Passphrase

TLDR The most important factor in password strength is length. Passphrases are a string of words, like a favorite song lyric or quote. These can be both long and easy to remember! Aim to create a passphrase that is 16 characters or more. Use a mix of alphabetical and numeric, a mixture of upper and lowercase, and special characters when creating your unique passphrase.

A password is only good if you are the only person who knows it. Since complex passwords are hard to remember, people often resort to writing them down, or else choose less complex passwords. To make it easier, we suggest you use passphrases in place of passwords.

A passphrase might be created by taking a sentence and selecting the first letter from each word. For example, consider the following sentence: “A good password is long, complex, unpredictable, and known only to me”. We could take just the first letter from each of these words to come up with the passphrase “agpilcuakotm”. It’s unlikely anyone will guess that is your password, but as long as you remember the phrase, you’ll always be able to type the password.

Make substitutions of characters to increase the complexity. The passphrase “agpilcuakotm” is not very complex. To help that, we can do two things. One, we can add the commas from the phrase into the passphrase to get: “agpil,c,u,akotm”. We can introduce random capitilization as well: “aGPil,c,u,akotm”, and finally make substitutions like using the equal sign for “is” and the number 1 for “only” to get “aGP=l,c,u,ak1tm”. It is very unlikely that anyone will guess this password randomly. It also has sufficient length to be a kerberos password even though the phrase used to create it was easy to remember.

Another common technique is to include the transposition of letters in the passphrase.