Apr 22, 2013

How to Create a Secure Master Password

One of the greatest benefits of using LastPass is that it remembers all of your passwords for you, so you can generate strong, unique passwords without the hassle of recalling or typing them. Because you are storing all of your sensitive data in LastPass, though, creating a master password that is rock-solid while still being memorable is even more important.

We recommend a simple strategy for creating a long, non-dictionary-based, difficult-to-crack master password: use passphrases.

What is a passphrase?

A passphrase is typically a sequence of words or text strung together to create a password for logging in to an account. The difference between a passphrase and a password is that a passphrase is typically longer and uses whole words or variations of whole words to create nonsensical sentences or phrases that are easy for you to remember, but hard for someone else to guess or crack. 

How to create your strong passphrase:

The key to creating a strong passphrase is to pick a string of words that's easy for you to remember but is not just a famous movie or literary quote, song lyric, piece of personal information, or a single word straight from the dictionary. The best passphrases will also include a mix of capitalization, punctuation, and numbers.

Given those parameters, let's look at an example, choosing words at random that don't really have a relation to each other but that hold meaning for you:

volkswagensummeryellowtulip

That's a 27-character nonsensical phrase that will still be easy to remember. Now if we really want to increase the strength of the phrase, we can then add a better mix of character types:

V0lk$wagenSummerYellow!Tulip

So now, we have a 28-character master password, with lowercase, uppercase, a number, and some symbols.

Of course the longer and more complicated you make the passphrase the more carefully you'll need to type, and the harder you may have to work at memorizing the master password at first. Even using "volkswagensummeryellowtulip" is far better than using "password" or one of the other common passwords or single dictionary words.

XKCD's now famous comic about password entropy drives the point home:
Ready to update your master password with your new passphrase? You can do so by opening your LastPass Vault and clicking the "settings" menu option on the left, then submitting your changes.

What are your strategies for creating a strong master password?