There's a lot of good security advice all around these forums (and plenty of bad advice too).
This posting is to present some information about passwords and passphrases.
Most wallets, bitcoin websites, bitcoin exchanges and markets use passwords for security. Fortunately, many also offer additional security with two-factor authentication, since passwords are a poor security mechanism. Passwords should be used
together with some form of alternative authentication, such as a hardware token (Yubikey, SecurID etc.), or one-time-password generator (SMS, Google Authenticator etc).
But, sometimes a password is all you can use, so you'd better make it good. The rules for good passwords, that are common wisdom are either wrong or contradictory. You can't do a random password that is long enough
and not write it down. So how do you generate secure passwords that are strong, yet memorable?
One of the best approaches is to use a word-list to generate a pass
phrase instead of a pass
word. Passphrases are both easier to remember and harder to crack. The words in a passphrase can also be concatenated by a period, dash or other character of your choice, making a long pass
word which is very hard to crack.
One of my favorite geek artists XKCD explains it best in his Internet Classic
http://xkcd.com/936/ comic
There are two ways to generate a good, strong and memorable passphrase:
Manual - Diceware is the manual and most secure way. You throw dice, selecting one word for each 5 dice-throws, from a predefined dictionary. See the complete explanation here:
http://world.std.com/~reinhold/diceware.htmlAutomatic - The same concept, implemented entirely in Javascript in a client-side page. You can load it and use it to generate very secure passphrases offline. There are a few sites that do this, here's one:
https://entima.net/diceware/Hope you enjoyed!
