These days I use ‘passphrases’ over ‘passwords’ because they’re more secure and easy to remember. But to be fare, there’s still seems to be a bit confusion among the experts over which one is really better. So it’s not that easy to figure out which will give you more security. That being said, some people prefer ‘passphrases’ over passwords because they’re easy to remember and once carefully chosen, they are quite secure too.
Now I’m not just pointing out someone else words, because after creating a ‘passphrase’ I added two or three additional characters (such as numbers and symbols) to it and I tested it with Ubuntu’s password strength checker (including few other tools), and the strength reached its maximum, according to those tools.
And even without manually adding those additional characters, the strength reached the value ‘Strong’ and below is one of the ‘passphrases’ that I used (created using the tool that I’m reviewing here).
Bomb inform damn Birth
But interestingly a password with the below characters (generated by the User account utility in Ubuntu) only gained a strength score of ‘Good’ which is below the value ‘Strong’, and to point out the obvious, this one is hard to remember too.
Microsoft security manager Jesper M. Johansson has written an extensive article about this matter and it’s well worth reading if interested. At the end of his article, he makes the following conclusions.
‘While no one can conclusively answer the question of whether pass phrases are stronger than passwords, math and the logic appear to show that a 5- or 6-word pass phrase is roughly as strong as a completely random 9-character password.
Since most people are better able to remember a 6-word pass phrase than a totally random 9-character password, pass phrases seem to be better than passwords.
In addition, by adding some substitutions and misspellings to a pass phrase, users can significantly strengthen it, which is not possible with a totally random 9-character password …’
So anyway, if you still would like to keep using your passwords and looking for a utility that lets you crate strong & memorable passwords (also ‘passphrases’) in Ubuntu, then ‘Passwordgenandmem‘ is a pretty useful tool in my opinion.
You can install it in Ubuntu 12.04 Precise Pangolin (no packages for other versions of Ubuntu though) by using its PPA channel. For that, open your Terminal window and enter the below commands.
sudo apt-add-repository ppa:bryanquigley/passmemgen
sudo apt-get update
sudo apt-get install passwordgenandmem
Using it is really easy. It’s main window has a ‘horizontal slider’ that you can use to strength the passwords.
For example, the default strength is ‘5’ and if you click on the ‘Generate my password!’ button you should get pronounceable passwords (mostly ‘passphrases’ actually). The lower the number that you give using the slider the more easy to remember passwords or phrases that you’ll get. But it’ll also reduce their strength too.
If you go beyond the strength ‘5’, then it’ll start to add other symbols and numbers to it thus making it more secure but a bit harder to remember.
It also has a tab called ‘Memorize’ that lets you type your newly created password, so you could attempt to guess how good you’re at remembering the password or the phrase. As said, currently it has packages only for Ubuntu 12.04 LTS, but it would be nice if was also available for some other recent versions of Ubuntu too.
You can also turn off the ‘Make passwords easily memorizable’ option to get secure but hard to remember password if you like too.
Well, that’s pretty much it. Oh and one more thing, no matter how powerful your password is, it doesn’t mean that you’re 100% secure against attacks … you know, just keep that in mind ;-). Good luck.