Given all the cybercrime over the last several years, you can pretty much guarantee that your password has been compromised. If you want to check, head over to Troy Hunt’s HaveIBeenPwned site and enter your email. You’re probably on there (I am). Most people are overdue to update their (terrible, terrible) passwords.
The best way to generate a good password involves random chance. The Electronic Frontier Foundation recently released a new list of words that can be used to generate a super secure password from plain English words. A tech fellow at the non-profit security and privacy organization, Joseph Bonneau, put the new list together, informed by his PhD research.
EFF believed an update was needed, because the list that has been commonly used for some time featured a lot of weird, hard to remember words. This list draws on research into widely familiar words, making it cognitively lighter to remember a strong password.
Here’s some passwords I made using the new EFF list:
- conjoined sterling securely chitchat spinout pelvis
- rice immorally worrisome shopping traverse recharger
- diary boondocks charcoal escapist bonehead arise
Compare those to the weird words I got using the heretofore dominant Arnold Reinhold list, which contains more obscure words, but keeps them short (no words on Reinhold’s list run longer than six letters):
- dobbs bella bump flash begin ansi
- easel venom aver flung jon call
- beige sulk chuck for virus epoch
To generate a weird phrase of your own, go straight to a text file of the more user friendly list of words, which you can easily download.
To use it, generate five random numbers between one and six. Look for that sequence of numbers on the list. That gives you your first word. So, if you rolled 5-3-4-3-3, the corresponding word would be: securely.
Do that six times in a row and you have a password that no one is guessing any time soon.
If you really want true randomness, use real dice. Or pay middle schooler Mira Modi to roll one up for you, for $8. She’ll write your password down by hand and mail it to you in an opaque envelope. She’s been doing this for a while, though, so she might not be using EFF’s easy word list.
That said, you’ll probably be fine if you use a random number generator online. One option: the Diceware Random Generator. The site lets you customize your password a number of ways. It has EFF’s new list built in (select it on the drop down menu), but it also has words in other languages.
I just generated this password in Swedish (I hope it’s not rude):
- dika spasm sans bygel slyna nr
I previously wrote some guidelines for generating stronger passwords from your personal biography. I still stand by them. They may not quite pass the test of what a cryptography PhD would recommend, but using those easy to remember methods will give you much better passwords than those that most people use.
Whatever you do, change your password. You’re due.