Passphrase

A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs and systems. Passphrases are particularly applicable to systems that use the passphrase as an encryption key. The origin of the term is by analogy with “password”.
from Wikipedia

The best passwords are not one or two words, but are phrases that are easy for you to remember and hard for anyone else to guess. They can also be completely random symbols. A password like of random characters is basically impossible to guess. But also impossible to remember.

I’m not going to tell it!

“Once upon a time”, while with some friends into a dark and obscure laboratory, playing games (good ol’ times) I was need to access one of the computers, which was locked. I was asking my friend (in charge with the lab) to tell me the password. He answered fast: “I’m not going to tell it!”. I insisted. He told me again the same phrase.
I gave up, thinking that the computer holds some important data, etc.
He turn to me and told me: “that’s the password: ‘I’m not going to tell it!’.. with “!” at the end…”

Fantastic, isn’t it?
Could you have thought of something simple than that? Neither do I!

Formula (again)

Picking a good passphrase is one of the most important things you can do to preserve the privacy of your computer data and e-mail messages. A passphrase should be:

• Known only to you
• Long enough to be secure
• Hard to guess—even by someone who knows you well
• Easy for you to remember
• Easy for you to type accurately

Test it

The password meter (I like this ‘tester’)
See if it is strong. (this is a Microsoft password checker)

Keep it safe

Yeah, at this point any extremely secure password fails: you save it on your computer, you write it on a post-it and place it on your monitor, or have it written down on your phone, or, or…
Keeping it safe means to ‘save’ it only in your mind. Only!

More readings on this:
- Passwords vs. Pass Phrases - Coding Horror
- Choosing a smart password - Gmail Blog
- Why you shouldn’t be using passwords of any kind on your Windows networks…

The screenshots are from 1Password application (Mac only). They provide a trial version so you can play with it. Personally I do not recommend keeping the eggs in the same basket. The idea behind this app is simple: use a master password to unlock all others. It saves website url and password for that; ALL you need is there, plain dead simple… and plain dead dangerous. It is just another human friendly app - it generates a strong password for you (gibberish 100%) that you do not have to remember at all. It saves it and when you want to login to a specific site, you just press a button “fill login” and.. that’s all: it will input your username and password instantly. This way you don’t bother even to remember the username. It does everything for you.
But.. at what costs?

Tips

Divide sites in two categories:
1 - those personal: hosting accounts, blogs admin side, emails, messengers: all those sites you consider holding true personal data.
2 - the others: forums, communities, magazines, newsletters, social networks. A gold rule for them: don’t use true personal data. Reinvent yourself!

For “personal”: a strong formula along with a “key” that generates a “pass phrase”. Use your imagination to make that key. 32 chars ++
For “the others”: use a formula related to that site + “mini keys”
For example: adobe.com. Think of what does adobe? What’s their logo color? What the name of the most used app? Use more than one? Combine them.
Count the letters inside the favorite app name. Vocals? Can you translate it into another language? What are the tools most used in your favorite app made by adobe? What’s the color of that app?
So, these are the “mini keys”. Add them a “personal” touch and you’re good to go. Keep their length above 15 chars and you’ll be safe.

Hope I have inspired you in creating a secure/funny password.
Have a creative idea too? I’d love to hear it!