The Anatomy of A Strong Passphrase That Is Easy To Remember

Written by wagslane | Published 2020/03/19
Tech Story Tags: passwords | security | passphrase | password-security | what-is-a-strong-password | passwords-vs-passphrases | what-is-a-passphrase | what-is-a-strong-passphrase

TLDR The Anatomy of A Strong Passphrase That Is Easy To Remember. A password is easier for a computer to guess (less entropy), and also is harder to remember. The key to a memorable passphrase is to take 4 or 5 random words, and use those words to create an image in your head. The more ridiculous the image, the easier it will be to remember, but picturing the image is what will cement in your mind for the long term. The chart below gives a rough idea of how long a given password will take to crack.via the TL;DR App

We all have hundreds of online accounts. Ideally, as many of those accounts as possible have unique passwords. Unique passwords however present a difficult problem: No one can remember hundreds of strong passwords.

To fix this problem, we created password managers. Now, all of our passwords are neatly stored in one place, encrypted by one master password or passphrase. The problem with this of course is the master password or passphrase needs to be very secure.
Which should be used? A password or passphrase?

Passphrases are Better Than Passwords

This XKCD comic does a good job of explaining the difference between passwords and passphrases. A password is easier for a computer to guess (less entropy), and also is much harder to remember! There is NO REASON we should be using passwords.

Entropy

You may have noticed in the comic that the example password has 28 bits of entropy while the passphrase has 44. Entropy just means the number of possibilities that an attacker would need to guess in order to crack a password or passphrase.
For example, a recovery code on a qvault card has 16 characters, and each character has 58 possibilities. This means that there are:
58^16 = 16,400,152,899,115,243,850,138,976,256 possibilities.
If we take the base 2 logarithm of the number of possibilities then we arrive at how many bits of entropy the recovery code contains.

log2(58^16) = 93.73 Bits of entropy.

The chart below gives a rough idea of how long a given password or passphrase will take to crack based on how many bits of entropy it has and how many guesses per second the attacker can make (which depends on their hardware).

How to Remember

Now that we have covered why and how a passphrase is safer than a password, lets look at how to create a memorable passphrase. The key to a memorable passphrase is imagery. The idea is to take 4 or 5 random words, and use those words to create an image in your head. The more ridiculous the image, the easier it will be to remember.
The correct horse battery staple from the above XKCD is a good example, but I'll give you another one. Let's pretend you are trying to remember:
banana army acid nose spray
I would probably imagine an army of bananas doing acid while being sprayed out of a giant nose. If I repeat "banana army acid nose spray" out loud a couple times while imagining this ridiculous scene, then I can memorize it in just a couple seconds.
Repeating it a couple times allows you to remember the exact order of the words, but picturing the image is what will cement ii in your mind for the long term.
I hope this helps you create secure passphrases! As always, stay safe online! It's a dangerous place.
By Lane Wagner
Written by wagslane | Founder of Boot.dev. Whining about coding sins since 2011. Committing coding sins for the same.
Published by HackerNoon on 2020/03/19
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy