How to Create a Strong Passphrase for SSH

You might be wondering what passphrases are, how they’re different from passwords, and how you can use them effectively. Most simply, passwords are used to secure credentials for most of the services and devices you log into regularly. These services can be anything from cPanel, AMP, or your favorite social media applications. In this article, we’ll show you how to create a strong passphrase for SSH that is also easy to remember.

Why create a strong passphrase for SSH?

Passphrases, are used more selectively than passwords. Ideally, you will have many passwords but only one passphrase. And, your passphrase should be secret, and it is not recommended that you share it with anyone.

For example, you could use a passphrase to secure your master password list. Password management programs like KeePass and LastPass are popular tools for managing multiple usernames and passwords for various services. But, you still need a way to secure the password manager. This is where the usage of a secure passphrase would be most helpful.

Passphrases are also used to secure keypairs. SSH keys can allow you to log into various services with a “key” instead of a username/password combination.

Easy to Remember

Since you will be using your passphrase often, it is wise to pick a passphrase that is long, complicated, random, and also easy to remember. That seems like a difficult task, but it can be made easier.

In this article, we will use a simple password generator. All you’ll need to follow along is a pair of dice (or a single die) and this Diceware passphrase word list. The list in that link can be downloaded or referenced from here.

  1. Roll the dice
  2. Write down the number you just rolled
  3. Repeat the process five times

You should now have a five-digit number. Find your five-digit number on the Diceware list. The word associated with that number is the first word of your passphrase. Repeat the process above until you have produced five or six random words. The combined result is your new passphrase. Write it down and keep it with you until you have it memorized. You may be surprised to find how quickly you’ve memorized this long phrase after only a few repetitions.

You may be wondering why all of this randomness is necessary. The reason is to fool bots. There are computers that can try thousands of passphrase combinations in a matter of minutes. Humans are predictable, and so we create predictable passwords that are very easy for a computer to guess. Using randomness is the best chance we have to conceal our secure passphrases from michievious bots.

Since computers keep getting faster, it is recommended that you add more randomness to your passphrase over time. For example, if you have a six-word passphrase, consider adding in a seventh word at the beginning, end, or middle of your passphrase. Every word you add to your phrase exponentially increases your passphrase’s security.

If you don’t have a pair of dice or the time to use the Diceware list, a quick Google search will yield a few online Diceware passphrase generator sites that will generate a secure passphrase for you.

Leave a Reply