Select Page

With a password manager to remember all of your passwords, all you have to do is remember the single master password for your password manager.  This alleviates password fatigue and allows you to use secure, complex, randomly generated passwords for sites and applications, but this also leads you back to square one: all of your security now depends on one Master password.  So, how do you create a secure, easy to use Master password?  One simple, and surprisingly effective, way to generate a solid master password is to use a technique called Diceware.  Diceware is low tech, yet creates secure passwords that are easy to memorize because they are based on English words.

Dungeons and Dragons players will like this.  With Diceware, you start with a pre-compiled wordlist and then roll five six-sided die to choose words from the list.  Each roll will correspond to a word in the wordlist.  The goal is to ‘generate’ at least six words and then combine these words into one passphrase.  The wordlist is pre-compiled and contains over 7700 words.  Here are the basic steps:

  • Download the Diceware wordlist (http://world.std.com/~reinhold/diceware.wordlist.asc)
  • Roll five six-sided die
  • Line up the dice to create a five-digit number
  • Look up the number in the wordlist and then write down the word that it corresponds to
  • Do this five more times for a total of six words (or more)
  • Memorize this and use it as your Master password for your password management system

Here is an example:

  • Die rolls:  45625, 63555, 51513, 64312, 21113, and 56312
  • These rolls correspond to these words in the word list:
45625            pk
63555            webb
51513            refer
64312            witt
21113            cliff
56312            sy
  • So your password becomes:
pk webb refer witt cliff sy
  • or, if your password manager does not allow spaces in passwords you can use something else to separate the words:
pk_webb_refer_witt_cliff_sy
pk.webb.refer.witt.cliff.sy

Yes, I know that some of the ‘words’ are not really words at all, but this adds to the randomness of the password.  A fellow named Arnold G. Reinhold has done quite a bit of work on the math and the security of this simple password generator.  Reinhold even goes so far as to suggest how you go through this process (and I love the security focus here, even though it is a bit paranoid):

“For maximum security make sure you are alone and close the curtains. Write on a hard surface — not on a pad of paper. After you memorize your passphrase, burn your notes, pulverize the ashes and flush them down the toilet.”

I know it seems nerdy and overkill to generate passwords that are six words long, but if you only have one password to memorize then it’s easier than memorizing many different passwords.

More info here:  http://world.std.com/~reinhold/diceware.html

Word list here:  http://world.std.com/~reinhold/diceware.wordlist.asc