Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.132 Passphrases with minimum 4 words

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining passphrases with at least 4 words to improve credentials security.


Passphrases must be at least 4 words long.


The following security requirement addresses the importance of establishing passphrases with at least four (4) words of length. Understanding the latter, as a sequence of words [1] whose length is higher but more secure than other types of passwords.


  1. Passphrase - Wikipedia.

  2. OWASP-ASVS v3.1-2.7 Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.

  3. OWASP-ASVS v3.1-2.27 Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.

Service status - Terms of Use