Intro

Strong and effective passwords don’t necessarily have to be hard to remember, but it’s still a trade-off to some extent. How secure your password may depend on your needs. The reason is simple. While all methods we recommend are secure enough to protect you against attackers not targeting anyone in particular, but rather a mass of users, some may need much higher protection.

What is password entropy

Don't bother with the Wikipedia article as it explains mathematical entropy, which isn't identical to what people mean when they talk about password entropy. Password entropy is more about how hard it is to guess a password under certain assumptions which is different from the mathematical concept of entropy.

From the link above:

Password entropy is usually expressed in terms of bits: A password that is already known has zero bits of entropy; one that would be guessed on the first attempt half the time would have 1 bit of entropy. A password's entropy can be calculated by finding the entropy per character, which is a log base 2 of the number of characters in the character set used, multiplied by the number of characters in the password itself.

The strength of your password doesn’t matter if you use it on all websites you have an account on, especially with the same email/username, so be sure to use a password manager, you can save your different emails/usernames on there too. Be sure to create a strong password for your password manager.


Traditional Password Advice

According to traditional advice, a strong password includes:

  • Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 in length. A longer password would be even better.
  • Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
  • Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red House” is also very bad.
  • Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

The traditional way may well be too basic when it comes to creating a password, it's not the most optimal way, but isn't the worst method of creating passwords on today's online web. For example, “RedHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. But it’s fairly obvious—it’s a dictionary phrase where each word is capitalized properly. There’s only a single symbol, all the numbers are at the end, and they’re in an easy order to guess.

You might say well I know a better way to creating a password, just bash your fingers against your keyboard and you can come up with a strong password like 3o(t&gSp&3hZ4#t9. That’s a pretty good one—it’s 16 characters, includes a mix of many different types of characters, and is hard to guess because it’s a series of random characters. The only problem here is memorizing this password. Assuming you don’t have a photographic memory, you’d have to spend time drilling these characters into your brain. There are password generators that can come up with this type of password for you—they’re generally most useful as part of a password manager that will also remember the passwords for you.


Password generators and strength meters

Offline password generators are the safest to use, I recommend you use Defuse offline password generator or the generator in your password manager. I don't recommendusing online password generators in theory because there are some ways that one could perhaps build a password generator that is not so bad (e.g., run it in Javascript, on your local machine, and so forth.) However, in practice, there are too many pitfalls that an average user cannot be expected to detect.

For instance, an average user has no way to know whether the password generator does indeed ensure that the password never leaves the site. The average user has no way to verify that the web site is not keeping a copy of your password. The average user has no way to verify that the password generation code is using good entropy (and Javascript's Math.random(), which is the obvious thing to use for this purpose, is not a great pseudorandom number generator.)

Password strength meters

Don't determine the strength of your password to a strength meter that basically uses a number of different templates. If one of them is close enough to what was actually used, its entropy estimate can be quite good; but if not, it can be way, way off (and it’s always an overestimate, never an underestimate.)

Password strength meters are useful for identifying weak passwords, but they can’t guarantee that a given password isn’t weak. That can only be done by generating the password from a template that uses enough random bits. They get the entropy and conclude with wrong results most of the time and may be malicious.


Now, let's take a look at sophisticated methods for creating passwords in the chart below.

Which method should you use?

Method Example password Pros/Cons Threat model
Diceware dismount example spinner skirt clothing camper + Relatively easy to remember - Not as secure as the other methods Attackers targetting a mass of users; non-government attackers targetting you in specific
Enhanced Diceware Dismou51#eXamp52$spInn53%skI54^cloThi55&Camp + Easier to remember than Schneier’s method + Strength comparable to Schneier’s method Government-level attackers
Schneier’s method uTVM,TPw55:utvm,tpwstillsecure + Strong enough even against government-level attackers - Harder to remember Government-level attackers

Diceware

Roll six dice all at once, or one at a time, consider using 6 or more words with diceware's method for best security, write down the numbers (35162), look up the corresponding word (35162 Kapok) in Diceware's 7706 word list, write it down, repeat until you have at least six words. Then just come up with a mnemonic to remember it — might be something like a one-sentence story. And there are lists for several other languages.

XKCD Method featured in a comic strip

Note: It's best to use more than 6 words or more when using the XKCD and Diceware methods. An 8-word, randomly chosen diceware passphrase consistently provides a robust 104 bits of entropy.

Picking a good passphrase is one of the most important things you can do to preserve the privacy of your computer data. A passphrase should be:

  • Known only to you
  • Long enough to be secure
  • Hard to guess -- even by someone who knows you well
  • Easy for you to remember
  • Easy for you to type accurately

To give you an idea of how secure mere words are, consider this:

  1. The four-character password consisting of letters and numbers (we refer to these as alphanumeric passwords) can be cracked pretty easily since there are only (26+10)^4 combinations (1679616 — might seem like a lot, but at 1000 tries per second, which is far less than what computers are nowadays capable of, going through all combinations will only take slightly less than 28 minutes)
  2. A Password consisting of four of the 1000 most common words has 1000^4 = 1000000000000 combinations, over 595374 times more combinations than the four-character password.

The reason why using a word isn’t much more secure than using a single letter is that random-looking passwords are cracked using brute force attacks— checking every single option for every single character — while common passwords, like one-word passwords, are cracked using dictionary attacks — going through the list of most common passwords. The strategies employed by password crackers have advanced to an incredibly efficient level, so it's imperative to be unusual with the passwords you create. Here's an example from security expert Bruce Schneier about just how far password crackers have come:

Crackers use different dictionaries: English words, names, foreign words, phonetic patterns and so on for roots; two digits, dates, single symbols and so on for appendages. They run the dictionaries with various capitalizations and common substitutions: "$" for "s", "@" for "a", "1″ for "l" and so on. This guessing strategy quickly breaks about two-thirds of all passwords.

Enhanced Diceware

  1. Use the Diceware method to generate random words. Maybe remove some amount of letters (i.e. dismount -> dismou; clothing -> clothi)? Maybe capitalize some letters?
  2. Put consequent numbers between them. Ideally not 1234…, but take some random number you’ll remember and then just keep incrementing ("increasing") it.
  3. Add special characters
  4. (Optional) Add non-English characters if the password manager allows them.

If you aren’t concerned about anyone targetting you in specific, you can use this method with some short text (like a poem) instead of the words, and, say, your birthdate instead of the random number.

Schneier’s method

The Schneier’s method is what you should use if there’s a reason why you might be specifically targeted by a sophisticated attacker, or just want to go the extra mile for better security.

My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence — something personal.

Here are some examples:

  • WIw7,mstmsritt… = When I was seven, my sister threw my stuffed rabbit in the toilet.
  • Wow…doestcst = Wow, does that couch smell terrible.
  • Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all.
  • uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these passwords were still secure.

You get the idea. Combine a personally memorable sentence with some personally memorable tricks to modify that sentence into a password to create a lengthy password. Of course, the site has to accept all of those non-alpha-numeric characters and an arbitrarily long password. Otherwise, it’s much harder.

Original post on Bruce Schneier’s blog