You are Here
Security

How do I choose a strong Master Password?

  1. It is vital to choose a unique password that is complex but also something you will remember. Make a new password that you’ve never used on anything else before.
  2. Create a secure Master Password with Diceware
  3. How to memorize your Master password phrase?
  4. For application tips see my post on Resources and Links

How Do I Choose a Strong Master Password?

Summary:

A passphrase is like a password, but longer, more secure and you will remember it off by heart. A Master Password. It’s the key to your safe, that you memorize. When you start caring more deeply about your privacy and enhancing your security practices, one of the first challenges you face is having to create a passphrase. Without one, just one, you really lack the ability to secure anything else. A minimum of 28 characters is advised. Do not use lyrics from songs, quotes from movies or literature, etc. Use a Method called Diceware as the basis of your master password

A mix of upper and lower case characters, numbers, and special characters can be added !”#$%&'()*+,-./:;<=>?@[]^_`{|}~

An attacker who has computer equipment capable of one trillion guesses per second will need 27 million years to guess a 7-word passphrase that was set using Diceware!

Compare that to a six-word passphrase (3,505 years) and a five-word passphrase can take as little as 6 months.

It is vital to choose a unique password that is complex but also something you will remember. Make a new password that you’ve never used on anything else before.

Many sites and applications only require you to create a password with a minimum of 8 characters but you should use a password manager to generate unique strong passwords of at the very least 12 – 16 characters long, and do this for all your online accounts. Use multi factor authentication like Authy 2FA where possible.

I strongly advise you to make your master password at least 28 characters long

Avoid using slang, curse words, email addresses, names, places, etc.

Use different letters, some numbers, and a few special symbols.

It is recommended to use the Diceware technique because your “off the top of your head” passphrases aren’t as random as you might think. Language is predictable and far from random as one research paper on the topic states, “users aren’t able to choose phrases made of completely random words, but are influenced by the probability of a phrase occurring in natural language,”

Create a secure Master Password with Diceware

  1. Go to the Diceware word list.
  2. You need a dice to roll. Otherwise, try this random.org site.
  3. You need to roll the dice 5 times to get each word.
  4. Write the numbers down & repeat 7 times minimum.
  5. Find the word that matches the number on the word list. Ctrl F can help speed things up.
  6. For example I got:
46251 / 16663 / 55245 / 62414 / 35234 / 61336 / 32451
port   / clear   / splat        / uproar / keats  /tl         / hc

This is enough to be the master password. 29 characters long.

PortClearSplatUproarKeatsTlHc

Using password.kaspersky.com  password checker we already see that:

Untitled

10 000 + centuries. Enough said. Powerful right.

Now we can mix it up a little with some upper and lower case characters, numbers, and special characters. (Note: It is not necessary to add symbols and numbers but sometimes it helps you to remember)

I didn’t much like the last 2 phrases. So I am going to insert “&”, change the l to L and change hc to the corresponding position in the alphabet respectively. – 83

So we added a symbol, mixed in some uppercase, and added some numbers (you could choose any numbers as long as you remember them, no not the year you were born)

The final Password could look like this: (30 characters long)

PortClearSplatUproarKeats&TL83

How to memorize your Master password phrase?

It’s okay to write your phrase down on paper to start with. Repetition is key to memory. Don’t be lazy, don’t keep it on the paper permanently and not digitally unless it is on an encrypted usb on an encrypted spreadsheet. Definitely do not photograph it. This password is for the memory only.

When you need to type it, always try from memory first. This allows you to memorize it, a process known as spaced repetition.

When you have it committed to memory, believe me, it won’t take long, you’ll be surprised. Destroy any evidence of the passphrase.

If you are really nervous about forgetting, just write down the numbers and keep them in a safe place like a specific page in a book on your bookshelf. Then you can always refer back to the Diceware word list.

Good luck!

For application tips see my post on Resources and Links

Share
Facebook Twitter Pinterest Linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Translate »
Skip to content