Using Passphrases

In my last post I talked about making a password system to create strong and unique passwords. Now I would like to talk about the new(ish) kid on the block, a passphrase. It’s kind of what it sounds like, which is a password with lots of words. Some people would consider using words in a passphrase to be insecure but the thing is, the more characters you use in a passphrase the less complicated it can be. I won’t show you the math but trust me, you can survive just using letters. However, like passwords, if you use common attributes then a bad guy can still crack your passphrase. So yes if you want to be super over secure and don’t use words in a passphrase it would look something this:

ah78&a$w2om0!3dL@*E45!@

Yeah, I know I hate looking at it too. This is a good example of the age old question “Can you have to much security?” The answer is yes, yes you can. Just enough security is enough. So although this beast of a passphrase will probably never be cracked with the current technology we have but it defeats one of the most important aspects of an effective password/passphrase which is it must be easily memorable. It’s counterproductive to have to write something down that you are supposed to keep secure. So how do we fix this?

How To Make A Good Passphrase

Here are my tips:

1.) A passphrase must be a minimum of 24 characters

2.) Have at lease one capital letter, preferably more 

3.) Don’t use famous quotes, songs, bible versus, poem’s, etc.

4.) Don’t repeat letters or numbers i.e. 1111122222233333444445555555

5.) Make it unique or non-sensical 

Trust me, this is a lot easier than you think and I know, using a quote or song would be easier but bad guys know this so they are already starting to put together passphrase dictionaries (huge lists of common passphrase they use). So let’s make a compromise here and make a good passphrase system.

Keep Your Movie Quote!

You heard me and I know that it goes against rule number three but as long as we follow rule number five rule three doesn’t apply. Here is what I mean. For your passphrase lets say you pick a movie quote and its the one thing that does not change in your passphrase. Why? Well because we know you need to have a unique logon for every website or system you access that’s why. So pick your quote, I’m going with The Terminator:

“Come with me if you want to live.”

Which turns into this:

comewithmeifyouwanttolive

So far we knocked out rule number one and four. Now lets work on number five because that will take care of number three. This is where your password system comes in place. Again, you don’t have to use mine, be creative and use my example as a template. So to make this unique for each application you logon to lets change one of these words with something that reminds you of the website you are visiting. Lets pick:

Netflix = movies

movieswithmeifyouwanttolivE

Boom! Theres your dang passphrase right there and as you can see I capitalized the last letter to take care of the last requirement. Now we have met all of the criteria since it is no longer the original quote. So using this method you can do this with any website you use, just make sure you pick something easy to remember. Amazon = trees or Bank = dollar

treeswithmeifyouwanttolivE

dollarwithmeifyouwanttolivE

Word of advice though, most websites will probably prevent you from using the name of the company in your passphrase which is why I suggest to use a word that reminds you of the company. 

One More Technique You Can Use

Another way to make a passphrase system is to turn a word into an acronym. Again, associate a word with the website you are logging onto. So for your bank lets choose bank.

Banking logon : bank

Now make a sentence out of it:

Buyingangrynakedkangaroos

Electric/Heating Bill : Gas

Gettingabsolutelysloshed

See what I did there? I made a sentence using each letter of your original word. Easy right? Give it try, it gets fun after awhile.