Phil Zimmermann's popular encryption program PGP, for example, requires you to make up a passphrase that you enter whenever you sign or decrypt messages. So does the newer open-source version, GPG. An Internet service called HushMail provides free encrypted e-mail service, but its security depends almost entirely on the quality of the passphrase you choose. You should have your passphrase ready before creating your PGP or GPG key or opening a new Hushmail account.
Passphrases differ from passwords only in length. A password is usually short -- six to ten characters. Short passwords are OK for logging onto computer system that are programmed to detect a large number of incorrect guesses, but they are not safe for use with encryption systems. Passphrases are usually much longer -- 20 to 30 characters or more. Their greater length makes passphrases more secure. Modern passphrases were invented by Sigmund N. Porter in 1982.
Picking a good passphrase is one of the most important things you can do to preserve the privacy of your computer data and e-mail messages. A passphrase should be: