I like the idea of throwing a few emojis into the mix
5+ words is generally better than 4, but it's not all about length; it's also about entropy, complexity, and not using common words that are used in Dictionary Attacks.
Truly random, high-entropy passphrases are a valid option to unlock your password manager, as they can easily be remembered if you create a mnemonic like an absurd story using the random words as a recall technique. They can also be valid for full-disk encryption on your laptop, or as a passphrase for an encryption key like PGP or SSH, etc. It is best practice to not reuse passphrases.
I recommend using KeePassXC to generate this high-entropy passphrase for most people, or if you follow the instructions to the letter, this is a very good offline method:
However, I highly recommend using high-entropy random passwords that include:
• Length (in characters)
• Use of uppercase and lowercase letters
• Use of numeric characters
• Use of special symbols
...for pretty much everything else.
Here is some good info on passphrases vs passwords:
"If you compare a passphrase to a truly random password, the password is the better, more secure option."
https://proton.me/blog/what-is-passphrase
Here is some more good info on password entropy, including the math used to calculate it:
https://proton.me/blog/what-is-password-entropy
While ProtonPass/Bitwarden will tell you if a password/passphrase is strong, KeePassXC shows you the entropy of your passwords in bits—both internally generated, or by pasting your current password into the password generator. I suggest using it as an easy way to check your exact password entropy.
You want an entropy score of at least 75 bits (72 is reasonably easy to crack).
Discussion
No replies yet.