Good Passphrase Tips

A good password/passphrase is easy to remember, but hard to guess. The best way to make a password un-crackable  is to make it appear random. The most common way a hacker will try to get your password is via a dictionary attack . In a dictionary attack, the attacker takes a dictionary of words and names, and tries each one to see if it's your password. They do this quickly and easily with software programs, which can guess hundreds or thousands of words per second, making it easy for them to try lots of variations: drowssap (password  backwords), DiFFeReNT cApitAlizAtion, adding a digit to the end99, and so on. Using words from foreign languages, or names of things, people or towns is no protection against current password crackers, nor are famous dates. Hackers will also scan your files, such as your address book and document titles, trying to match words and phrases to guess your password.

A passphrase is longer than a password, and hence is more secure. Passphrases are generally recommended for encrypting and decrypting email and documents because of the better security. Here are some tips for generating a good passphrase.

• Use as long a phrase as you can remember, without using an exact famous phrase:
  4score_&1Year ago our dogz Brought 4th puppies &
• Don't use dictionary words (banana or banana2) or personal information (social security number, telephone number, children's names, pet names, your name, etc)
• Use varying capitalization: My naME is Not MR. MarSter
• Use language in combinations such as: Let Them Eat le gateaU du chocolaT
• Use punctuation and alternate characters (^#~&5=|<), and not just at the end of a phrase.
• Change your passphrase on a regular basis, such as monthly or quarterly. Don't use the same passphrase for everything.
• One way to generate a random-looking passphrase is to use a physical pattern on your keyboard. For instance, make a large W by starting at one place, such as '4 on your keyboard, and completing a W shape - 4rfvgyjmko0 - looks like a random sequence and is much harder to crack. Or use a spiral or a circle or some other pattern that you memorize.
• Use an address out of your memory from a long time ago - your best friend's address from grade school, the first address you lived at, but not if it's in your address book.
• Don't keep your passphrase written on a sticky note on your desk/monitor/work area.
• Don't disclose your passphrase to anyone. A hacker can pretend to be someone over the phone or email, claiming a false need to have your passphrase.