-
@ Ava ॐ
2025-02-13 08:03:39
5+ words is generally better than 4, but it's not all about length; it's also about entropy, complexity, and not using common words that are used in Dictionary Attacks.
Truly random, high-entropy passphrases are a valid option to unlock your password manager, as they can easily be remembered if you create a mnemonic like an absurd story using the random words as a recall technique. They can also be valid for full-disk encryption on your laptop, or as a passphrase for an encryption key like PGP or SSH, etc. It is best practice to not reuse passphrases.
I recommend using KeePassXC to generate this high-entropy passphrase for most people, or if you follow the instructions to the letter, this is a very good offline method:
https://www.eff.org/dice
However, I highly recommend using high-entropy random passwords that include:
• Length (in characters)
• Use of uppercase and lowercase letters
• Use of numeric characters
• Use of special symbols
...for pretty much everything else.
Here is some good info on passphrases vs passwords:
"If you compare a passphrase to a truly random password, the password is the better, more secure option."
https://proton.me/blog/what-is-passphrase
Here is some more good info on password entropy, including the math used to calculate it:
https://proton.me/blog/what-is-password-entropy
While ProtonPass/Bitwarden will tell you if a password/passphrase is strong, KeePassXC shows you the entropy of your passwords in bits—both internally generated, or by pasting your current password into the password generator. I suggest using it as an easy way to check your exact password entropy.
You want an entropy score of at least 75 bits (72 is reasonably easy to crack).