dark mode light mode Search Menu
Search

How to Create a Really Secure Password

ecos systems on Flickr

It’s often difficult to create a great password. Believe it or not 1234567 and password are still common passwords people use. So are baseball, dragon, and football. Here’s a fun way to create (and remember!) passwords and phrases that are extremely difficult to crack.

The best part? You use dice from a board game or elsewhere and a list of phrases. The roll of the die determine which phrases to use to build your password. This method is called Diceware™ and the word list is called the Diceware Word List.

Here’s how to create a really secure password:

  1. Roll one die five times and write down the top number on the die each time it stops rolling. Let’s say the result is 1 6 6 6 5.
  2. Look up the five digit number in the Diceware Word List to find your phrase. The numbers 1 6 6 6 5 in the word list are next to the word cleft.
  3. Repeat Steps 1 and 2 until you have all your password phrases.

How many words and phrases do you need? It depends on computing power and the security you need. According to the Diceware™ site, six words or phrases should be the minimum needed. Six words may be breakable today by governments with access to massive computing capability. Seven words should be unbreakable by anyone for another 15 years or so.

Also pay attention to the number of characters in your password phrase results. Twenty or more characters is the ideal length.

The Diceware™ provides word lists for a number of foreign languages, as well as alternate lists for English. And adding special characters — for example, ! or # or @ — between your phrases increases security. And using capital letters and numbers a few times also makes your password result difficult to crack.

The Diceware™ FAQ also includes a number of excellent questions and answers about online security, cryptography, and tools.

For example, you should always use real dice and not use online dice to generate numbers. There is no way to know if the rules used to generate the online dice results are as random as rolling one or more dice in your hands. Plus, your numbers are sent across the internet where, in theory, someone could capture them on their way to your computer.

The power of this method lies in how you randomly generate five digit numbers and how those numbers correspond to phrases. The phrases can be memorized mostly easily through frequent use. The result is extremely secure as long as you don’t email it to anyone. Also write your numbers on a single piece of paper, not a pad of paper.

And remember there is no such thing as a 100% uncrackable password. Only passwords that are extremely difficult to guess and crack relative to simpler passwords. Diceware™ is one way to create complex passwords you are more likely to remember than using random letters, numbers, and characters.

I found this method reading about Mira Modi, an 11-year old New Yorker who will happily create a Diceware™ password for you, write it down on a piece of paper, then mail it to you, all for about $3. You can find her at DicewarePassword.com online. Or you can create your own using the instructions above and links below.

Learn More

Diceware™

http://world.std.com/~reinhold/diceware.html
http://world.std.com/~reinhold/dicewarefaq.html
http://world.std.com/~reinhold/diceware.wordlist.asc
http://world.std.com/~reinhold/beale.wordlist.asc
https://en.wikipedia.org/wiki/Diceware

Diceware Passwords (Mira Modi’s website)

http://www.dicewarepasswords.com/

This 11-year-old is selling cryptographically secure passwords for $3 each

http://arstechnica.com/business/2015/10/this-11-year-old-is-selling-cryptographically-secure-passwords-for-2-each/

Diceware passwords now need six random words to thwart hackers

http://arstechnica.com/information-technology/2014/03/diceware-passwords-now-need-six-random-words-to-thwart-hackers/

Worst Passwords of 2014

https://www.teamsid.com/worst-passwords-of-2014/