computer power increasing over time, this has meant that by making passwords longer and using more character sets (such as upper and lower case characters, numbers and symbols) it becomes much more difficult for a brute-force attack to work. Other attack techniques involves using dictionary attacks, or combining other types of attacks or concentrating on variations of popular (and usually bad) passwords.
Some methods for coming up with good passwords are the Schneier method, and the Diceware method. Password managers also provide a useful way to manage passwords, but password managers themselves have been shown to have vulnerabilities (like all type of software).
Last updated: 2 September 2017