English

High Quality Products, Reasonable Prices And Satisfactory Service

View All Products

Environmental Protection Material

View All Products

More Than 20 Years Of Experience

View All Products

How to create a strong, memorable master password | Trusted Reviews

2022-09-17 02:40:28 By : Mr. Jensen Zeng

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

You’ve got a password manager, so you don’t need to remember most of your own passwords any more. But the ones you do memorise are all the more important. It needs to be easy to remember, but still random, with no personal links to you that could be discovered through a bit of shady research. Here’s how to create a good one using the Diceware generation system.

Your digital activities made simple

Keep your passwords and documents in a secure private vault – and access them with one click from all your devices.

A Diceware generator (Or one six-sided die and a Diceware word list)

We’re going to use the Diceware system, which generates random passphrases by rolling six-sided dice against a word list. You can do this with real dice and a downloadable word list, but we’re going to use Douglas Muth’s in-browser version. To start, go to https://diceware.dmuth.org/

You can choose to roll dice for anywhere from two to eight words. Six is the default option here – four or five are a little easier to remember and still provide solid security, but I wouldn’t go below that unless you’re working to a character limit. Click the Roll Dice! button and watch the animation.

A couple of seconds later, you’ll be presented with your works, a Pascal case single-word version without spaces, but with capitalised initial letters, and a reassuringly large number of potential passwords that could have been obtained via the same method.

Copy your passphrase over to where you need it. I suggest cutting and pasting it into the main entry box, then manually typing it into the confirmation box. This helps you make sure that the phrase is easy to type before you set it. I prefer to retain the spaces between words, in line with the original Diceware FAQ’s recommendations.

Your digital activities made simple

Keep your passwords and documents in a secure private vault – and access them with one click from all your devices.

No. For most online, mobile and desktop passwords, you should use a password manager to quickly generate and enter long, genuinely random strings of numbers, letters and special characters (mine are usually 14 – 22 characters).

This will obviously include your password manager’s master password. But you should also set a memorable password for anything you need to type regularly. This might include the password to your PC and any encrypted disks you might use. You should also think about passwords used on any platforms that don’t support your password manager – for example, if you’ve set all Nintendo eShop purchases on your Switch to require a password, you’ll want to make sure it’s memorable and easy to type with a controller.

A strong, modern password isn’t a word at all: it’s a passphrase, a string of words, with or without spaces, somewhere between 25 and 60 characters in length. That might sound daunting, but a five-word phrase – even a nonsense one – is a lot easier to remember than a 12-character string of random numbers, letters and special characters. Memorability is important when coming up with master passwords, as they’re often zero-knowledge, meaning there’s no way of recovering the data they secured if you forget them. The archetypal example is “correct horse battery staple” from the xkcd webcomic Password Strength, which does a good job of explaining entropy and encourages the use of a Diceware style system. What makes your password strong is its entropy – how unpredictable it is. The more characters in a password, the higher its entropy… but only if those characters are actually in an unpredictable sequence.

“Password” and “12345678” are both terrible, but “Shall I compare thee to a summer’s day?” and “This devastation left your cities to be burnt” look strong, but aren’t great either, as these quotations are vulnerable to probabilistic cracking, a hybrid dictionary attack that uses popular phrases to work out which words are likely to appear in sequence. For more passwords to avoid, check our any “most used passwords of the year” list.

Not if you can avoid it. Although numbers and special characters can increase entropy by making your password less predictable (unless you just substitute the number one for all the ‘i’s and call it a day), randomly generated passphrases are already so high entropy that it’s not worth making them harder to type and remember by adding unnecessary characters. However, many services still force you to use these – tack them onto the beginning or end if you need to.

If you’re using genuinely unique, random passwords for everything, then no. Although mandatory password changes are still popular in enterprise, these have been shown to encourage bad security practices such as reusing passwords and the guidelines that recommended them have been superseded. Change your password if the service they unlock gets breached, if you see suspicious activity on your account, or if you have reason to believe that someone else has had access to them.

Although using popular song lyrics is a bad idea for creating a secure password, fitting a random phrase to music to memorise it is incredibly helpful. I often force my generated passphrases into the tune of a traditional or a cartoon theme song (Teenage Mutant Ninja Turtles, if you must know), following its syllable count without reproducing its lyrics. More conventionally, repeatedly typing the phrase will both help you remember it – this is a good reason to have your password manager log you out regularly, in addition to the security benefits of doing so. Finally, you always have the option of keeping a hard copy somewhere safe – most threat vectors are from online strangers, rather than people with physical access to your home. While security expert Bruce Schneier famously advocated storing these in your wallet, I prefer using a secure, concealed location, which is also part of my “in case of death or injury” plan.

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Products tested and reviewed since 2003

Featured Products

News & Blog