Best way to make an uncrackable passphrase, using What3words

theoldmiser
theoldmiser Forumite Posts: 70
Part of the Furniture 10 Posts Name Dropper Combo Breaker
Forumite
The most important thing in a passphrase is its length, not using 'Capital letters, numbers, and symbols', like you so often hear.

So a passphrase such as
"responded impressed licks Theoldmiser444"

is uncrackable due to its length.

If you want to make a secure passphrase, just go to What3words.com, which is a website that has mapped every section of the Earth into 3m wide squares, and given each square a three word name. As a result, there are 57 TRILLION such squares on What3words.com, each with their own three word code.
So go onto the map and move away from the U.K. and into a random spot out at sea, write down the three words, and add a simple word or two of your own, and you have an uncrackable passphrase.
In the example above, I have added "Theoldmiser444" at the end, because most websites don't know the first thing about password security, and blindly copy each other, forcing you to use a capital letter, and/or a number, etc.

You should also always write down your passphrases. If you can remember more than two or three passphrases, then you are either a genius with a photographic memory (unlikely), or your passphrases are not long enough to be secure and uncrackable.

I use a simple address book, which has alphabetical tabs down the side, so I can easily find passphrases for all the websites I use. (I have about 200 passphrases.)

To my knowledge, nobody has EVER had their passphrase book stolen from their house and used illegally. Whereas THOUSANDS of people have their online accounts hacked every single day, because they use passwords instead of passphrases, and their passwords aren't long enough to be secure, because nobody is telling them the correct way to make passphrases.

Go to
to test the strength of any passphrases you make using this method, you'll see that they are incredibly secure.


«13456

Comments

  • oldernonethewiser
    oldernonethewiser Forumite Posts: 1,240
    1,000 Posts Fourth Anniversary Name Dropper Combo Breaker
    Forumite
    Do you carry the address book with you or do you only need to log in to sites when at home?

    I've started using Bitwarden which is ideal for my needs. 

    I do have a very long random password made up of unrelated words.
    Things that are differerent: draw & drawer, brought & bought, loose & lose, dose & does, payed & paid


  • FFHillbilly
    FFHillbilly Forumite Posts: 300
    100 Posts
    Forumite
    all that just sounds so laborious. i'm just going to bury my head n the sand and continue with my unsecure passwords for now, hopefully it won't be too long until biometrics make passwords obsolete
  • IvanOpinion
    IvanOpinion Forumite Posts: 22,022
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    km1500 said:
    remember, if you consider an offline dictionary attack (eg someone is trying to get into your encrypted word document) then a three-word password is equivalent to a three-character password
    That is a fallacy. The base for an average person using 3 words is 20,000 rising to 60,000 (or so) for those with better language skills. The base for characters is 26 (or 62 if you include upper, lower and numerics, rising to 95 if you include special characters).

    Past caring about first world problems.
  • IvanOpinion
    IvanOpinion Forumite Posts: 22,022
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    The most important thing in a passphrase is its length, not using 'Capital letters, numbers, and symbols', like you so often hear.

    So a passphrase such as
    "responded impressed licks Theoldmiser444"

    is uncrackable due to its length.

    Actually that is not correct either. As km1500 mentions a dictionary attack could eventually crack 3 words in a much shorter time than you anticipate (measurable in days or weeks).  However you are actually using 6 words and some numerics which would take significantly longer.

    There are still weaknesses in your suggestion though - the biggest of which is that you have had to write something down. You could strengthen the password by interjecting characters between the words (symbols or (e,g,) the 4th letter of the previous word) and adding random mixed case e.g. resPondeDPimpreSseDrliCks@Theoldmiser444$$.

    Alternatively you could mangle the words e.g.  resPimpRlicKondeDesseDs@OldTheMi444ser  (makes it a bit more difficult though).

    These will cause a dictionary attack to fail and are as good as random characters with the added advantage of memorability and less of an issue if written down.

    Past caring about first world problems.
  • Neil_Jones
    Neil_Jones Forumite Posts: 8,563
    Part of the Furniture 1,000 Posts Name Dropper
    Forumite
    I'm at the point now where I just right-click, "Suggest Strong Password" and run with that, then let the browser save them all.  I have tried password managers but I am idle so...

    Can't be bothered with the whole process thing, its far easier just to use 2FA where available as the next best thing.
  • alanwsg
    alanwsg Forumite Posts: 730
    Part of the Furniture 500 Posts Name Dropper
    Forumite
    As I said before, the best password is "Correct Horse Battery Staple"

    https://xkcd.com/936/

  • oldernonethewiser
    oldernonethewiser Forumite Posts: 1,240
    1,000 Posts Fourth Anniversary Name Dropper Combo Breaker
    Forumite
    edited 16 July at 9:23AM
    alanwsg said:
    As I said before, the best password is "Correct Horse Battery Staple"

    https://xkcd.com/936/


    Certainly simplifies things if everyone in the world uses the same password for everything. ;)

    Wonder if that will cause any problems........
    Things that are differerent: draw & drawer, brought & bought, loose & lose, dose & does, payed & paid


  • twopenny
    twopenny Forumite Posts: 4,603
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    Forumite
    All great news for someone who's dyslexic!
    Yup, that's me.

    I like the idea of using an address book though. If you can find one that is.

    The only normal people you know are the ones you don’t know very well

  • SteveJW
    SteveJW Forumite Posts: 668
    Part of the Furniture 500 Posts Name Dropper Combo Breaker
    Forumite
    I look round the home and use three names I can see
    For example at the moment
    FriendshipsCoffeeGeralgine

    Add the time and a couple of special symbols, so end up with

    $FriendshipsCoffeeGeralgine1040#

    Wonder how long that would take to crack

    Then use a password manager to store my passwords

    Steve

Meet your Ambassadors

Categories

  • All Categories
  • 338.9K Banking & Borrowing
  • 248.7K Reduce Debt & Boost Income
  • 447.6K Spending & Discounts
  • 230.8K Work, Benefits & Business
  • 601K Mortgages, Homes & Bills
  • 171.1K Life & Family
  • 244K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards