## How to choose a secure password

This article explains how to choose a secure password. For example, this is necessary to secure encrypted data or private keys against brute-force attacks. An introduction to encryption algorithms is given in the corresponding primer (brute-force attacks are also explained there).

You should never use the same password for multiple purposes. It is fine to use the build-in password manger of the Firefox web browser to store your website passwords, but only if they are secured properly (by using hard disk encryption with a strong password as described below and the master-password feature).

### Theoretical consideration of passwort lengths

To consider the information content of a password one first has to consider the underlying alphabet. Let’s assume we use the 26 letter Latin alphabet in upper- and lowercase plus the 10 decimal numbers 0-9 which gives us 62 characters in total. If we add some special characters like ‘!’ or ‘?’ we get more than 64 characters in total. For simplicity, let’s assume that we have an alphabet of exactly 64 characters. 64 = 2^{6} which means that each character from this alphabet contains 6 bits of information, if the corresponding password is chosen *randomly*.

If the password is taken from a dictionary the information content is vastly lower. For example, let’s compare a 10 character password chosen randomly with a 10 character password taken from a dictionary containing 4096 words. In the former case we have 60 bits of information. That is 2^{60} ? 1.15 * 10^{18} possible passwords. In the latter case we just have 12 bits of information: 2^{12} = 4096 possible passwords. That is, in the former case one has to test ~2.81 * 10^{14} more combinations than in the latter case in order to guess the password. In conclusion this means that completely random passwords are best. **Passwords contained completely or in large parts in dictionaries are not secure against brute-force attacks**!

### Capabilities of brute-force attacks

Computing power is measured in FLOPS (**fl**oating-point **o**perations **p**er **s**econd). Current supercomputers have computing power in the range of petaFLOPS: 1 petaFLOPS = 10^{15} FLOPS. It it therefore safe to assume that the current capabilities of sophisticated brute-force attacks are up to 10^{15} passwords per second.

Moore’s law states that the number of transistors on integrated circuits (and with it the computing power) doubles roughly every 18 month to two years. If we are optimistic and assume a doubling every 18 month, we get an increase of computing power by a factor of 1000 every 15 years (2^{15} = 1024 ? 10^{3}).

Passwords usually do not only have to be secure now, but also until the end of ones life. If we take 75 years one has to factor in a 10^{15} improvement in brute-force capabilities! Therefore, we want to make sure that our passwords are secure against brute-force attacks of up to 10^{30} passwords per second.

What do these capabilities mean in terms of actual time? The dictionary password mentioned above stands no chance against a *current* supercomputer with a brute-force capability of 10^{15} passwords per second, it is broken in less than a second. All 10 character passwords (from an alphabet as described above) can be tried with such a computer in less than 20 minutes. Therefore, such a password is also not safe.

To break a 20 character random password with a current supercomputer would take at most 42121558374361 years, but with the 10^{30} passwords per second supercomputer of the future it would take only about 2 weeks.

It is always better to err on the side of safety and therefore **we recommend random passwords with a minimum length of 30 characters**.

### Practical hints

For passwords used online a good approach is to generate a long random password for each website and store it securely in the browser. For example, you can generate such a password with the following two tools:

Use javascript to generate the password for you. The code is run entirely in your browser, our webserver never sees the password: Random Passwordpass+=set.charAt(Math.floor(Math.random()*set.length));window.alert(‘Random password:\n’+pass+’\n’);})();){.bookmarklet}

(Drag&Drop this link to the bookmarks bar of your browser to easily generate passwords in the future).

- If you are on a UNIX system you can use the this shell script to generate passwords for you: #!/bin/sh -e head /dev/urandom | uuencode -m - | sed -n 2p | cut -c1-${1:-32}

Of course, that means that the hard disk where the passwords is stored needs to be encrypted securely. **We recommend that you learn a 30 character random password for your hard disk encryption**, it is not as hard as many imagine. It takes only about 30 minutes to learn a random password by typing it in repeatedly in order to put it into muscle memory. But if you cannot remember a 30 character random password, the following approach to generate and remember *pseudo*-random passwords could work for you.

You make up an unusual sentence which should contain special characters and numbers, but which you can easily remember. For example: My favorite café has 32 different pictures on the wall. Among them are 3 with dogs, 5 with cats, and 12 portraits! ‘May I have your number?’, I asked the waitress and I got (703) 482-0623 :(

. If you have such a sentence, you abbreviate it by using only the first characters, the numbers, and the special characters. In our example you’ll get a password like this: Mfch32potw.Ata3wd,5wc,a12p!’MIhyn?’,IatwaIg(703)482-0623:(

.

Such a password is **much** better than a password containing words from a dictionary, although it is not completely random (therefore such a password must be longer). Just make up some simple story or sentence which you can easily remember. For example, you can tell yourself a story about the stuff contained in your childhood room or some other memory which you can easily recall.

This approach should give you a start for choosing good passwords. It is absolutely crucial to choose a good one for your disk encryption, **the best encryption algorithms are worthless if you use weak passwords**! Do not underestimate the speed of current processors and the machines and specialized password cracking hardware which will be available in the years to come!

### Summary

- Long random passwords are the best defence against brute-force attacks.
- Generate random 30 character password for your disk encryption and learn it by repeated typing.
- Generate separate password for each website which needs one and store it in browser.