If your passphrase is randomly generated, and if you have a sufficient number of words, there is no real benefit of adding numbers or special characters — and doing so makes the master password harder to memorize. Likewise, removing spaces creates disadvantages, and is not encouraged.
It is impossible to test a password that has already been created. However, if you use a random password/passphrase generator (like the one in Bitwarden), then the strength can be accurately estimated based on the generator settings. For example, with Bitwarden’s passphrase generator (and similar random passphrase generators), the password entropy (a measure of strength) increases by about 13 bits with each added word. Generally, for a Bitwarden master password, 50 bits of entropy is sufficient for protection, and you can achieve this with a random 4-word passphrase.
If you’re going to use Bitwarden’s generator, you should use the one that can be found inside each Bitwarden app or browser extension (because their online generator webpage includes 3rd-party trackers.
Among the available online password generators, I generally recommend a site called The Little Password Helper. For maximum security, save the webpage as a local .html
file, then close your browser, disconnect from the internet, and open the locally saved .html
file to generate your master password.
Unless they have medical issues that affect their memory or ability to process language, they should be able to memorize 4 random words — with a little bit of practice. I am sure that if they were presented with 4 grandchildren, they would be able to learn the four names. It does take some work — I would recommend starting with writing down the master password on an Emergency Sheet, which they can use as a “cheat sheet” until they have memorized the vault password. Start by memorizing one word, and typing it into the login form without looking at the cheat sheet (if possible); once they can recall the first word with ease, work on memorizing the second word in the same manner. After the password has been memorized, store the Emergency Sheet in a secure location (as a backup for the inevitable memory lapse).
It is also possible to use mnemonic techniques to assist with passphrase memorization. Typically, this would start with envisioning a scene or a story that has been constructed using the passphrase words. For example, I just used Bitwarden’s generator to randomly produce the words aqua much swan jingle
; so I might imagine a scene consisting of an aqua-colored lake overfilled with swans, and an ice-cream truck playing its jingle. This will make it easier to memorize the words in the passphrase.