Originally Posted by starrdust

typing-a-password.jpg

The Passphrase / Diceware Method

xkcd-password-strength.jpg

The traditional advice isn’t the only good advice for coming up with a password. XKCD did a great comic about this many years ago that’s still widely linked to today. Throwing all the usual advice out, the comic advises choosing four random words and stringing them together to create a passphrase—a password that involves multiple words. The randomness of the word choice and length of the passphrase makes it strong.

The most important thing to remember here is that the words need to be random. For example, “cat in the hat” would be a terrible combination because it’s such a common phrase and the words make sense together. “my beautiful red house” would also be bad because the words make grammatical and logical sense together. But, something like “correct horse battery staple” or “seashell glaring molasses invisible” is random. The words don’t make sense together and aren’t in grammatically correct order, which is good. It should also be much easier to remember than a traditional random password.

People aren’t good at coming up with sufficiently random combinations of words, so there’s a tool you can use here. The Diceware website provides a numbered list of words. You roll traditional six-sided dice and the numbers that come up choose the words you should use. This is a great way to choose a passphrase because it ensures you use a random combination of words—you may even end up using words that aren’t a normal part of your vocabulary. But, because we’re just choosing from a list of words, it should be fairly easy to remember.

Diceware’s creators now recommend using at least six words because of advances in technology that make password-cracking easier, so keep that in mind when creating this sort of password.

And, while the differing length of the words makes brute forcing the password very difficult, you could always complicate things even further with a simple-to-remember pattern—one that would also make the password pass the test for forms that check passwords for complexity. For example, take the sample password from that XKCD comic—“correcthorsebatterystaple”—and apply a pattern where you join words by alternating symbols and numbers like “^” and “2” and then capitalize the second (or whatever) character of each word. You’d end up with the password “cOrrect^hOrse2bAttery^sTaple”—long, complicated, and containing numbers, symbols, and capital letters. But it’s still much easier to remember than a randomized password.

I'd like to suggest a similar but slightly different alternative to this method. I call it Passphrase/algo method.
First you pick your passphrase of one or multiple words. Let's say, torrentphoto. Then you add-on at least 3 characters which are based on the website/account after sending them through a simple algorithm you can do in your head. In this case 'tor' for torrentinvites.org could become 'vqt' by moving 'tor' forward two letters of the alphabet. Now you put it all together along with some basic substitutions and you have a strong password that is unique for every account you use.

For example: Torrentinvites.org = T0rr3ntP#otovqt! Gmail = T0rr3ntP#otoioc!