How to create a strong passphrase
Instructions
TLDR (Article Summary)
Passphrases are a simple and effective way to secure your accounts. By combining meaningful words into a long, unique, and complex phrase, you can create something that’s easy for you to remember but hard for others to guess. Following this checklist can help you create a strong, unique passphrase.
At least 15 characters (longer is better)
Unique to you (an inside joke, favorite food combinations, etc)
Includes variety (uppercase and lowercase letters, numbers, and symbols)
Different passphrase from all your other personal accounts (don’t reuse your facebook password)
Different from your previous passphrase (create something unique; don’t just add a number to the end)
No pattern or common phrases (not 111111111111111 or ToBeOrNot2Be!Thatisthe?)
No personal information (birthday, SSN, phone number, address, current or first cars, names, etc)
Don’t write it down or share it with anyone (it should be easy for you to remember)
What is a passphrase?
A passphrase is a long combination of words that is hard for others to guess but easy for you to remember. The idea is to choose words that hold personal meaning and make sense together based on your unique association.
Why use a passphrase?
The National Institute of Standards and Technology (NIST) recommends using a passphrase, because they are more secure as they are longer and harder to crack. Their recommendation is based on the research findings from Carnegie Mellon’s Lorrie Faith Cranor. Watch her Ted Talk – “iloveyou password 123456”.
How do I create a good passphrase?
A strong passphrase is built from elements you naturally connect in your mind. Think about how you associate objects, people, or spaces—like different rooms in your house—and use those connections to create a unique passphrase. Something a hacker would not know.
In the NIST blog post, “Easy Ways to Build a Better P@$5w0rd” the author suggests visualizing a familiar scene. For example while sitting at his dining room chair, the author recalls nearby kitchen elements in order “blenderVentPendant4redchair.” This sequence is easy for him to remember and visualize but nearly impossible for a hacker to guess.
Here are some additional strategies to help you create a secure passphrase. Just remember—don’t use the examples provided! A strong passphrase should be unique to you. Be sure to add complexity by using a mix of uppercase, lowercase letters and adding numbers or symbols.
- Random but Related Words (Choose objects that naturally go together in your world.)
- MorningCoff33&Sunr1seJog@86th!
- Unpopular Opinion (Everyone has a hot take—why not turn it into a passphrase?)
- Unp0pular0pini0n_PineappleBel0ngs0nPizza
- Misheard Lyrics (Pick a classic song lyric that you or someone you know always gets wrong.)
- H0ldMeCl0serT0nyDanza
- Childhood Snack Combo (Think of a nostalgic food pairing you loved as a kid.)
- Microwav3d3ggswKetchup!
- Inside Joke With Yourself (A funny or memorable moment that only makes sense to you.)
- Th@tOneT1meIL0stMyGl@ssesOnMyHead
What’s important with passphrases?
- Passphrase length: make your passphrase at least 15 characters long
- Passphrase idiosyncrasy: make it unique to your thinking and not a popular phrase
- Add variety in Passphrase: include numbers, symbols, upper and lower-case Letters
- Unique per account: Create a separate unique passphrase for each account
What to avoid with passphrases?
- Don’t use your phone number, address, birthday, or other private information in your passphrase.
- Don’t use common phrases that can be easily guessed e.g. “IlovetheBigApple!”, “227West27thStreet” (FIT Address)
- Don’t use keyword patterns like QWERTY, 111213141516, 54321 in your password/passphrase.
- Don’t reuse the same passphrase again.
- Don’t share your passphrase with anyone in any form. Never.