Creating a Pass Phrase

From William Paterson University - Information Technology's Wiki
Revision as of 16:21, 17 August 2017 by Speroj (talk | contribs)
Jump to navigation Jump to search

Creating a Password Pass Phrase

The purpose of this article is to help you create a secure password that is easy to remember and difficult to crack.

A pass phrase is basically just a sentence that you employ instead of a single pass "word." Besides being easier to remember, their increased length provides so many possible permutations a standard password-cracking program will not be effective. It is always a good thing to disguise that simplicity by throwing in elements of weirdness, nonsense, or randomness. Here, for example, are some pass phrase candidates:

pizzawithcrispycarrots

1starmangledspammer

MyRot10kids!

Punctuate and capitalize your phrase:

''PizzawithcrispyCarrots!

1StarMangledSpammer?

Toss in a few numbers or symbols from the top row of the keyboard, plus some deliberately misspelled words, maybe use a foreign language, and you'll create an almost unguessable key to your account:

Pizzaw/9crispyCarrots!

1Star*MangledSpammer

Cubs-1xevery108years

FailteGuAlba2008! (Gaelic – Welcome to Scotland 2008)

UnCafeCon7Azucar! (Spanish – One Coffee With 7 Sugars)

AphadoNin? (LOTR Elvish Follow Me?)

MeTransmitteSursumCaledoni! (Latin – Beam Me Up, Scotty!)

Qu0dEstVeritas? (Latin - What is truth?)


Pass phrase hints:

The key is to make the passphrase something you can easily remember, but difficult for someone else to guess. It may be a favorite line from an obscure book or movie, an inside joke punchline among family, or an event from childhood that almost no one remembers. If your pass phrase is based on a well-known slogan, expression, song lyric, or quotation, be sure to customize it with misspellings, bad grammar, invented words, deliberate typos, or oddly placed keyboard symbols. You can learn more ways to mix up words using the tactics outlined in the Creating better passwords section, below.

Your pass phrase should never contain information that would identify you personally, such as Social Security numbers, telephone numbers, credit card numbers, birth dates, or your username. Instead, rely on a phrase that has enough meaning to you that you'll remember it easily--then mix it up a little. Try to avoid phrases composed of common, smaller words. For example, "My dog has long toes," though long enough to be a decent pass phrase, contains so many small words that a password cracking program might have a better chance of deciphering it. However, "Wildwood is crowded in August!" or "Sandy Hook’s parking is full!" are both acceptable, and easy to remember.

Note: Do not adopt any of the sample pass phrases shown above as your own pass phrase. They are, for obvious reasons, no longer secure choices for pass phrases.


Better, Stronger, Longer & Easier

• Longer passwords are better passwords. The more characters a password cracking program has to crunch, the harder it is to guess.

• Remove all the vowels from a short phrase in order to create a "word." Example: Ntrpyrls("Entropyrules")

• Use an acronym: choose the first or second letter of your favorite quotation. Example: Tanstaafl! ("There ain’t no such thing as a free lunch!")

• Mix letters and non-letters in your passwords. (Non-letters include numbers and all punctuation characters on the keyboard.)

• Transform a phrase by using numbers or punctuation. Examples: Idh82go (I'd hate to go), UR1drful (you are wonderful).

• Avoid choosing a password that spells a word. But, if you must, then:

• Introduce "silent" characters into the word. Example: An5cho9vyPizza!

• Deliberately misspell the word or phrase. Example: StuporBowl2016

• Choose a word that is not composed of smaller words . • Add random capitalization to your passwords. Capitalize any but the first letter.

• A random mix of alphabetical, numeric and symbolic characters.

Example: Crunchy11Cream15CarrotSoup!, WDnot%wut*u#thought?

• Long word and number combinations. For example, take some words, and put numbers between them: Lions8Eagles Jets14Cowboys4

• An acronym for your favorite saying, or a song you like. Example: Iitywybml? (If I tell you will you buy me lunch?)

• An easily pronounced nonsense word with some non-letters inside. Example: Bash1ngt0nWridge? or AL1amag0osa!

• Change your password at least once a year. Better yet, change your password every few months to shrink your exposure window.

• Combine a place and time that you will visit. For example, PrinceEdwardIsland110816

• A place and event that you can remember easily; PoloGrounds100351!

• Bad Puns: It’sjust2Gouda2bTrew, ShamPain4ReelFriendz, RealPain4ShamFriendz!

• Note: Do not adopt any of the sample passwords shown above) as your own password. They are, for obvious reasons, no longer secure choices for pass phrases.

Additional Secure Strategies

The strategies below may help you in picking a password that passes security checks and is still easy to keep track of.

1. Use a full, non-trivial sentence

A sentence that is relevant to you, long enough to not be common or simple, and is not a famous quote from a book or movie will usually work. Examples: “None shall err at the gates of the sixth palace” “All Stars Lead to TrantorPlease don’t use these examples.

2. Use a truly random string of letters, numbers, and punctuation

If you really cannot think of anything that works, you can use a random string of letters, numbers, and punctuation. This will be quite secure but difficult to remember. You may want to use a random generator for this, such as the one found here: https://www.random.org/strings/

As a last resort, if you feel the need to record the password on paper, not only should you use a secure location, but also disguise it using things like 'Reservation Number' or 'Conference Code' next to it. Since the overwhelming majority of password attacks are now remote attacks, storing it in a safe location, writing is a viable alternative. Make sure you change your password if this location is compromised, lost, or stolen.