It used to be that a super short, super cryptic password was the bee’s knees at keeping people out. Of course, these types of passwords kept us out, too, because we could never remember them!
Unfortunately (or fortunately, depending on how you look at it), this kind of short passwords aren’t much more than a speed bump these days.
Today, use a passphrase instead of using a password.
The difference is how it sounds. A password is generally just a word. Short and to the point.
A passphrase is a phrase made up of multiple words chosen at random, with spaces or other special characters or punctuation you like.
But, a passphrase includes words! I thought that wasn’t allowed?
Ok, I am going to confuse you for a second here. Words still aren’t cool in a password.
When it comes to a passphrase, however, things are a little different. Because you need to string together many words to make a passphrase (and these words are random), the overall length becomes so long the length offsets the problem of using words.
Ok, so how do you build a passphrase?
At its base, a passphrase is at least six randomly chosen words with spaces or other special characters in between.
How you choose those words is up to you; however, they must be random.
One method to choose these words we recommend is called Diceware, a technique developed by Arnold G. Reinhold.
It creates secure passwords that are easy to remember but extremely difficult for hackers to crack. (If you’d like more information on how to use the Diceware method, you can find more information on this page.)
Why six words?
We start with a minimum of six words because this number of words usually results in a passphrase of 17-20 characters or more. In 2019, at 17-20 characters, the passphrase took a significant amount of computing power to crack.
No matter which method you use to choose your random words, it is possible to develop a 6-word passphrase that’s less than 17-20 characters. If this does happen to you, then it’s best to start over until you create something with 17-20 characters or more.
Of course, if you want to use more than six words, you are free to do so! More words would mean an even stronger passphrase.
A few things to keep in mind
If you don’t use the recommended number of words in your passphrase, or the total number of characters is less than 17-20, then the length is too short. When this happens, the problem of using words becomes a real problem.
It’s essential to keep things random. If you use phrases or words that go together, your passphrase becomes much more guessable because phrases are predictable.
Wrapping it up
How do you create your passwords? Your action item here is to evaluate how you could generate stronger passwords.
Try creating some passphrases and see if these will work for you. If you’re worried about remembering your passphrases, don’t be. Next, we will have a tip for you on how to remember your passphrases!