Creating random passphrases for stronger passwords

At home on my iMac, when I need to create a strong password, I use 1Password's generator, specifically where it generates a string of random words. The longer the passphrase, generally, the harder it is to crack.

But I don't have 1Password on my Windows computer at work. And I like to mix things up also. 

Prior to using 1Password, I used a Diceware passphrase. Throw five dice to generate a totally random 5-digit number. Match the number to the list of 7,776 short words or word-tokens, and you have a long password that is easier to remember and type, while harder to crack. 

Since I don't have five dice, I used Random.org's dice-throwing routine, either from its website or iPhone app.  

So throwing 15152 gives you "brawl," 26232 is "fork," and so on. Separate five or six words with a non-alphabetic character, begin or end with a number or !@#$^*(), and I have a strong password that's also easy to type on a mobile keyboard. 

Diceware's was admittedly an odd list, with some obscure words, numbers, single letters (g), single letters with apostrophes (g's), or very short "words" (fy) that do not add to the passphrase complexity and are hard to remember on their own. 

Into the breach steps the Electronic Freedom Foundation's new wordlists to create random passphrases. The long word list is now composed of full recognizable words, without apostrophes, and that are easy to remember and spell. 

The EFF's page has all the information on the reasoning behind the new list along with shorter lists that use only four dice. It also links to the classic XKCD comic explaining the benefit of long passphrases.

 

Michael E Brown @brownstudy