Reviewed 2026-07-15
Passphrases: when they help
A random phrase of independent words can be easier to type and remember than a short complex string.
Pause before acting. Do not use links, phone numbers, or apps provided by a suspicious sender.
What to check first
Use the points below as a decision checklist, not as a guarantee. Criminal campaigns change quickly and may use correct names, logos, and details taken from earlier breaches.
- words must be random
- avoid quotes and personal details
- use a unique phrase for one service
- do not treat it as a substitute for MFA
A safer sequence of actions
- Stop the current interaction. Do not click again, reply, pay, or install software.
- Open the official service independently by typing a known address or using an installed app.
- If credentials, payment data, or device access were exposed, start the incident plan immediately.
- Preserve evidence and use the official reporting channel in your country.
Reserved advertising area — never placed beside emergency controls or results.
What this guide cannot determine
No checklist can prove that a message, website, caller, or device is safe. When money, identity, or account access is at risk, verify through an independent official channel and seek qualified help when needed.
Sources and review date
- CERT Polska — Raport roczny 2025 — 2026-07-15
- CERT Polska — zgłaszanie podejrzanych SMS 8080 — 2026-07-15
- CISA — Recognize and Report Phishing — 2026-07-15
- NIST — How Do I Create a Good Password? — 2026-07-15