Skip to end of metadata
Go to start of metadata
How to make a strong, secure, and memorable passphrase

Why Passphrases?

It turns out that much of what you have learned about how to create a strong secure password is no longer the best advice. The web comic XKCD covers it best in this comic.

 

Basically, the length of a password beats randomness for both security and the ability to remember it. Current advice based on existing and future computing power is to use at least five random words in your passphrase.1

How to create a passphrase

  1. Let your password manager do it
  2. Employ Diceware Passwords
    1. Diceware passwords are a method of generating a password by using a very large list of potential words and using a 6 sided die to randomly determine which words to use in your passphrase. 
    2. Reference:The Diceware Passphrase Home Page
    3. Reference:The Intercept - Passphrases That You Can Memorize
  3. Online tools
    1. Use a Passphrase
      1. This website will generate random passphrases of four, five, and twelve words in length
      2. Keep generating until you find one you like
    2. There are several websites that will ask you to enter your passphrase to check its strength, you should be very careful about using websites like this as it may log the passphrases and you cannot control what they do with the information once it has been entered it into their website.

Using Passphrases at Geneseo

At first glance using a passphrase seems incompatible with our Password Controls for Geneseo Accounts however with just a few slight modifications you can use them for our services. Some options include capitalizing the a letter and adding a special character, or adding a number doing just two of those options does not hurt memorability and adds just a little bit more security while making it be accepted by our Password Controls for Geneseo Accounts.

Passphrases and password managers

If you use a password manager it is not necessary to make all your passwords passphrases, in fact on some sites in may be impossible due to them limiting the length of your password or not allowing dictionary words. But if you have one very good passphrase you use to access your password manager then you can use random strings of characters for all your passwords you do not need to remember, and only use passphrases when you need strong memorable passwords.


1. https://protonmail.com/blog/protonmail-com-blog-password-vs-passphrase/

Related articles

More Help

For questions, contact the CIT HelpDesk by calling (585) 245-5588, or visiting our online service desk.