How to create a strong, memorable master password

by -136 views

You’ve got a password manager, so you don’t need to remember most of your ain passwords any more. But the ones you do memorise are all the more important. Information technology needs to exist easy to recollect, simply still random, with no personal links to you that could be discovered through a flake of shady inquiry. Hither’s how to create a good one using the Diceware generation system.

Kaspersky Password Manager

Your digital activities fabricated simple

Keep your passwords and documents in a secure private vault – and access them with ane click from all your devices.

  • Kaspersky
  • Yearly renewal
  • £10.49 per year

Purchase at present

Y’all volition need

A Diceware generator
(Or ane 6-sided dice and a Diceware discussion list)

The Brusque Version

  1. Open up a Diceware generator
  2. Select your passphrase length and scroll the virtual dice
  3. Check out your results
  4. Set your passphrase
  1. Step


    Open a Diceware generator

    We’re going to use the Diceware arrangement, which generates random passphrases by rolling six-sided dice confronting a word list. You tin can practise this with real dice and a downloadable word list, merely nosotros’re going to use Douglas Muth’s in-browser version. To starting time, go to a phishing email in the UK

  2. Stride


    Select your passphrase length and curlicue the virtual dice

    You can choose to coil die for anywhere from two to viii words. Six is the default option hither – four or five are a little easier to remember and still provide solid security, simply I wouldn’t become below that unless you’re working to a character limit. Click the Whorl Dice! button and scout the animation.Diceware rolls in-browser

  3. Pace


    Check out your results

    A couple of seconds later, you’ll be presented with your works, a Pascal case single-give-and-take version without spaces, but with capitalised initial messages, and a reassuringly large number of potential passwords that could have been obtained via the same method.Diceware results

  4. Stride


    Set your passphrase

    Copy your passphrase over to where you need information technology. I suggest cutting and pasting information technology into the master entry box, then manually typing it into the confirmation box. This helps you lot make sure that the phrase is easy to type earlier you set information technology. I prefer to retain the spaces between words, in line with the original Diceware FAQ’s recommendations.Changing the master password in KeeWeb

Kaspersky Password Managing director

Your digital activities made unproblematic

Go along your passwords and documents in a secure private vault – and access them with ane click from all your devices.

  • Kaspersky
  • Yearly renewal
  • £x.49 per year

Buy now


Should I use this technique for everything?

No. For most online, mobile and desktop passwords, you should use a password manager to quickly generate and enter long, genuinely random strings of numbers, letters and special characters (mine are usually fourteen – 22 characters).

Where should I utilise a memorable countersign?

This will obviously include your password director’s master password. But y’all should also fix a memorable countersign for anything you need to type regularly. This might include the password to your PC and whatever encrypted disks you might employ. You should also call back nigh passwords used on any platforms that don’t back up your password director – for instance, if you’ve set all Nintendo eShop purchases on your Switch to crave a password, you’ll desire to make sure it’southward memorable and piece of cake to type with a controller.

What does a strong password look like?

A strong, modernistic countersign isn’t a give-and-take at all: it’southward a passphrase, a string of words, with or without spaces, somewhere between 25 and sixty characters in length. That might sound daunting, just a five-word phrase – even a nonsense 1 – is a lot easier to remember than a 12-character string of random numbers, messages and special characters. Memorability is important when coming up with master passwords, as they’re often zero-knowledge, meaning there’s no way of recovering the information they secured if you forget them.

The archetypal example is “correct horse battery staple” from the xkcd webcomic Password Strength, which does a good chore of explaining entropy and encourages the use of a Diceware style system. What makes your password potent is its entropy – how unpredictable information technology is. The more than characters in a password, the higher its entropy… but only if those characters are actually in an unpredictable sequence.

What does a vulnerable password await like?

“Password” and “12345678” are both terrible, but “Shall I compare thee to a summer’s day?” and “This destruction left your cities to be burnt” wait strong, but aren’t great either, as these quotations are vulnerable to probabilistic cracking, a hybrid lexicon set on that uses popular phrases to work out which words are probable to appear in sequence. For more passwords to avoid, check our any “most used passwords of the year” list.

Should I use special characters and numbers in my memorable passphrase?

Non if you lot can avert information technology. Although numbers and special characters can increment entropy by making your countersign less anticipated (unless you merely substitute the number one for all the ‘i’s and call it a day), randomly generated passphrases are already then high entropy that it’southward not worth making them harder to type and remember by calculation unnecessary characters. All the same, many services still force you to apply these – tack them onto the beginning or end if you demand to.

Should I regularly change my passphrase?

If y’all’re using genuinely unique, random passwords for everything, then no. Although mandatory password changes are however popular in enterprise, these have been shown to encourage bad security practices such every bit reusing passwords and the guidelines that recommended them have been superseded. Change your countersign if the service they unlock gets breached, if y’all encounter suspicious activity on your account, or if you lot accept reason to believe that someone else has had access to them.

Whatsoever tips for memorising my passphrase?

Although using popular song lyrics is a bad idea for creating a secure password, fitting a random phrase to music to memorise it is incredibly helpful. I oft force my generated passphrases into the tune of a traditional or a cartoon theme song (Teenage Mutant Ninja Turtles, if you lot must know), following its syllable count without reproducing its lyrics.

More conventionally, repeatedly typing the phrase will both help you remember it – this is a adept reason to have your password manager log y’all out regularly, in addition to the security benefits of doing so.

Finally, yous always have the option of keeping a difficult copy somewhere prophylactic – almost threat vectors are from online strangers, rather than people with concrete admission to your home. While security proficient Bruce Schneier famously advocated storing these in your wallet, I prefer using a secure, curtained location, which is also part of my “in case of death or injury” plan.


Posted by: