How can I make a strong password that's easy to remember? Is the 4 Word method safe?

Question

I have heard of the method of using 4 random dictionary words, it gives you lots of characters and is easy to remember.

But that seems to be open to dictionary attacks, especially if the attacker has heard of the method as well, and brute force attacks of combinations of 4 dictionary words.

Are there too many combinations of 4 dictionary words, so that it would still be safe?

I noticed that Veracrypt specifically states not to use dictionary words, or combinations of 2, 3, 4 such words.

So, if thats not safe, is there a safe method that still let's me remember the password? Would a combination of 8 dictionary words work?

Answer 1

The main problem with passwords is not password complexity, but password reuse (obligatory xkcd). One service leaks logins and passwords, suddenly lots of providers see a surge on account hijacks. Why? Because we humans cannot remember dozens of different passwords, so we create one password for common services, and one for special ones. But most of us will have only one password.

Don't create your own passwords, use a password manager. They can create very complex passwords, one for each service, have plugins and extensions for the major browsers, have strong encryption, cloud backup, multi device syncing, and more. Don't trust your brain to create different random passwords for each service.

Using a password manager means you will only need to know one password - the master one. This password can be written down and kept on your wallet. All the others will be created by the manager, and can contain 128 chars, 10 numbers, 30 special chars, including ĥaŕd-tö-tỹpẽ ones...

Answer 2

Definitely take Thorium's answer seriously. However, I figured I might as well try to address your actual question too.

You'll hear this all the time on a security board like this, but I'll say it anyway: the answer always depends on your anticipated threat vector. I'll focus on brute-force attacks by people who aren't specifically targeting you (because that sounds like your primary concern), but the situation is much different if someone is specifically targeting you. Let's keep it simple though.

Untargeted Offline brute-force attack

A big reason for high-entropy passwords is to defeat offline brute-force attacks. Obviously offline brute-force attacks are trivially easy if the hacked service uses plain-text passwords (which is a very important reason why you should never reuse passwords across sites). However, what if your password ends up in a dump from a service that uses MD5 for passwords? There are rigs out there that can test hundreds of billions of passwords per second against MD5. The best defense against such an attack is simply password length, and making sure your password isn't on a password list or a simple variation of common password schemes people use.

Even with an offline brute-force against an MD5 password list, an attacker isn't going to just exhaustively search password space. They will start by downloading lists of previously-cracked passwords and trying all of those. Then they'll take a list of the most commonly used password-generation schemes and try those. The "combination of dictionary words" generation phrase is common enough that they may even try that. If so, the question is how long can you hold up? Depends on how many words you have and how many words are in your list. There are 7776 words in the diceware list, so let's use that. That means a 4 word passphrase has approximately 3.66e15 different passwords combinations it can make. At a rate of 200 billion passwords per second (a top-of-the-line hashing rig) it will take 5 hours to search that password space. Here is the search time depending on the number of words in your password:

• 4 words: 5 hours
• 5 words: 4.5 years
• 6 words: 35,000 years
• 7 words: 270 million years
• 8 words: 2 trillion years

Of course MD5 is terrible. If your password was leaked from a system that uses more modern hashing methods, even a 4 word password will be effectively uncrackable. However, it's best to assume the worst and, for important services, assume the person on the other end is using the worst possible security and choose accordingly (i.e. assume plain-text passwords or MD5). There are plenty of systems out there that are still using MD5 for passwords.

The unknowns

There are lots of unknowns though, which makes this hard to answer. We've assumed that an attacker has tried to brute force a diceware-like password and is using the exact same password list that you used. Those are a lot of assumptions, and a hacker might not bother or might not have your word list. What if they don't and instead just try an exhaustive search? Assuming an average word length of 5 characters, a 4 word diceware password is 20 characters long. They are doing an exhaustive search so must check all letters and numbers even though you have only lowecase letters (we'll be nice and ignore special characters). Now there are 7e35 password combinations to try (if they want to search all passwords up to 20 characters long), or 1e17 years of computation with a top-notch hashing rig before exhaustively searching the necessary password space. In other words, there is absolutely no chance of your password being cracked. Obviously, no one would even bother trying that. Which is what it really comes down to. Most people who are just trying to crack as many passwords as they can are going to try the obvious answers first. Past a certain level of complexity there is some safety in the simple fact that you are no longer the low-hanging fruit. Of course if someone is specifically targeting you, then all bets are off (another obligatory xkcd).

Still, I'd probably opt for 6 or more words. Also, don't reuse it anywhere.

Regarding disk encryption/password managers

In a comment you mention that your interest may primarily be in selecting a master password for a password manager, or a password for disk encryption. This is a slightly different use-case. Modern password hashing algorithms are designed to be slow and therefore hard to brute-force. However, encryption algorithms work a bit differently and "slowness" is not as important for encryption as it is for password hashing (to some extent too much slowness is even a bad thing). How "hard" it is to brute force an encryption key varies wildly depending on the exact details of the encryption method (so I can't really guess at what that would look like in practice), but comparing against something like MD5 might not be a bad reference point.

An important difference (h/t Michael Kjörling) is that with local disk encryption or password manager you may have control over the cost factor for the key generation process. In this case you can crank up the "hardness", decrease your password length, and find your own acceptable compromise between security, ease of memory, and "how long I have to wait until this thing opens" (i.e. ease of use).

Answer 3

Even if you use a password manager for most work, there is still value in having a consistent format derived from dictionary words. For instance, you could generate six-word passwords from a 4000-word dictionary, giving passwords like:

that-feats-peers-film-wash-propaganda
chrome-document-thirty-ignore-given-screen
studying-mark-approved-rods-heavy-mocking
ahhh-shock-input-movies-considering-trader
equipment-download-created-compile-cookie-oops
effective-saved-systems-garage-wrote-wondering

What is the advantage? Imagine you're transcribing one of these passwords to a different computer - looking at it in your password manager and then typing it into a completely different computer. Or a phone. Or anything like that. Look at, say, the third password on the list; then look away, type as much of it as you can remember, and come back. You can probably transcribe the entire password with perfect accuracy in two tries - maybe even one. Even if you go as far as ten word passwords, you should be able to transcribe one in about three steps. Try it with "heaps-comment-handle-emerald-capped-gain-write-details-grey-moment" and see how easy that is.

You may think this will never matter to you, but it needn't cost you anything (the passwords I've given here have 71 bits and 120 bits of entropy, respectively), and if it ever DOES matter, you've gained enormously.

Answer 4

This Question provides a starting point for reading on the broad topic of different possiblities.

Keep in mind that some of the answers are several years old. Anyhow, there is a lot of hints towards a good password. Also this article tells you some more about calculation times (though you should try to get the point without really depending on every word there ;))

There are quite a lot of problems but as ThormiumBR stated one of the most common problems is reuse or partial reuse. If people use e.g. the password a9wdu$$$db§c5829ae1 somewhere and made it at somepoint to remembering it, chances are there will be a9wdu$$$db§c5829ae2 or any other derivate as well somewhere. One of the better methods is to basicly randomly (yep that means dice) 4 to 6 random words from a dictionary (such as here). That increases your chance for a long password that you can remember as well and therefor decreases the chances of reusage or partial reusage. Why would you need to, if they are easy to remember?

But that seems to be open to dictonary attacks, especially if the attacker has heard of the method as well, and brute forces combinations of 4 dictonary words.

Pretty much no. One of the reasons is that the attacker (if you used the oxford dictionary) and he decides to use this full english dictionary for cracking as well, he might be busy for quite a while ;) Second and quite more important: An attacker typically does not brute-force that way. If you are specifically targeted and the motivation is enourmous he might go for that approach but if you are, theres 2FA and so on. Most likely attackers in different scenarios use different forms of wordlists and if you did your random correctly there is very little chance your sentence will be in someones wordlist.

This all, off course, does not apply to people actually using a password manager everywhere (at least in some way). If you do so you could simply ask it to generate a 'random' 35 characters long password with every possible strange and hard to remember character and then save it. But since you asked this way I assume you don't want or cannot do it for some reason.

Answer 5

I'd check out EFF's Dice page: EFF Dice

This technique works for a master password, then just use randomly generated passwords for everything else. Stringing together 6 (or more) truly random words from the above link, can be a little difficult to remember initially. I wrote them down on a small whiteboard while at home and just glanced at it throughout the day, using whatever technique is required to memorize it. Once memorized, I erased the whiteboard. The passphrase works great...and it's crazy long :)

Answer 6

The other answers make two very important points.

1. Password reuse is the bigger issue

2. Password managers are the ideal solution

I recommend the above when possible. But I have found situations where I needed to provide a secure but easy to remember password for somebody, for which the 4 word method is ideal.

If you try to provide 4 random words, it might not be very random. A color is very likely to be one of the words, as is food, animals, and other common nouns. While there is a million words in the english language, you could very easily come up with a very predictable password. So for instance Conor Mancone's suggested a dictionary of 7776 words, but a simple 4 word password could be cracked using a list of 1000 words or even less, such as yellowcatrunaway.

My advice for using secure 4 word passwords is to use uncommon words, and it bears repeating, never reuse your password.

Answer 7

Yes, The four words give a good long password with plenty of entropy (assuming you chose them randomly).

I use a 4 word pass generator for all my passwords. They are really handy because you can remember them for a short time, easily type into your phone or tell someone else in the office.

Of course everything people have said about password managers and password reuse is true, and I always use one of those as well - as has been said, but it worth repeating, password reuse is bad bad bad

Answer 8

Using a password manager is great advice (that I follow), but we inevitably have to compose passwords sometime. To actually answer your question: try Bruce Schneier's method:

My advice is to take a sentence and turn it into a password. Something like "This little piggy went to market" might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary. Of course, don't use this one, because I've written about it. Choose your own sentence -- something personal.

So How can I make a strong password that's easy to remember? becomes HcIma$TRONGpte2r? or similar. I'd still consider that a bit short, so just think of a longer sentence. In fact, you could type a whole sentence, and sometimes I do just that! However, you're often unfortunately limited in password length.

Personally, I tend to base my password sentences off of mental rants, such as the stupidity of the password policies in question. The emotion aids my memory.

Just make sure not to use anything that's ever been published - not a book quote, a Bible verse, movies, idioms, etc. It needs to be your from your own brain.

Answer 9

How can I make a strong password that's easy to remember? Is the 4 Word method safe?

An easy to remember password is at a disadvantage compared to a dozen random letters, some uppercase, combined with punctuation and numbers - but certainly easier to remember and practically secure. The four words should make an unusual sentence. More are better.

Using PasswordMeter.com to check the strength of a password gives this result:

Password: "Googleisyourmother'sname." - Score: 100% - Complexity: Very Strong

HowSecureIsMyPassword.net claims: "It would take a computer about 15 octillion years to crack your password".

Giving away my secret I try Password.Kaspersky.com which says: "⚠️ There are widely used combinations. Your password will be bruteforced with an average home computer in approximately 10000+ centuries. You can find the Answer to the Ultimate Question of Life, the Universe, and Everything in that time."

A relatively simple passphrase can provide a sufficient level of security and still be easy to remember, just use a different password for each site. Adding a number to the end is helpful.

---

Google's account help: "Create a strong password" offers some tips for memorable passwords:

• Step 1: Meet password requirements

  Make your password with 8 characters or more. It can be any combination of letters, numbers, and symbols.

  You can't use a password that:

  • Is used by many other accounts

  • You've used before on your account

• Step 2: Follow tips for a good password

  A strong password is nearly impossible for someone else to guess. Follow these tips to learn what makes a good password, then apply them to your own.

  Use letters, numbers & symbols

  • Combine different types of characters

  Use a mix of alphanumeric characters (letters and numbers) and symbols:

  • Uppercase (capital) letters. Examples: A, E, R

  • Lowercase (small) letters. Examples: a, e, r

  • Numbers. Examples: 2, 6, 7

  • Symbols and special characters. Examples: ! @ & *

• Recommendations & examples

  Replace letters with numbers & symbols: Choose a word or phrase and use numbers and symbols instead of some letters. Examples:

  • "Spooky Halloween" becomes "sPo0kyH@ll0w3En"

  • "Later gator" becomes "L8rg@+0R"

• Abbreviate a sentence: Come up with a sentence and use the first letter of each word.

  Example:

• "Uncle Peter always ate chocolate-covered everything" becomes "uP@8cCe!"

  Use long passwords: Long passwords are stronger. Since spaces are allowed, you can use memorable phrases or words from your favorite songs, poetry, or quotes. Example:

• "an 0pen <3 = an 0pen MIND"

• "It's a long way 2 the ^ if U wanna Rock&Roll"

• "From time to time, The clouds give rest To the moon-beholders"

• Avoid personal information & common words

• Don't use personal information

  Avoid using information that others might know about you or could easily find out. Examples:

  • Your pet's name

  • Your nickname

  • Your street name

• Don't use common words

  Avoid simple words, phrases, and patterns that are easy to guess. Examples:

  Obvious words and phrases like "password" or "letmein"

  Sequences like "abcd" or "1234"

  Keyboard patterns like "qwerty" or "qazwsx"

  Any examples in this article, like "sPo0kyH@ll0w3En" or "uP@8cCe!"

• Don't reuse passwords

Answer 10

Passwords should always be randomised regardless of the fact that whether you should be able to remember them or not, I recommend you to generate a password of greater entropy which would make brute-force attacks practically infeasible or almost impossible.

Entropy

Entropy is basically the degree of randomness so basically you can type in random special characters, numbers and letters without following a specific pattern for example - " cvg*@3#5£22@_-+()czBbd*$" could be a good choice for your sensitive accounts since it has considerable entropy which makes it hard to be brute-force feasibly. Because, you can have so many permutations and combinations of these characters which also contain upper and lower case letters,numbers and special characters as well.

