A strong encryption passphrase protects your files.
But a strong passphrase isn’t just one that looks like a jumble of random symbols. It needs to be both secure and, ideally, memorable—especially if you don’t use a password manager.
Let’s explore two common situations:
If you don’t use a password manager:
Your passphrase needs to be:
Hard to guess
Easy to remember
One helpful approach is using a string of random words that creates a mental image. Think of the classic example:
correct horse battery staple
It’s long, unique, and much easier to recall than something like 8aD$39i@Lm.
If you do use a password manager:
Your passphrase doesn’t have to be memorable—it just needs to be strong.
Password managers can generate complex passphrases for you and store them safely, so you don’t have to. We’ll talk more about password managers in the next section.
Regardless of your approach, your passphrase should be:
At least 12 characters (preferably more)
Not reused from another service
Not stored in plain text (e.g. a note on your desktop)
Next, we’ll cover how to secure your passphrase—and why a password manager might be worth considering.
Previous:
⬅️ Your passphrase and you
Next:
➡️ Securing your passphrase