This is Part 3 of our stronger password series. For the other parts, click below:
Generate secure and memorable passwords with Diceware
If you’ve read Part 1 (Two-Factor Authentication) and Part 2 (Password Managers) of our password series, you can now secure your accounts with two-factor authentication and a password manager. In the final part of the series, ExpressVPN looks at the passwords that you have to remember. For these, we will use Diceware.
Diceware is a great way to generate memorable, random, unique, and long passwords. It’s a great strategy for your most precious passwords, especially those for which two-factor authentication or a password manager are unfeasible (such as the password to your computer, your backups, or your encryption key).
You can even use Diceware to create secure brainwallets, which are Bitcoin wallets that exist only in your head.
How to use Diceware to get stronger passwords
To generate a password using Diceware, you just need a good die and some pen and paper.
Important: Before you do anything, save a copy of this Diceware list to your computer. This is what you will use to generate your Diceware password.
Make sure that you are alone and that no cameras are nearby. For maximum protection, disconnect your computer from the internet (after you save the Diceware list!) and cover your webcam.
To start, roll the die five times. Record the number from each roll with the pen and paper. You will end up with a five-digit number. We got 52611.
Now search on the Diceware list for the five digit number you just created. Write down the word the number corresponds to (in our case, it is “salvo”). This word by itself is not a good password, as it would only take about a thousandth of a second to crack. So repeat the dice rolling process at least four times.
After five sets of five rolls, we ended up with 52611 51631 63432 43123 21641.
This corresponds to the password “salvo rhoda walton mudd croft.”
It would take a single computer about six nonillion (which is 6 x 10 to the power of 30) years to crack this. This is an unimaginably large number. (For comparison, the universe is only 14 x 10 to the power of 9 years old.)
If you had a billion computers, each one a billion times stronger than the computers available today, you would still not be able to crack this password.
Memorize this password and then shred the piece of paper on which you recorded your dice results. Ideally, you should burn it.
To remember your new Diceware password, you will need to use it regularly. Especially while it is still fresh in your memory. Frequently log in to the service you created this password for, or set yourself a routine to practice it. Remember to destroy any physical copies you make!
Eventually, the password will become muscle memory, and typing it will be as natural as drinking or eating.
Memorable and yet impossible to guess
You can use Diceware to generate strong, memorable passwords for your computer and password manager. Then use your password manager to generate and store all your other account passwords. Add extra security to your most private accounts with two-factor authentication.
No password strategy is more secure than this.