Memorable pass phrases that can’t be guessed

Passphrases That You Can Memorize — But That Even the NSA Can’t Guess is a good article over at The Intercept that presents a practical and effective guide to making up pass phrases that you can remember but that would take even those armed with supercomputers over 1,000 years to crack.

The article presents a simple and easy to use system for creating pass phrases that involves some dice and the Diceware™ Word List. It might actually turn out to be fun. Well, maybe not fun for a lot of people, but at least not painful.

While the Diceware system is probably the best available, here’s a little app to get the temporarily diceless among us started:

Pass Phrase Generator

If you set Words to 2 and check Upper case, the results are excellent candidates for codenames for operational missions, for example, “LAMENTED BIGMOUTH”, “CHROMIC TATTOO”, “DRIZZLE INNUENDO”, and “DRIBBLE HUMILITY”.

Here’s another for checking the strength of your pass phrases:

Password Strength Tester

(Secure Password Check from Kaspersky Labs is another credible test app)

Finally, inspired by the famous XKCD comic strip on strong passwords:

XKPassword – Secure Memorable Passwords

Personally, I never worried about NSA agents reading my mail or even them having access to my financial accounts. What I worry about is my data walking out of one of their secure facilities and being put on the open market, or being exposed to attack by 3rd parties via one of the many vulnerabilities they’ve created to gain access to everyone’s data.

So using strong passwords, correction, pass phrases, are now an essential part of life for me. Using a password manager like the free and open source Password Safe can make it easier to do, but the advice given in the cited article is actually some of the best I’ve seen. I encourage everyone who reads this to sit down and make a study of it (even to the point of watching the Khan Academy video it links). The dangers that mass surveillance presents to law abiding citizens is real, but they can be addressed with some minimal effort.

Note: There’s an extensive discussion of the assumptions behind the calculations in the XKCD comic here.

This entry was posted in Identity Management, Security, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).