If you've ever read Daniel V. Klein's paper (Foiling the Cracker: A Survey of, and Improvements to Unix Password Security) you may well be shocked at the number of users whose passwords were automatically guessed successfully.

In order to decrease the likelihood of my password being guessed, I've basically outlined how I make new passwords; I hope this may be of use to you. Suggestions are welcome.

I must take this opportunity to remind the reader that usage of this material is at their own risk. I cannot guarantee that by following the material here you will make ‘unguessable’ passwords; statistically, such things don't exist.

Methodology

Alternative methods

Implementation-specific issues

Footnotes

  1. Using the English Diceware word list, the word frequences are:

    Word length123456
    Frequency5277383923453136631

    Hence, the expected length of a word is 4.24 characters, and so the expected length of a five-word passphrase, with a space between each word, is 25.2 characters.