Create good passwords

Following up on let’s month’s post about passwords, this article will cover how to create good passphrases. Specifically, creating them using a technique called diceware. I’ll go over what it is, why to use it, and how to generate one.

What is diceware?

Diceware is a method of randomly choosing words to use in a passphrase via ‘dice rolls’. Hence the name. Basically, every word is assigned a number, and numbers are chosen by rolling dice.

If you’ve ever seen the XKCD cartoon about password strength (https://xkcd.com/936/) you can easily generate a strong password, like ‘Horse-Battery-Staple’ (don’t use this one) using diceware. And, that’s much easier to remember than ”Tr0ub4dor&3″.

Why use dicware?

Longer passwords are stronger than shorter ones. We won’t dive into all the reasons here, but if you want to learn more, check out this article: https://www.betterbuys.com/estimating-password-cracking-times/.

Basically, just adding one more character to your password increases it’s strength exponentially. But, longer passwords are often harder to remember.

Diceware let’s you quickly and easily generate a long password that is easy to remember.

Creating a diceware passphrase

While the are lots of websites to generate a diceware password online, that’s a whole other trust concern that we won’t get into here. Keep reading to learn about how to generate a passphrse on your own computer.

Windows users

If you’re a Windows user, there’s a PowerShell script derived from Tim Evan’s blog: https://www.betterbuys.com/estimating-password-cracking-times/ that will use the official diceware wordlist to generate a diceware passphrase.

You can download the modified script here: https://www.cassidys.biz/wp-content/uploads/2019/11/diceware.ps1.

Linux users

Linux users can install a package to quickly generate diceware passphrases. On Ubuntu, install the diceware package via apt:

apt-get install diceware

Then, use bash to quickly generate 10 passwords to choose from with a for loop:

for i in 1..10; do diceware -n 3 -d - ; done

You can learn more about diceware here:
http://world.std.com/~reinhold/diceware.html
Or
https://en.m.wikipedia.org/wiki/Diceware

Leave Comment

Your email address will not be published. Required fields are marked *