Generate Memorizable Passphrases That Even the NSA Can't Guess

HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

change your username

[jd142]

I forget where I first read it, but this sounds like a good workaround. Pick a nice secure-as-you-want password. But each website gets a different username. It sounds like most attacks are of the kind "joe_bob uses P4$$word on amazon, let's see if joe_bob uses P4$$word on this banking site too." They don't seem to be looking to see if joe_bob_amazon is the same account as joe_bob_wellsfargo. Or you could be joe_a_bob and joe_wf_bob.

Even better is if you have some control over your email accounts. They are probably smart enough to see joe.bob@gmail is j.o.e.bob@gmail(although that does let you filter incoming mail a little easier). But if you have control over the domain you have a catch all address and be me_amazon@myplace.com and me_wellsfargo@myplace.com.

Re:xkcd...

[duranaki]

Well, they read the comic, but then thought, "Damn, thinking of random words is hard! If only we could make a 37 page document and use dice to pick words!" And then someone else shouted, "Genius! I own shares in Yahtzee! This will totally increase sales!"

Re:Yes, but....

[khasim]

Let's be a bit more specific about that.

If they're restricting the length to something like 8 or 12 or 16 instead of 128 or 256 then they are PROBABLY not hashing the passwords.

Which means that your password is PROBABLY being stored in plain text (or possibly encrypted). NEITHER of which are acceptable methods today.

Re:Memorizing site-unique passwords isn't possible

[darkmeridian]

Your personal email is the most important account you have for the reason you set forth: you can use it to reset passwords to all of your other accounts! That's why I use Google Mail along with the FIDO U2F dongle. This makes my email really secure.

Re:Prepare to restore from backup often

[mlts]

I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.

You are right about backups... that is why I have three of the USB tokens, just in case.

Re:Memorizing site-unique passwords isn't possible

[arth1]

Use a password manager and you:
- Cannot access your accounts without the password manager. Like when you've had everything stolen at an airport and need to transfer some money.
- Lose access to all your passwords in one fell swoop when you lose your password manager, or move to a system where that (by then) old piece of software won't run.
- Lose all your passwords in one fell swoop to any blackhat who manages to brute force or key log your password manager.

Password managers defeat much of the security of having passwords.

Re:Memorizing site-unique passwords isn't possible

[pspahn]

This is pretty much what I do. I personally don't like all the generic words, and instead use variations of a similar pattern. I have several main patterns that I can determine which one to use based on a rule I know that takes the site's name into account. This is my base password.

Then I take the site's name and apply another rule to it. This becomes my salt.

Together they become a very complex password that is unique for each site and yet very easy for me to remember. An example (of course not close to what I use, but you get the idea) for Slashdot would be:

Slashdot.org - TLD is org so we use Gro.dotSlash as the hash + 19 (slashdot begins w/S, the 19th letter) + someone I love's DOB 9-18-80, so the full password is Gro.dotSlash1991880?