Pointers for a strong password

We all know you shouldn’t recycle passwords (no need in trying to be ecological here).
Every now and then, you will need a password that you do have to remember by heart (e.g. the BW master password or your device login). It would be stupid to have those most critical doors be the ones with the weakest passwords… Especially if you use BW for your TOTP’s too… this would imply that BW itself is not TOTP protected.

So what’s your approach here? I’m already sharing mine.

Passwords that I have to humanly remember? Here’s my magic potion:

  1. Take a lyric of a song you like and can easily remember.
  2. Say those lyrics in your own dialect.
  3. Phonetically write the dialect.

Now you tell me what algorithm is going to find “OooohYaGonnaCall?Gostbustaz!!” in less then a 100 years? Is a digit required? Then find yourself a song where you could squeeze in a digit (YaDa1thatIwantOoohOoohOooh!).

Now every time you have to type in your password, you’re using a strong and secure password… Your mood always gets lifted up a tiny little bit because you’re singing your happy song mentally again :wink:

Oh… and adding TOTP if possible will make everything a huge factor stronger (but obviously you can’t use Bitwarden’s TOTP to log into BW - that’s partially why I’m not using the BW internal TOTP here)

1 Like

There is a couple of ways you could go…
One is the way you’re doing ist. Another can be using the password generator and there switching from Password to Passphrase. That gives you something like “driving-boxcar-aroma”. You can add the number of characters or the number ob words or the number of vowels/consonants…
If you are using 5 or 6 words (instead of just 3), you can even reuse that passprase. With “Uncapped-Example-Hastily-Rebuild-Lumber-Washbasin”, you can go like “Unc-Exa-Has-Reb-Lum-Was44” for one service, and “peD_plE_ilY_beR_siN-6”. That can be memorized easily. With one passphrase, you can get several passwords, you can rebuild as needed…

Unfortunately the passphrase generator just supports english words, so for other languages, you need to find a passphrase generator in your native tounge.