Secure Passphrases

When coming up with a secure and memorable password, IT Services recommends passphrases.

A passphrase is similar to a password in practice; however, it is usually constructed of multiple words containing a mixture of case sensitive letters, numbers, and special characters (for example, “1 Sm@ll Step 4 M@n.”). Please do not use this example as your passphrase.

It is unsafe to write down your passwords or save them in documents on your computer. See our page on Password Managers for more information.

Know what to avoid. 

Before figuring out what you want to put in your passphrase, here are a few things that you should not put in your passphrase:

  • Pet, family, or friend names
  • Words as they appear in the dictionary
  • Personal information (e.g., your phone number)
  • Public information (e.g., something having to do with your commonly known extracurricular activities)
  • Acronyms

Consider common passphrase strategies. 

Longer passphrases are harder to crack, so consider using passwords with 12 or more characters. If you don't have your own method of creating a memorable passphrase, you might want to try one of the following:

  • Removing the vowels from a word or phrase (e.g., "Hello darkness my old friend" becomes "hlldrknssmldfrnd").
  • Shifting your hands when typing (for example, using the motion that you'd use to type "wikiHow" with your hands shifted down one row on the keyboard).
  • Doubling your passphrase (e.g., chooseing a word, typing a space or a separating character, and retyping the word).

Pick a compound word or phrase that stands out to you. 

You most likely have several words, a phrase, a title (e.g., an album or a song), or something similar that stands out to you for some reason; such words/phrases make great password bases because they're emotionally relevant to you, but not anyone else.

  • You could pick the name of your favorite song from a specific album or your favorite phrase from a specific book.
  • Find several random words and string them together without modifying them past that point (e.g., "bananacoffeespoonphonecomfortercat").
  • Make sure that you don't pick a word or phrase that people know you like.

A tool to evaluate how different techniques can be used to create secure passwords is