You are here:

Use a strong passphrase

What to do

Instead of a password made up of a string of random letters, numbers and symbols, create a passphrase made up of four or more random words.

How to do it

Your passphrase should be:

Long – use at least 15 characters in total. The longer your passphrase, the harder it is for people to guess or for computers to crack.
Unpredictable – create a mix of random words. A properly formatted sentence may be long, but it can be predictable. Longer, uncommon words with two or more syllables are best to use.
Unique – use a different passphrase for every account. If cyber criminals are able to crack the password or passphrase on one of your accounts, they will try it on every other account they can find.

Why it matters

A strong passphrase is your first line of defence against scammers and criminals.

Passphrases are more memorable and far more secure than passwords. As an example, passwords like “GenIusc0de123!” are, in fact, easier to crack and more difficult to remember.

Longer, uncommon words with two or more syllables are best to use. So instead of using a very common one syllable word with only a few letters (like ‘cat’), choose a word with many letters and multiple syllables (like ‘magician’).
For example:
- ‘glowering armour permanently jackets’
- ‘umbrella spherical thunder lightbulb’
- ‘magazine bottle alligators escalator’
Service Victoria has a password strength tester tool to check how unique and strong your passphrase is. You can also use their passphrase generator tool to help you create a strong passphrase.
Read more on cyber.gov.au:

Cyber Security at Monash University

Cyber Security at Monash University

Use a strong passphrase

What to do

How to do it

Why it matters