Edward Snowden Explains Why You Should Use Passphrases, Not Passwords

We’ve talked a lot about password security, and how you should be using longer, complex passphrases, rather than short passwords. In this video, Edward Snowden explains why you should use passphrases in a way all your friends and family can understand.

It can’t be overstated how important it is to use strong passwords, given that we still haven’t figured this mess out. And, until we do, PSAs like this one stay important. And it could hardly come from a more relevant source. Edward Snowden famously leaked key details about the NSA’s mass surveillance, so he knows a thing or two about what makes a system secure or not.

The best password is one even you don’t know, which is why still recommend augmenting your security strategy with a password manager. However, for the passwords you do have to remember, long passphrases — that aren’t common, well-known phrases that are likely to be in a dictionary — are the way to go.

Last Week Tonight with John Oliver: Edward Snowden on Passwords [YouTube]


  • Fantastic advice technically, if only many popular websites and apps didn’t enforce rather short maximum password lengths and make it impossible to actually use.

  • I choose my passowords by grabbing the nearest book and randomly pointing out two words, then adding random number and capitals. Is that good enough?
    Of course I can’t tell you how many times I have sat there staring at my computer trying to remember what my password was.

    • Not really. Using random words doesn’t phase a computer as it searches for combinations of random words from a dictionary file as well as doing what’s called “brute force”, ie simply trying every possible combination (00, 01, 02, 03) etc. Snowden is correct in the idea that longer = better, but because computers are so fast now it needs to be quite long indeed, which lots of websites unfortunately don’t allow.

    • No, as dictionary attacks on passwords are commonplace (i.e. instead of trying random characters to brute force a password they use random combinations of words).

      Misspelling the words is a good idea, but be aware that simple substitutions (0 for o, 3 for e, etc) are also often used by attackers.

  • I’m surprised I don’t hear people recommending Acronym’s more: isidhpram

    Things like that are super easy to remember & super hard to guess, especially if you add your own falvour to it, i.e. capital’s, numbers, symbols etc…

Show more comments

Log in to comment on this story!