Created: — modified: — tags: security links

How to generate them, so you could store them in your head

Simplest way to get a password is to use some online password generator service, for example search engine. But such meaningless passwords are usually considered quite easy to crack, while quite hard to remember.

One of solutions would be to use a paper with all your passwords written on it. On (archived version) website there is an interesting (but quite lengthly, I must admit) article on how to keep passwords for all websites "encrypted" on a single square piece of paper. Good thing is that the only thing you'll have to remember are the rules (described in that article) on how to make the passwords, you don't have to remember any single thing for each password individually. Bad thing is that if the paper is stolen, then all your passwords are in danger (note, however, that it's not the same as keeping all your passwords openly written on a paper - this piece of paper needs some work before being decrypted).

Another idea is to use passphrase instead of password, because it's easier to remember (consists of words) and harder to crack (has more combinations even when using a small subset of words). There are ongoing arguments on how "strong" such passwords are comparing to "normal" ones, and (archived) tries to give the most scientific-based approach to it.

To generate them you can use, once again, a website: for example, (it also has an xkcd comic on the subject), or, if you're a lucky Linux user, a simple bash script (archived) (this page also has one more explanation of difference between password and passphrase).

Update from 2017-09-05: there is an interesting passphrase generator from Aaron Toponce: blog post, github, generator itself (cached version) offering a choice of several dictionaries to choose from, with my favourite being "Simpsons" one from "Alternate" section, generating easy-to-remeber passwords like "steal french members motion stupid stand".