Strong Passphrases

Posted: 7 Jun 2006


A Forum reader asked the following question:

"I was wondering if people wouldn't mind posting what they've used or considered to be strong Passphrase Questions to enroll their end users.

I was initially thinking of subjective questions, like: "Who is the most influential person in your life," but it's very easy for those answers to 1) be too easy to guess if a person knows you, or 2) lead to very short answers ("Dad") - not meeting NSL's requirement of a 6-character minimum. We've actually bumped ours up beyond that base requirement to be characters including 1 numeral.

Do any of you mind sharing some of your best passphrase questions/directives so we might benefit from the path you've already beat through this jungle? The documentation is pretty thin in the examples arena."

And here are the answers from several respondents ...


(Jeremy Daniel) - We ask the town/city where the person was born, the mother's maiden name, favorite holiday destination, or pet's name. Each passphrase question has a 6-character minimun. We figured that if we used multi-pronged responses, users would get confused with spaces, so we came down on the side of functionality vs. security.

(Simon Hessett) - We've recently been thinking more along the lines of things that your average person would carry on them in a day but aren't available in the public domain.

Examples might be a rail or bus pass number, driver's license number, supermarket loyalty card number, airline frequent flyer number, blood donor number etc. These are the sort of fairly static things that you might find on a card in a wallet but would be hard to guess. We've found "favourite" type questions are too hard for people to remember, and more common questions like mother's maiden name are too easy for others to find.

(Michael Kimble) - Here are the questions that we ask our users:

  • Combine the name of your High School, and a 4 digit PIN number.
  • Combine the name of your first pet, and a 4 digit PIN number
  • What was the street address of your childhood home?
  • What was the year, and model, of your first car?

