The Advantages of Passphrases

Introduction

Using a passphrase consisting of several words, known as a seed phrase, offers significant advantages in terms of safety and usability compared to randomly generated strings. This approach, commonly used in crypto wallets and based on standards like BIP39, enhances security while maintaining user-friendliness.

Advantages of Passphrases

1. Ease of Memorization
   A passphrase made up of words is easier to remember than a random string of characters. Users can better recall meaningful phrases, reducing the risk of losing or forgetting their seed phrase.
2. Reduced Risk of Human Error
   Passphrases with words decrease the likelihood of mistakes while copying or typing, minimizing the chance of losing access to accounts or funds. The visual recognition and verification of each word contribute to a lower risk of error.
3. Resistance to Brute-Force Attacks
   Passphrases composed of multiple words, particularly when chosen from a diverse wordlist, provide strong resistance against brute-force attacks. The larger number of possible combinations makes it computationally expensive and time-consuming for attackers to guess the correct phrase.
4. Better User Adoption and Usability
   Using a passphrase consisting of words promotes broader user adoption and improves the usability of crypto wallets. Random strings can be daunting, especially for non-technical users. By utilizing familiar and intuitive passphrase formats, crypto wallets can reach a wider audience.

Optimal Length for Seed Phrases

According to the BIP39 specification, a secure seed phrase typically consists of 12 to 24 words, with 12 words being the most common and widely supported option. This range strikes a balance between usability and security.

• A 12-word passphrase provides a high level of security, with an incredibly large number of possible combinations (approximately 5.4445179e+39).
• A 24-word passphrase significantly increases security, offering an even larger number of combinations (approximately 1.0768288e+77).

Comparing Shorter Passphrases

While using a four-word passphrase for app and website passwords may be reasonable, it's important to consider specific context and requirements. Factors to consider include password strength, password policies of the applications, sensitive information involved, and the value of the account. Longer, more complex passwords are generally advisable for higher security.

Brute-Force Attack Time

The time required to perform a brute-force attack on different lengths of passphrases can vary significantly. While it depends on various factors such as computational power and attack strategy, it's useful to understand the scale of the numbers involved:

• A two-word passphrase (approximately 4,194,304 combinations) could be cracked in a matter of minutes to hours, depending on the attack speed.
• A three-word passphrase (approximately 8,589,934,592 combinations) would take significantly longer, potentially weeks or months to crack.
• A four-word passphrase (approximately 17,592,186,044,416 combinations) would require a considerable amount of time, ranging from months to years.
• A five-word passphrase (approximately 36,028,797,018,963,968 combinations) would take an extremely long time, potentially spanning centuries or more.

Contextual Comparisons

To put these large numbers into context, here are some comparisons with real-life quantities:

• A two-word passphrase (approximately 4,194,304 combinations) is comparable to the approximate number of seconds in 48 days.
• A three-word passphrase (approximately 8,589,934,592 combinations) is roughly equivalent to the number of grains of sand in a small sandbox.
• A four-word passphrase (approximately 17,592,186,044,416 combinations) can be compared to the estimated number of stars in 13,000 Milky Way galaxies.
• A five-word passphrase (approximately 36,028,797,018,963,968 combinations) is roughly comparable to the number of liters of water in all the Earth's oceans.

Conclusion

Using a passphrase consisting of multiple words, such as a BIP39 seed phrase, provides a safer and more user-friendly approach to securing crypto wallets. It reduces the risk of human error, enhances memorization, offers strong resistance against brute-force attacks, and promotes better user adoption. Following the BIP39 standard, a seed phrase with 12 to 24 words strikes a balance between security and usability. Remember to consider additional security measures and best practices, such as two-factor authentication, to further enhance account safety.

Remember, while longer passphrases exponentially increase security, additional factors such as two-factor authentication and adherence to other security best practices also contribute to overall account safety.