# Setting up `derivepassphrase vault` for three accounts, with a master passphrase
## The scenario
In this tutorial, we will setup `derivepassphrase` for three services, using a master passphrase and the standard `vault` passphrase derivation scheme.
We will assume the following three services with the following passphrase policies:
<div class="grid cards" markdown>
- __email account__
---
- between 12 and 20 characters
- no spaces
- 1 upper case letter, 1 lower case letter, 1 digit
- no character may appear 3 times (or more) in a row
- __bank account__
---
- only digits
- exactly 5 digits
- an additional one-time password via a hardware token ("[two-factor authentication][2FA]")
- __work account__
---
- exactly 8 characters
- no spaces
- 1 special character, 1 letter, 1 digit
- must be changed every quarter (January, April, July and October) to a different value ("passphrase rotation" or "rollover")
- must actually be different from the previous *two* passphrases
</div>
[2FA]: https://en.wikipedia.org/wiki/Two-factor_authentication
## Installing `derivepassphrase`
You will need Python 3, and a package installer such as `pip` (bundled with Python), `pipx` or similar.
---
=== "pip"
With `pip`, using a "virtual enviroment" at `~/.venv` to avoid clobbering our system configuration:
~~~~ shell-session
