Making a good passphrase: the diceware method

A good passphrase is a passphrase that:

1. is long enough that you cannot guess it easily with random trials (also called brute force attacks)
2. if made from elements, is random enough that you cannot guess it from random trials of elements combinations (also called dictionary attacks)
3. you can remember easily

There is a method that will help you make a strong passphrase with all those characteristics: the diceware method. Here is the website with an explanation, however do not roll dices online, this is not a good practice.

The method is the following:

1. pick up a long list of words, all indexed by a list of values. I personally use this one, made from texts from the Star Wars universe. I recommand to print it and do it online
2. pick a couple of dices, in my case a D20
3. roll the dice 3 times in my case, this will give you one word
4. repeat the operation to have enough words. It is considered safe to have at least 6 words

This is now your passphrase. Important note: do not reject a word because you do not like it, take what the dices are giving you. At the beginning, I would suggest you write it down to a paper and set it up as a passphrase that you will use everyday, like you master passphrase for Full disk encryption, or your password manager, or Thunderbird for example.

Then after one week or so, you should have memorized it, then you will burn the piece of paper.