Improving Security and Usability of Passphrases with Guided Word Choice

Passphrases have many uses, such as serving as seeds for passwords. User-created passphrases are easier to remember, but tend to be less secure than ones created from words randomly chosen in a dictionary. This paper develops a way of making more memorable, more secure passphrases. It investigates the security and usability of creating a passphrase by choosing from a randomly generated set of words presented as an array. A usability experiment shows that participants using this method are more affected by the word's position in the array than by word familiarity. Passphrases chosen from randomly generated lists achieved $97\%$ to $99\%$ of the maximal entropy in randomly generated passphrases and caused less than half of the memory mistakes. Prompting a person with random words from a large dictionary is an effective way of helping them make a more memorable high-entropy passphrase.