Insights: Article

How to choose the best passphrases and password managers

Is your organisation cyber safe?

Contact our cyber security experts for a confidential discussion.

Passwords are the keys to our online lives. From emails and banking to social media accounts and work platforms, we rely on passwords to protect our sensitive information. You stand to lose a lot if a cyber criminal gains access to your password and your accounts.  At best, you might lose your savings, at worst, you could end up having your identity stolen and your personal information sold or used for fraudulent activities. In our latest insight, Security Analyst Alex Versace shares why it’s essential to use passphrases and password managers – and how to choose the right ones for you.

Why you need strong password security

As our reliance on online accounts grows, so do password-hacking attacks. A 2022 Microsoft report found that password cracking remains a key target for cyber attackers, with nearly 1,000 attempts to hack account passwords occurring every second. These types of attacks include brute force attacks where criminals crack simple passwords and phishing attacks where criminals trick people into giving out their credentials.

The report also found that 90% of breached accounts weren’t strongly protected as they only had one layer of protection (for example, a password), rather than having another stronger layer of two-factor or multi-factor authentication (MFA) (learn more about the most secure multi-factor authentication methods).

The other major issue is the sheer number and complexity of passwords we require. One of the biggest points of contention for any individual or business is the need for strong passwords and the chore of having to update passwords on a regular basis. While there is good reason for constant password refreshment, it’s still a pain point for most people. To get a sense for just how critical it is to use strong passwords, we’ve shared a table of how quickly a low-end computer can crack passwords of different complexities. While it may seem like you’ll never remember an 18-character password, this is where using passphrases and a password manager come to the rescue.

table showing how long it takes for a computer to crack passwords and passphrases

Key recommendation

The current recommendations from top cyber security institutes such as the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD), are to replace passwords with passphrases and use password managers to help manage your accounts. They offer a range of benefits that simplify and enhance your digital security which I’ll discuss below.

RELATED CONTENT: Guide to the Essential Eight cyber security framework

What is the difference between passwords and passphrases?

A passphrase is a long string of text that can make up a phrase or sentence. For example, ‘password123’ is considered a password while ‘my password is 123’ would be considered a passphrase. They might look very similar, but passphrases are significantly more secure and harder to crack. You can see in the image above how much longer a passphrase would take to crack. Some differences between the two are:

Length and complexity

  • Password: Typically, shorter, and less complex.
  • Passphrase: Longer and more complex.


  • Password: More challenging to remember especially if more complex and requires frequent changing.
  • Passphrase: Easier to remember as they can be based on common words and phrases.


  • Password: Can be less secure especially if the complexity is lacking due to having to remember long password.
  • Passphrase: Generally, more secure due to length and complexity making it more resistant to common password cracking methods.

RELATED CONTENT: Cyber hygiene: 4 easy tips to keep your data safe

Why you need to use a password manager

A password manager is a tool that generates and securely stores strong, unique passwords or passphrases for each of your accounts, making it exceedingly difficult for hackers to gain access. Unlike humans, password managers can create complex combinations of letters, numbers, and special characters, reducing the risk of falling victim to common password attacks, such as brute force or dictionary attacks. This means you will only be required to remember one password – the one for your password manager.

This provides stronger security as having a different complex password for each account will help protect all your accounts in the event one becomes compromised. Password managers also provide stronger authentication by using MFA to add an extra layer of security to your online accounts. They can streamline the MFA process by storing and auto filling authentication codes generated by apps (such as Microsoft authenticator) which makes it easier to implement MFA across accounts.

Password managers also encrypt your stored login credentials, adding an extra layer of security to your data. This encryption ensures that even if your password manager’s servers were compromised, your passwords would remain unreadable to unauthorised individuals. The encryption algorithms used are typically of a high standard, making it extremely difficult for attackers to decrypt your data. They often come equipped with password auditing features, analysing your existing passwords and highlighting weak or duplicate ones, prompting you to update them for better security. This proactive approach helps you stay ahead of potential security risks and ensures that your accounts are fortified with robust passwords.

RELATED CONTENT: Common cyber security mistakes and 3 simple ways to fix them

Key recommendation

My personal preference of password manager is Bitwarden as it’s open source but also offers state of the art end-to-end encryption to protect your data. There are many password managers out there to suit your needs and you can check out the ACSC Password Manager information page for more recommendations.

In a world where online security threats are on the rise, using passphrases and a password manager is no longer optional but a necessity. These invaluable tools offer enhanced security, simplified password management, and a range of features that make protecting your digital identity easier than ever. By implementing passphrases and a password manager, you not only increase your online security but also save time and reduce the stress associated with managing numerous passwords.

RELATED CONTENT: 4 tips for safe online shopping this holiday season

Get more cyber security tips or speak to one of our PROTECT+ security experts for tailored advice.

Is your organisation cyber safe?

Contact our cyber security experts for a confidential discussion.

ISG Provider Lens™ ServiceNow Ecosystem Partners 2024 Report.

We respect your privacy and will never share your information. Privacy Policy