Blog Posts


Passphrase Generator

 

 

If you are required to use an old school password, use this Password Generator.


This software will allow you to use up to 99 words in your passphrase, but usually four (or five words at the most) will give you a very strong (and more easily remembered) passphrase.

Some four word passphrases are better than others, so you might want to try different ones. (By default, 4 words are requested, but feel free to change it.)

If you don't want to read anything else, here's the form:

How many words do you want in your passphrase?  

What character would you like to use to separate the words?

 

If you do want some background, here is what I know. I have come to understand that a passphrase (even all lowercase) is at least as secure as, and potentially far more secure than a very complex password composed of all the "usual players" (uppercase, lowercase, numbers & special characters).

The passphrases supplied by this software are based on EFF's dice Roll concept and are determined using simulated rolls of dice. The scenario is this: four dice are rolled once or a single die is rolled four times. The numbers shown are then used to look up a word in a list. A different word is associated with every possible combination of four rolls. This is done multiple times until a passphrase of the desired length is arrived at. (There are lists for more than four rolls for each word, but four is very secure.)

Even though the entire list of words is known, because the words in your passphrase were arrived at randomly (not "my dog spot likes to ride in my ford explorer") the passphrase is nearly impossible to be determined by guessing or even by using computers to combine the words in an attempt to come up with your passphrase. This is because they don't know how many words you used and more importantly the statistical likelihood gets exponentially more difficult to "guess" your passphrase with each additional word you use.

Complex passwords are nearly impossible to remember. Do you remember every one you have in use somewhere? Not only is a four word passphrase (with spaces between words) far more secure in and of itself, it also is easier to remember, which also makes your account more secure.

This also brings up another point, but will have to be a separate discussion: password managers. Even though passphrases are very secure, if you have dozens (or hundreds) of accounts, you are never going to remember them all. (Remember, each account needs its own, unique passphrase) That's when a password manager is mandatory (either using cloud or local storage).

Passphrases should not be in general use, such as movie, song or book titles, song lyrics or your favorite movie character quote. Also, don't use sources which are less generally used (such as lines from Shakespeare's plays). The "bad guys" most likely have all the above and more in the files they use when they hack into accounts. Such phrases are not at all random by any stretch of the imagination.

Also, don't use any personally identifiable information in your passphrase such as: "my dog spot likes to ride in my ford explorer". If someone knows you, they might be able to guess it (not very likely, but conceivably it could happen). Even if everything in that passphrase is a "white lie" (you don't have a dog, you've never had a dog named spot, you don't have a Ford, and/or you don't have a Ford Explorer) I would not suggest using it because once again, it is not at all random. I came up with it which means it could be in the hackers file system.

You don't want to use the same passphrases on more than one account. If you do and if they hack or some other way find out your passphrase, they will be able to log into all your accounts which use that passphrase.

If you have decided to change all your old, outdated, impossible to remember passwords (a great thing to get started on, by the way) and you are thinking them up yourself, you might run out of unique passphrases pretty quickly. That's when this software will come in handy. No thinking required. Just do it!

 

Resources

Now you are probably curious to see how strong your shiny new passphrase is (how long it will take to 'crack' it). You can find out right here, or use one or more of the links provided below.

The information below is derived from hashcat's site and is presented only for demonstration purposes. Please do your own research on passphrase security!

Time to crack using a computer with    core(s) [...more cores, less time - try 100 cores.]:

Use can also use these links to test your new passphrase. They all come up with different answers, but are in the same "ballpark".

Use a Passphrase

How Secure is My Password

Take the password test

How secure is my password

Strength Test


Deep Dive: EFF's New Wordlists for Random Passphrases, by Joseph Bonneau, July 19, 2016 (EFF = Electronic Frontier Foundation)

Perfect Passwords - GRC's Ultra High Security Password Generator. Generating long, high-quality random passwords is not simple. Our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use.

Diceware Secure Passphrase and Password Generator