Use a trusted password manager

If you feel like being unable to remember or lose passwords, you can go for a password manager like lastpass or 1password to help manage your passwords without the hassle of making your passwords more comprehensible and less random in order to remember them , which would in turn make it easily brute-forcible.

Answer 11

Why can't we just remember an algorithm for our passwords? Instead of remembering the password, we could generate it every time using our algorithm. It could also easily be written down somewhere in, for example, a symbol language.

Example- Let's say our algorithm is {vowels in name of service site in small} + {consonants of my username in capital} + {count of number of consonants in service site} + *&

Now, for gmail and if my username is username then my password comes as (ai+SRNM+3+&) = aiSRNM3&

The length and complexity depends on our algorithm, and it's almost impossible to reverse the algorithm back to the original password.

Instead of reusing password, reuse the algorithm.

Answer 12

There seems to be a lot of misinformation in this thread.

You don't know how the password is being stored so many answers here are making a lot of assumptions. As always, your biggest security issues are A) your computer is already compromised, B) the pathway to communicate is compromised, C) the server itself is compromised.
A--it doesn't matter what the password is, you've already lost if you're entering it plaintext. B--try not to get phished and be aware if site is weird--still if you enter your password it's still game over.
C--this is where the security over a well-selected password now matters. You have no idea how they are storing the password, in theory they use some reasonable security measures. So how do you avoid your password from being high risk? From here we're going to assume the password is stolen via the server, not your local computer. It's quite obvious if your plaintext password is stolen and you use the same one, everything else that uses the same password is now vulnerable as well. (But if you were infected locally, you could have had all those passwords sniffed too)

So let's look at it from the server-side, how do we avoid being in the high risk group? 1) Don't re-use the same password everywhere.
1.b) I think password managers are a bad idea, you're now entrusting a 3rd party application for something...more middlemen, more problems. 2) Don't use a password that other users are also using. 3) Because of 2, don't use a very short password. 3.b) Because of 2, try to use many different characters. It's very dumb sites force capitals and numbers, it really does not matter how large the character set/'alphabet' is. It's just easier for non-technological folks to make a securer password as they'll likely choose "password1234" if given the opportunity.

So your chosen password is run through a hashing/encryption algorithm to result in a unique string of characters that have no immediate bearing to the original password. Programs meant to find passwords are looking for the lowest hanging fruit--a whole bunch of people's passwords in large systems are going to hash to the same hash...because they're the same or extremely short and similar. If they get access to the system and with enough time it's possible the entire system's passwords are exposed or most of them.

Assume they used good methods that they are left with a brute force attack is necessary which is the real meat of the question. Ten thousand or so dictionary words people know, 10000^4 = 1e+16 combinations. Let's assume 200 billion hashes per second as per the other answer and we're around 5-6 hours to crack it. HOWEVER, there are assumptions to this. They are attacking your password specifically and made the assumption to specifically target using a dictionary attack. Not only a dictionary attack but exactly 4 words! Even capitalizing or adding a number, punctuation, etc. all of these things break our givens which then results in the generalized case of here's about 20-30 characters, good luck you're never cracking it anytime soon.

In short, using 4 not related dictionary words has enough entropy to work for most applications. For mission critical things, I would not recommend this--use at least 16 randomly generated characters. For your personal e-mail, 4 unique words assures you're mostly covered from both a hack situation as well as not losing your account because the password is lost for good. Mission critical things usually already have a real disaster plan in the case access is lost and that's a whole other situation than keeping people out of your private things.

Answer 13

The 4-word method is good but after a while, one may forget those words. Personally, I think that an encryption which is not too hard to remember might be useful. For example, you could substitute every letter of say, your favorite food like pizza for a number corresponding to the letter so p will become 16, I will become 9, Z will become 26 and so on. What you end up with is a brand new password. 16926261 for pizza.

Another method is shifting all letters to the left so A will become B, B will become C, and so on and Z will become A.

So a word like Movie will become NPWJF and you can add a 123 at the end always so the new password is NPWJF123.

Answer 14

I use a few tricks to harden my passwords:

1) Misspell the words. This will make them impervious to dictionary lookup attacks. Choose an alternate spelling that's memorable. (And being naughty or silly will help make your neologism terms more memorable).

2) Add a suffix to the password that is specific to each website to make it unique and easier to remember, like "FeeFieFumGoogel" or "GueyBlooeeFasebook".

3) Throw in a punctuation character that you like, like a leading or trailing ! or # or _, or use it to separate your words.

4) Uppercase each word in your series of words. Or better yet, uppercase only the last letter of each word.