title: Memorable pass phrases that can't be guessed link: https://onemoretech.wordpress.com/2015/03/27/memorable-pass-phrases-that-cant-be-guessed/ author: phil2nc description: post_id: 9275 created: 2015/03/27 13:23:56 created_gmt: 2015/03/27 17:23:56 comment_status: closed post_name: memorable-pass-phrases-that-cant-be-guessed status: publish post_type: post

Memorable pass phrases that can't be guessed

Passphrases That You Can Memorize — But That Even the NSA Can’t Guess is a good article over at The Intercept that presents a practical and effective guide to making up pass phrases that you can remember but that would take even those armed with supercomputers over 1,000 years to crack. The article presents a simple and easy to use system for creating pass phrases that involves some dice and the Diceware™ Word List. It might actually turn out to be fun. Well, maybe not fun for a lot of people, but at least not painful.

While the Diceware system is probably the best available, here's a little app to get the temporarily diceless among us started:

Pass Phrase Generator

If you set Words to 2 and check Upper case, the results are excellent candidates for codenames for operational missions, for example, "LAMENTED BIGMOUTH", "CHROMIC TATTOO", "DRIZZLE INNUENDO", and "DRIBBLE HUMILITY".

After some experimentation I found that setting this particular generator to at least three words resulted in greater entropy than those with only two.

Here are some others for checking the strength of your pass phrases:

Password Strength Tester

Secure Password Check from Kaspersky Labs

(the test algorithm used seems to favor the use of special characters over string length and syntactical dissonance)

Finally, inspired by the famous XKCD comic strip on strong passwords:

XKPassword - Secure Memorable Passwords

Personally, I never worried about NSA agents reading my mail or even them having access to my financial accounts. What I worry about is my data walking out of one of their secure facilities and being put on the open market, or being exposed to attack by 3rd parties via one of the many vulnerabilities the NSA has created to gain access to everyone's data. So using strong passwords, correction, pass phrases, is now an essential part of life for me.

Using a password manager like the free and open source Password Safe can make this easier to do, but the advice given in the cited article is actually some of the best I've seen. I encourage everyone who reads this to sit down and make a study of it (even to the point of watching the Khan Academy video it links). The dangers that mass surveillance presents to law abiding citizens is real, but they can be addressed with some minimal effort.

Note: There's an extensive discussion of the assumptions behind the calculations in the XKCD comic here.

Copyright 2004-2019 Phil Lembo