Skip to content

Master Password (or Passphrase)#

If you use a password manager, master passwords are the only password you ever need to remember. It also is the key to the rest of your passwords, so it is important to make it strong. Instead of calling it a password, I prefer to refer to it as a passphrase, as it should be a sentence or phrase that is easy for you to remember:

xkcd 936
Relevant xkcd #936

Choosing a Master Passphrase#

Make It Memorable#

You should make your master passphrase memorable. It does not have to be random characters, like the rest of your passwords. You can string together a few random words or make a phrase that is easy for you to remember. For example, if you are a fan of horses, you could use Seabiscuit-Secretariat-Hidalgo-1875!, which are horse movies and the year the Kentucky Derby started. This has a good mix of upper and lower case letters, numbers, and special characters, and is easy to remember.

How Long Should It Be?#

This answer depends on if you use letters only, or if you also add special characters and numbers. The more character types you use, the harder it is to crack. This means you can also shorten your passphrase if you use special characters and numbers. The chart below is a helpful guide, make sure your passphrase is in the green zone. If you don't want to read the chart, make it at least 14 characters long, using uppercase, lowercase, numbers, and special characters.

Brute Forcing Passwords in 2024
Brute Forcing Passwords in 2024

'Remember me' Features

If you are using a password manager, you might not need to type in your master passphrase very often. Some have a 'Remember me' feature to keep you logged in until you close your browser, restart your computer, etc. This means you don't have to tirelessly type in your master passphrase every time you want to access your vault.

Avoid Personal Information#

Do not use any information that can be found about you online. This includes things like:

  1. Your name
  2. Your birthday
  3. Your address
  4. Your phone number
  5. Your schools
  6. Your pets
  7. Any above information about your family

This is not an exhaustive list, but it should give you a good idea of what to avoid.

Avoid Common Passphrases#

You should avoid using common passphrases, otherwise you are at high risk of being compromised. You should check to see if your candidate passphrase has already been compromised here.