Best Practices for Provably Secure Passphrases

1. Choose words for the passphrase from one list with a known number of entries.

2. Choose each word randomly. Try the Playing Cards method or Diceware.

3. Trust the math.

The number of possible unique passphrases is determined by the number of entries in the word list, raised to the Nth power, where N is the number of words in the passphrase. Choose a passphrase with 3.4 x 10^38 (2^128) possible combinations for full 128-bit security.

For 128-bit security, you need one of the following:
* a word list with 921 entries and a 13-word passphrase
* a word list with 1,626 entries and a 12-word passphrase
* a word list with 3,184 entries and an 11-word passphrase
* a word list with 7,132 entries and a 10-word passphrase
* a word list with 19,113 entries and a 9-word passphrase
* a word list with 65,536 entries and an 8-word passphrase

The number of entries in the word list, stated above, is the minimum.
128-bit security is more than sufficient for almost any purpose.
See the word lists here.

4. Do not substitute a different word for the randomly chosen word. Do not change the order of the words.

5. Do not add numbers, symbols, or capitalization. Use lower case only, with one blank space between each word.

6. Memorize the passphrase thoroughly by calling it to mind several times a day for a month.

7. Keep the passphrase written somewhere, such as on paper inside a physical safe, or in a plain text file in an encrypted folder.

8. Don't be clever. Cleverness is not provably secure. Obscurity is not provably secure. Only randomness and length are provably secure.

Return to: Secure Password and Passphrase Resources