How to create Passphrases with KeePass
Passphrases have several advantages over conventional passwords that make them more suitable in a variety of situations. The main distinguishing factor between passphrases and passwords is that the former consist of multiple phrases, which are often words. One of the benefits of this method is that it renders the majority of dictionary attacks useless, as it is unlikely that a phrase like eveningHorizonOwnTestGhacksPlease would be included in a dictionary attack.
Security can be improved further by adding special characters or numbers, for instance by substituting every third e with 3, or adding a space after the tenth character. But protection against dictionary attacks is not the only benefit that passphrases have. They can also be designed to be more memorable than a random password of the same size.
Even if you are using a password manager like KeePass, you may sometimes want to create passphrases, for instance when you sometimes need the password in situations when you do not have access to KeePass.
KeePass and Passphrases
KeePass is an excellent password manager, and one of its strengths is its extensibility. WordSequence Generator is the name of the plugin that adds passphrase generation support to KeePass.Â All that needs to be done to install the plugin is to download it from the Sourceforge project website and extract its contents into the root KeePass directory. KeePass needs to be restarted if it is already open to pick up the new plugin.
The plugin becomes available in KeePass' Password Generation Options menu. Just select WordSequence under Generate using custom algorithm, and click on the settings button on the right of the line afterwards to configure it.
Here you can then add words to the dictionary that is used to create the passphrases. This step is really important, and while you are at it, you can also check out the generation options on the right. Here you can select the count of words for your passphrases, configure substitutions to increase the security of the phrases, add extra characters to the passphrase, and define capitalization options. The newly generated passphrases become then available in the Preview tab.
Exiting the settings returned an error on a 64-bit system of Windows, but did not seem to have an impact on the program itself. The configuration changes were saved after all.
If you are not using the KeePass password manager but would like to generate secure passphrases from time to time, you could take a closer look at PWGen for the Windows operating system which offers a similar feature set.
Word Sequence can be a useful plugin for KeePass, especially thanks to its advanced generation options that improve the security of the generated passphrase significantly. It is not really a necessary plugin for KeePass users though, considering that it is also possible to simply generate a very long random password instead. Since it is saved in the password manager's database it does not need to be remembered.Advertisement
Although I haven’t personally used them, the “WordSequence Generator” and “Readable Passphrase Generator” plugins seem like easier alternatives.
I sent you a couple of months ago a program of my own that generates passwords, but it’s NOT a random password generator, it’s more of a manager. (you didn’t write an article about it yet)
test it online: https://pwdgen-vbcrlf.dotcloud.com/
Why it’s much better than random password generators:
because you can generate complex passwords by using words very easy to remember.
For example, you want to generate a password for Facebook, you type “Facebook” in the first field and “secret password” in the second. The resulted password will ALWAYS be “YFE7geOUbrpt/rX”, which you can use as a password for your account. It’s very secure and re-generable.
I hope it’s useful to someone :)
I’m using it every day.
This XKCD thing was gone too far.
Here is for the genious around: if a person is watching me input my password, or worse, has a camera capturing my keyboard, I’m pretty sure she won’t guess my 16 random numeric-symbolic-alfa-upper-lower password, but if I type the stupid correct-horse-battery-staple, it won’t need more than a few times to guess it.
If they have a camera pointed at your keyboard, why bother with passwords?
Seriously, you might as well be announcing each character as you type it:
“P! NINE! AMPERSAND!”
So how safe are these Keepass plugins? Is there any independent programmers who jump into the code and make sure they’re not phoning my passwords home?
I’ve never used any Keepass plugsins, especially with all the dire warnings on the website.
You should be careful when you install third party plugins. I personally would not really install any unless you really need the functionality. And if you do, I probably would try to look through the code, or at least block KeePass’ option to connect to servers.