InfoSec Blog - The Master Passphrase - One Password To Rule Them All

April 29th, 2016

I'm hoping that by now you have followed my previous advice and are using a password manger to store and generate all your passwords. Now all you need is for me to tell you how to come up with a super strong master passphrase for your vault. If you aren't then I suggest you go back and read my previous blog post. If you don't, then let me tell you this, I have a very particular set of skills, skills I have acquired over a very long career... You get the picture.

I know what you're thinking, we all know what a password is, but what on earth is a passphrase? Well it's very similar to a password but longer, way longer. Now just because it's much longer, that doesn’t mean it's going to be more difficult to remember. You simply take a short phrase that is memorable to you but doesn’t contain anything about you that's googleable (yes, it's a real word, Google it), mix in some numbers and special characters, and hey presto you've cooked up a secure passphrase. 

Here's an example, we start with "I love to play badminton". That's pretty long but we need to make it harder to crack. So following the recipe above we could end up with "I*Luv 2 Play-B@dm1nt0n". Now, that's what I call a strong passphrase.

A strong passphrase:

  • Is 20 to 30 characters long.
  • Contains upper, lower, and special characters.
  • Contains numbers.
  • Is a series of words that create a phrase.
  • Does not contain common phrases found in literature or music.
  • Does not contain words found in the dictionary.
  • Does not contain your user name, real name, or University name.

But don't just take my word for it, watch this short video from our friends at Google. 

As always, if you have any questions or concerns regarding your password security, please feel free to reach out to us. We are always glad to help you feel safe online.


Written by: Chris Sowley (Cyber Forensics Analyst, Information Security)