We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Best way to make an uncrackable passphrase, using What3words

Options
The most important thing in a passphrase is its length, not using 'Capital letters, numbers, and symbols', like you so often hear.

So a passphrase such as
"responded impressed licks Theoldmiser444"

is uncrackable due to its length.

If you want to make a secure passphrase, just go to What3words.com, which is a website that has mapped every section of the Earth into 3m wide squares, and given each square a three word name. As a result, there are 57 TRILLION such squares on What3words.com, each with their own three word code.
So go onto the map and move away from the U.K. and into a random spot out at sea, write down the three words, and add a simple word or two of your own, and you have an uncrackable passphrase.
In the example above, I have added "Theoldmiser444" at the end, because most websites don't know the first thing about password security, and blindly copy each other, forcing you to use a capital letter, and/or a number, etc.

You should also always write down your passphrases. If you can remember more than two or three passphrases, then you are either a genius with a photographic memory (unlikely), or your passphrases are not long enough to be secure and uncrackable.

I use a simple address book, which has alphabetical tabs down the side, so I can easily find passphrases for all the websites I use. (I have about 200 passphrases.)

To my knowledge, nobody has EVER had their passphrase book stolen from their house and used illegally. Whereas THOUSANDS of people have their online accounts hacked every single day, because they use passwords instead of passphrases, and their passwords aren't long enough to be secure, because nobody is telling them the correct way to make passphrases.

Go to
to test the strength of any passphrases you make using this method, you'll see that they are incredibly secure.


«134567

Comments

  • Do you carry the address book with you or do you only need to log in to sites when at home?

    I've started using Bitwarden which is ideal for my needs. 

    I do have a very long random password made up of unrelated words.
    Things that are differerent: draw & drawer, brought & bought, loose & lose, dose & does, payed & paid


  • FFHillbilly
    FFHillbilly Posts: 500 Forumite
    100 Posts Second Anniversary Name Dropper
    all that just sounds so laborious. i'm just going to bury my head n the sand and continue with my unsecure passwords for now, hopefully it won't be too long until biometrics make passwords obsolete
  • IvanOpinion
    IvanOpinion Posts: 22,229 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    km1500 said:
    remember, if you consider an offline dictionary attack (eg someone is trying to get into your encrypted word document) then a three-word password is equivalent to a three-character password
    That is a fallacy. The base for an average person using 3 words is 20,000 rising to 60,000 (or so) for those with better language skills. The base for characters is 26 (or 62 if you include upper, lower and numerics, rising to 95 if you include special characters).

    I don't care about your first world problems; I have enough of my own!
  • IvanOpinion
    IvanOpinion Posts: 22,229 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    The most important thing in a passphrase is its length, not using 'Capital letters, numbers, and symbols', like you so often hear.

    So a passphrase such as
    "responded impressed licks Theoldmiser444"

    is uncrackable due to its length.

    Actually that is not correct either. As km1500 mentions a dictionary attack could eventually crack 3 words in a much shorter time than you anticipate (measurable in days or weeks).  However you are actually using 6 words and some numerics which would take significantly longer.

    There are still weaknesses in your suggestion though - the biggest of which is that you have had to write something down. You could strengthen the password by interjecting characters between the words (symbols or (e,g,) the 4th letter of the previous word) and adding random mixed case e.g. resPondeDPimpreSseDrliCks@Theoldmiser444$$.

    Alternatively you could mangle the words e.g.  resPimpRlicKondeDesseDs@OldTheMi444ser  (makes it a bit more difficult though).

    These will cause a dictionary attack to fail and are as good as random characters with the added advantage of memorability and less of an issue if written down.

    I don't care about your first world problems; I have enough of my own!
  • Neil_Jones
    Neil_Jones Posts: 9,537 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I'm at the point now where I just right-click, "Suggest Strong Password" and run with that, then let the browser save them all.  I have tried password managers but I am idle so...

    Can't be bothered with the whole process thing, its far easier just to use 2FA where available as the next best thing.
  • alanwsg
    alanwsg Posts: 801 Forumite
    Part of the Furniture 500 Posts Name Dropper
    As I said before, the best password is "Correct Horse Battery Staple"

    https://xkcd.com/936/

  • oldernonethewiser
    oldernonethewiser Posts: 2,430 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    edited 16 July 2023 at 9:23AM
    alanwsg said:
    As I said before, the best password is "Correct Horse Battery Staple"

    https://xkcd.com/936/


    Certainly simplifies things if everyone in the world uses the same password for everything. ;)

    Wonder if that will cause any problems........
    Things that are differerent: draw & drawer, brought & bought, loose & lose, dose & does, payed & paid


  • twopenny
    twopenny Posts: 7,490 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    All great news for someone who's dyslexic!
    Yup, that's me.

    I like the idea of using an address book though. If you can find one that is.

    I can rise and shine - just not at the same time!

    viral kindness .....kindness is contageous pass it on

    The only normal people you know are the ones you don’t know very well


  • SteveJW
    SteveJW Posts: 724 Forumite
    Part of the Furniture 500 Posts Name Dropper Combo Breaker
    I look round the home and use three names I can see
    For example at the moment
    FriendshipsCoffeeGeralgine

    Add the time and a couple of special symbols, so end up with

    $FriendshipsCoffeeGeralgine1040#

    Wonder how long that would take to crack

    Then use a password manager to store my passwords

    Steve

Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.6K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.