I was sitting around thinking about what would be the perfect master password for a password manager.
- It would
be long. The longer the password, the harder to brute force.
- It would be easy to remember which is hard to do with a long password.
- Uniqueness is also important.
- Lastly, it would be easy to enter into my password manager.
Crazily enough I think I figured it out.
The Best Master Password
The best master password would be a document.
Documents contain a lot of characters. They’re easy to find and organize on your computer. With copying and pasting its easy to enter. If the document is something I wrote its very unique.
Depending on the password manager I could use the entire document as my master password. Or I could be more mysterious and use only a specific sentence or two. If I were really hardcore, I would use two different sentences from two separate documents.
Even better is that it will contain special characters like spaces and punctuation.
Master Password In Plain Sight
What I like most about this idea is that your master password is in plain sight. It blends in. No one, unless they knew, would even guess that your password is a sentence in some document.
I’m sure many of you are like me and have several documents from emails, recipes, or even the general notes we take in our day to day lives.
If I were to take a common password like “ILoveLamp123” and insert it into a document, it would clearly stick out. Someone coming across it would ask why someone’s password is in this document? But if I used the paragraph before this one no one would be the wiser.
URL As Master Password
You could also do this with URL’s too. One example would be…
It’s long and has plenty of special characters. The trick is to use a made-up URL as I’ve done above. With all the top-level domains available the sky is the limit.
The great thing about using a URL is that you can hide it in plain sight like in your bookmark bar. You could even print it out for safe keeping and anyone who comes across it would only think it’s a URL and not the password to your password manager especially if its with other links.
Who Should Use This?
Who would benefit the most from using this idea?
Anyone who doesn’t get password managers or people super into password managers.
The person who doesn’t get password managers wants the least amount of friction. The master password is something that people have a hard time with. They tend to stick to the weak passwords they’ve always used and most often forget it after awhile.
If all I needed to say when setting up someone new to a password manager is that “your master password is the first sentence of this document you wrote” they won’t forget it. It’s easy to forget words and characters but knowing the location of a single file is easy.
The people who care the most about their master password will love this idea because they get to use a long password with ease. And it’s easy to enter and super unique. They could even use two sentences from two different documents, combine them and remove the last 3 characters. They could make it as complicated or as easy as they want.
Where This Doesn’t Work
This idea falls apart if you use a real book or anything published on the internet. The words you use need to be unique.
While the odds of someone figuring out the sentence of the book seems low, it’s not. People are very predictable. Many people would use the bible or Google “best selling books of all time” to figure out what sentences to try.
It’s best to stick to things you wrote.
If you have no documents, then it’s time to start creating them. Why not rant about your job or school for a bit? Or just write about your day so far.
The more real the document, the better.
The bad thing about this idea is that it doesn’t work for all password managers. So far it works well with KeePassXC, I’ve so far tested up to 1,000 words as my master password.
Online password managers have issues with too long of a master password. I’m seeing 200 to 300 character limits.
Not a huge deal if you only want a sentence or two. To be honest, that is more than enough. I mean, who can honestly brag about a 100 to 300 character long master password? Not many people.
The other downside is that you rely on a document. This idea only works smoothly if you can copy and paste. A desktop is not an issue, but mobile has its challenges. With fingerprint readers on mobile phones now it’s not often you have to enter your master password anyways.
The last downside is that nothing can beat the security of keeping the password in your head. While it is more secure to keep the password closed up in your head, you are still human and forgetful.
What Do You Think?
I’m curious to hear what others think about this idea. Share your thoughts and what you do to make a strong master password below.
Need A Password Manager?
Here is our picks for password managers.
1. 1Password - Best all-around.
2. Bitwarden - Best free option.
3. Dashlane* - Best for new users as it holds your hands more.
4. Roboform* - Featured packed and been around the longest plus a free option. The only one with a bookmark manager which I've found useful lately.
*May receive a commission.