Passwhat?

Passwords are a thing of the past. Passphrases are are the new thing. But what are passphrases?

A passphrase is a long password, typically 15 or more letters, which are just many words which make sense to you, in an arrangement which is memorable to you. There is no need to concoct short strings of gibberish, which are easy to forget, and may not even be that difficult for a computer to crack!

Through years of training via bad security practices, most of us have been trained to think up and use the worst kind of passwords : difficult to remember, easy to crack.

XKCD Password Strength

Requirements of a Good Passphrase

For a good passphrase, the primary requirement is length. Choose any 4 words which are super memorable to you, and simply write them down one after the other. For a little extra entropy, you can replace some letters with special characters or numbers.

You also want a different passphrase for every login. So, its a good idea to make up a fifth word, based on the use of the particular login, and throw it into the mix. You should avoid putting this word whole in the same place across passphrases, as it makes your other phrases easier to guess in case one of your phrases are somehow leaked in plaintext.

An example

Lets quickly pick 4 words out of a hat. My super random phrase generating hat gave me :

crafty alive ganges dolphin

Lets capitalize some characters, and replace some others with numbers or special characters.

CraFTy Al1v3 Ganges Dolph1n

Now, suppose you are preparing a phrase for this very site. So, the site specific addition to this passphrase could then look like

CraFTy Best Aliv3 Blog Ganges Dolph1n

So, finally, your super memorable, secure, and unique password generated by our simple method is

CraFTyBestAliv3BlogGangesDolph1n

Using the Use A Passphrase website, the estimated cracking effort for this password is 4,583,634,813,469,887 centuries!

That’s a significant upgrade over the 45 milliseconds for hunter2, or 3 centuries for a random 8 character string K6tqFwgK !