This is Part 3 of our stronger password series. For the other parts, click below:
Generate secure and memorable passwords with Diceware
If you’ve read Part 1 (Two-Factor Authentication) and Part 2 (Password Managers) of our password series, you can now secure your accounts with two-factor authentication and a password manager. In the final part of the series, ExpressVPN looks at the passwords that you have to remember. For these, we will use Diceware.
Diceware is a great way to generate memorable, random, and long passwords. It’s a great strategy for your most precious passwords, especially those for which two-factor authentication or a password manager are unfeasible (such as the password to your computer, your backups, or your encryption key).
You can even use Diceware to create secure brainwallets, which are Bitcoin wallets that exist only in your head.
How to use Diceware to get stronger passwords
To generate a password using Diceware, you just need a good die and some pen and paper.
Important: Before you do anything, save a copy of this Diceware list to your computer. This is what you will use to generate your Diceware password.
Make sure that you are alone and that no cameras are nearby. For maximum protection, disconnect your computer from the internet (after you save the Diceware list!) and cover your webcam.
To start, roll the die five times. Record the number from each roll with the pen and paper. You will end up with a five-digit number. We got 52611.
Now search on the Diceware list for the five digit number you just created. Write down the word the number corresponds to (in our case, it is “salvo”). This word by itself is not a good password, as it would only take about a thousandth of a second to crack. So repeat the dice rolling process at least four times.
After five sets of five rolls, we ended up with 52611 51631 63432 43123 21641.
This corresponds to the password “salvo rhoda walton mudd croft.”
It would take a single computer about six nonillion (which is 6 x 10 to the power of 30) years to crack this. This is an unimaginably large number. (For comparison, the universe is only 14 x 10 to the power of 9 years old.)
If you had a billion computers, each one a billion times stronger than the computers available today, you would still not be able to crack this password.
Memorize this password and then shred the piece of paper on which you recorded your dice results. Ideally, you should burn it.
To remember your new Diceware password, you will need to use it regularly. Especially while it is still fresh in your memory. Frequently log in to the service you created this password for, or set yourself a routine to practice it. Remember to destroy any physical copies you make!
Eventually, the password will become muscle memory, and typing it will be as natural as drinking or eating.
Use Diceware to create brainwallets and store Bitcoins in your head
The words generated with Diceware are random and secure, so you could even use them for your Bitcoin brainwallet.
In such a brainwallet (also called a hierarchical deterministic wallet, or HD wallet), your private and public Bitcoin keys are generated from a list of words instead of a number generator—just like the list we got from rolling the die. This list of words is called a seed.
The seed technique makes it possible for humans to remember large and complex Bitcoin addresses. Instead of using a large string of numerical digits as your Bitcoin key, you can use your randomly generated word seed instead. Meaning you can quite literally put money in your head.
For security, your mind beats all forms of electronic storage. USB sticks, CDs, and SD cards can all corrupt, and who knows how easily a computer might access them in the future? But your brain will most likely remain unhackable for the foreseeable future.
A few great wallets allow you to use seed words for your bitcoin keys, such as Breadwallet (iOS), Mycelium (Android), and Electrum (Windows, Mac, and Linux). These services do not allow you to enter your own words as a seed; rather, they insist on generating the words themselves with an electronic Diceware algorithm. This is done to protect uninformed users from creating wallets with non-random words, such as song lyrics, then losing their Bitcoins to someone else who has used the same lyrics as their own seed words.
To demonstrate how word seeds work, we used Electrum to create a brainwallet and a separate watch-only Bitcoin wallet. This watch-only wallet can be filled up with actual Bitcoins and used to monitor your Bitcoin accounts, but since it doesn’t have a private key, nothing can be stolen.
How to use Electrum to create your brainwallet for Bitcoin
You can download Electrum from its official website. There are versions for Windows, Mac, Android, and Linux. You can also find Electrum pre-installed in the operating system Tails, which we recommend, and have used in our example.
A Live-USB (an operating system run from a USB stick) is recommended when setting up your brainwallet, as a computer could be infected with malware without your knowledge.
Create a new Bitcoin wallet
Create a wallet by clicking on File > New/Restore. Confirm the file name wallet_1.
Select Create New Wallet, then Standard Wallet.
Thirteen English words will appear in the next window.
Write these words down on a piece of paper, then click Next.
You will be asked to enter the previously generated words in the next window. This will confirm that you have written down the correct words, in the correct order, and without typos.
Next, you will be asked to set a password. If you are relying solely on your paper backup, this password is not important. If you intend to use this wallet regularly, generate a password with your password manager.
Hit Confirm, and your addresses will be generated by Electrum. You can see them all under Addresses.
Next we will export our Master Public Keys for our watch-only wallet. You can view this key under Wallet > Master Public Keys.
Save this key in a text file called xpub.txt on your USB stick or hard drive.
The public key beginning with xpub is not security-relevant, so you do not need to worry about it being stolen. Anybody who has this key will be able to find which Bitcoin addresses belong to you, but they will not be able to steal your Bitcoins.
Remember your seed words, then delete your wallet
If you remember your seed words (or have them written down on a piece of paper) and your public key is saved in xpub.txt, you can delete your wallet.
You can find the file wallet_1 as listed below. Make sure to also delete it from your trash bin:
- Show hidden files
- Go to Users/YourUserName/AppDataRoaming/Local/Electrum/wallets
- Open Finder
- Go to folder (shift+cmd+G) and type ~/.electrum/wallets
- Home Folder
- Go -> Location and type ~/.electrum/wallets
Congratulations! Your Bitcoin wallet now exists solely in your head.
Keep your seed words safe
You must remember your seed words! If you chose to back them up on a piece of paper, you must keep it safe. If you lose this paper and forget your seed words, you will lose all your Bitcoins. Anyone who knows your seed words can steal your Bitcoins.
Do not put any paper copy of your seed words into a scanner or photocopier—and keep it out of the reach of cameras or spying eyes. A safe, or somewhere you are comfortable keeping large amounts of cash or other valuable documents, would be a great place to store a paper backup.
Create a watch-only wallet to see your Bitcoins
A watch-only wallet will only allow you to monitor your balance and receive money. As a result, you do not have to worry about keeping this wallet secure. You only need to worry about remembering your seed words.
Open Electrum, and click on File > New/Restore again. Enter a wallet name and select Restore a Wallet or Import Keys, then Standard Wallet.
Paste your xpub key into the field in the next window, or click on the folder icon and select the xpub.txt that you saved.
A notification will inform you that this is a watch-only wallet.
You can see your addresses under Addresses. You can also see the balance of these addresses, or send money to them.
Restore your wallet to spend your money
If you want to spend the Bitcoins you have gathered in your mind, you’ll first need to restore the wallet you deleted.
Open Electrum and select File > New/Restore.
Enter a wallet name and select Restore a Wallet or Import Keys, then Standard Wallet.
Enter a password. We recommend you create one with ExpressVPN’s Random Password Generator or your password manager.
Confirm this step by clicking OK.
Electrum will generate your addresses, and you will be able to see your balance and make payments. For each payment, you will need to enter your password.
A threesome with triple protection
You can use Diceware to generate strong, memorable passwords for your computer and password manager. Then use your password manager to generate and store all your other account passwords. Add extra security to your most private accounts with two-factor authentication.
No password strategy is more secure than this.