Creating complex high entropy passwords is straightforward, the challenge is striking the right balance of complexity and usability so one can effectively use their passwords when needed.
Emphasize Password Length
Long passwords improve strength several ways. First, longer passwords increases entropy and that forces an adversary to make more guesses attemping to recover the password. Second, longer passwords will be better able to withstand attack by rainbow tables (ie; pre-calculated hash lists) that can quickly defeat any stolen password in its range. The critical question is how long? Rainbow tables are routinely described for passwords with length 8 and these were documented years ago. In an era where highly affordable ASICs (design-specific chips) can produce hashes at a rate of 3 trillion per second one would be prudent to make passwords with no less than 18 characters and 24 or 32 characters is not unreasonable. The longer the better. A good argument can be made for using passwords of the maximum size the targeted application will accept, especially once one exceeds the password length they can remember because at this point the effort to use a mediocre password and an exceptionally strong one is the same.
There is a third benefit to longer passwords related to how computers perform integer calculations. General purpose computers commonly have CPUs designed to handle data in 32 and 64 bits. Computations on much larger integers, such as 128 and 256 bit numbers can be done but it normally requires special handling by the CPU resulting in performance far below the computer's peak speed. The performance degradation can be up to 50% of the system's rated capability. The outcome is that high entropy passwords such as ones having more than 128 bits of entropy can make an attack more complicated, more costly or more time consuming to an adversary.
Use The Largest Character Set Available To You
Once a password length has been chosen, complexity is a function of password cardinality (the size of the symbol set) and the randomness of each character chosen. Larger character sets offer more complexity than smaller ones and alphabets are language specific. For the modern English alphabet, which is the same as the basic ISO Latin alphabet the greatest strength comes from using upper and lower case letters, numerals, and special case characters.
Select Characters As Randomly As Possible
The selection of password characters is where the password maker will make a tradeoff between maximizing password strength and usability. More specifically the tradeoff will be whether to memorize the password or to rely on a saved copy. This choice deserves consideration as it is a tradeoff of convenience and different types of risk. To illustrate this examine the two 24 character passwords below:
Phrase Based Password (Memorable)
Random Password (Not Memorable)
Characters in the leftmost password are produced to recall from memory and is a derivation of "four score and seven" while characters in the rightmost password are pseudo-randomly generated.
The leftmost password may be able to be produced from memory alone and uses simple character substitution and padding to disguise its origin. This would be convenient to use as the user would simply reconstruct the password from memory when needed and it would eliminate the risk of maintaining a physical or digital copy that could be stolen. However, because of the dictionary word origin, the password is highly vulnerable to a rule-based dictionary attack. The password holder could further strengthen the password with more customization but as the number of modifications increase it will have to be recorded and the convenience of memorization will be lost.
In contrast, the rightmost password is virtually random and is much more resiliant to attack. However, due to limitations of memory this password will likely need to be recorded digitally or physically and that introduces two types of risk; the first is the possibility that the plaintext copy can be stolen, and the second is that the password could be lost resulting in the user being unable to access the account.
The Role Of Human Memory To Password Effectiveness
Everyone is aware of the challenge of remembering passwords. However the challenge is only becoming greater as increasingly better equipped adversaries and sophisticated password-recovery tools force the public to use even more complex passwords to achieve a reasonable degree of protection. In fact, in a recent Microsoft sponsored study recognizing the practical tradeoff of password strength and "usability" it was suggested that the optimum strategy for individuals is to use weak passwords for most of one's accounts and strong passwords for a few one might have a chance of remembering. While there are numerous problems with such a recommendation it does underscore the importance of convenience to password security in a practical setting. Moreover, we are soon approaching a point where passwords that offer meaningful protection are beyond most people to remember. This is especially true when one has many passwords.
The Case For Dynamic Password Generation
Dynamic password generation is designed to be memory-friendly. Instead of the traditional approach of creating complex passwords and forcing one to memorize them, dynamic password generation begins with what one remembers well and produces complex passwords from that using a software application. Using this approach the resulting password can be far more complex than the inputs due to the nature of the algorith. Suitably done it should be not be feasible to use the password to derive the inputs that produced it. Use of deterministic approaches will require consistency to reproduce the desired results.
The Case For Password Managers
The promise of password managers is attractive. As a comprehensive password management tool one can produce, store and transmit passwords to select online sites that support the appropriate APIs. Since the passwords are intended to be encrypted and digitally stored the passwords themselves can be long & complex. The convenience of managing multiple passwords with a single tool increases as the number of password one has grows.
A downside to password managers is that they are vulnerable to being a single-point-of-failure and can potentially produce a catastrophic situation of surrending all of one's passwords to an adversary. This situation could arise in one of several ways; when the password manager's plaintext master-password is captured and the attacker uses it go gain access to the stored passwords, or if an attacker exploits a vulnerability in the software that surrenders all the stored passwords.
Also password managers are not designed to transmit passwords to categories of password protected resources such as encrypted boot drives and file and disk encryption systems. Users of these tools will need an alternate password scheme.