Passphrases That You Can Memorize — But That Even the NSA Can’t Guess is a good article over at The Intercept that presents a practical and effective guide to making up pass phrases that you can remember but that would take even those armed with supercomputers over 1,000 years to crack.
The article presents a simple and easy to use system for creating pass phrases that involves some dice and the Diceware™ Word List. It might actually turn out to be fun. Well, maybe not fun for a lot of people, but at least not painful.
While the Diceware system is probably the best available, here’s a little app to get the temporarily diceless among us started:
If you set Words to 2 and check Upper case, the results are excellent candidates for codenames for operational missions, for example, “LAMENTED BIGMOUTH”, “CHROMIC TATTOO”, “DRIZZLE INNUENDO”, and “DRIBBLE HUMILITY”.
Here’s another for checking the strength of your pass phrases:
Personally, I never worried about NSA agents reading my mail or even them having access to my financial accounts. What I worry about is my data walking out of one of their secure facilities and being put on the open market, or being exposed to attack by 3rd parties via one of the many vulnerabilities they’ve created to gain access to everyone’s data.
So using strong passwords, correction, pass phrases, are now an essential part of life for me. Using a password manager like the free and open source Password Safe can make it easier to do, but the advice given in the cited article is actually some of the best I’ve seen. I encourage everyone who reads this to sit down and make a study of it (even to the point of watching the Khan Academy video it links). The dangers that mass surveillance presents to law abiding citizens is real, but they can be addressed with some minimal effort.
Note: There’s an extensive discussion of the assumptions behind the calculations in the XKCD comic here.