Post by mslo79 on Apr 17, 2020 7:53:32 GMT
Here is how one uses Diceware (i.e. for more info... world.std.com/~reinhold/dicewarefaq.html ) to make secure passwords (which is free if you have at least one dice you can roll)...
-Step 1 = roll five dice at once (or one dice five times) and basically just read them from left to right (or you can go right to left if you want) as they fall on the floor/table in front of you.
-Step 2 = note the five numbers (reading from left to right (or right to left if you want))
-Step 3 = using the following text file (i.e. www.eff.org/files/2016/07/18/eff_large_wordlist.txt ) find the five digit number you rolled on the dice and this is the first word of your password(or passphrase). TIP: open that text file with a basic Notepad etc in Windows and press CTRL+F on ones keyboard to quickly search for the five digit code you came up with as this will save time manually scrolling up or down with the mouse since there are 7776 words in that text file and using the search will quickly jump right to the number you want to find which has the word you want to use next to it.
-Step 4 = basically repeat steps 1 through 3 until you get how many total words you want to use for your password (or as they say passphrase). it seems the recommended minimum is six words (although I suspect five is probably okay if you use some padding). TIP: when using this password I would avoid using the spacebar between words... so instead of "Word1 Word2 Word3 Word4 Word5 Word6" you could do something like "Word1-Word2-Word3-Word4-Word5-Word6".
-Step 5 (optional but recommended) = in relation to what I briefly mentioned in Step 4 is to use what they call 'padding' which basically takes the password generated by Diceware and adds in additional stuff which should further harden the security of the Diceware passphrase with minimal effort on your part. for example... "Word1@@word2-Word3.Word4.Word5-Word6#^#". because even if someone knows your using Diceware, adding a bit of padding makes it that much harder for them to crack, and should not be difficult to remember, since they won't know what kind of stuff you added to it. additionally... it's probably a good idea to use at least one lower case letter, one upper case letter, and one number and one symbol somewhere in your passphrase as part of your padding scheme.
Bottom line... the whole point of this is to secure ones online accounts and since it will be more difficult to remember multiple passwords it's best to just use Diceware to generate one passphrase and use that with a password manager (they are free) and then have the password manager itself generate random/long/secure passwords for you that you will use to log into random websites you have.
NOTE: it seems many people use the same crappy passwords across many accounts they have which is a potential major security risk as if someone gets a hold of your password that can potentially use it against you by trying it on other sites etc. that's why I strongly recommend one uses a password manager as with that they only need to remember one password (called the 'master password'), which Diceware comes in hand for this, and once in the password manager program you can create entries for each site you use (like login name and password) which the password manager itself can generate long secure passwords for you so you don't have to remember them but they will be very secure. WARNING (Don't ignore if your using a password manager!): if your using a password manager to manage sites you log into online, which you should be, make damn sure you make backup copies of the password database file because if that ever gets lost or corrupt etc (i.e. like if your computer crashes) it's going to be a big problem getting back into your accounts!!! ; so make multiple backup copies!
NOTE: for the more lazy types... if your using a so-so to weak passwords already (which it seems many if not most people do) and don't really want to change your routine/habits much, at least use some half way decent level of padding for your passwords (and don't use the same passwords especially for higher importance websites otherwise your asking for trouble)!
NOTE: if a website uses 'security questions' for resetting a lost password, NEVER answer those truthfully as it makes it much easier for a shady person to bypass your secure password (assuming your using one (which you should be)) that you use to log into the account in the first place (basically makes your account much less secure). so for example, "What's your mothers maiden name?" ; instead of answering that honestly, have your password manager generate a password and use that for the answer as this way it's as secure as the password you use to log in and you can just save this additional info in your password managers notes on the site in question.
NOTE: I just got a hold of a 10-pack of dice at a grocery store for $2.99 recently (they had a five pack of generic dice for $1.99). but I only needed five dice as a person can use just one dice but it's going to take more time to make your password.
p.s. another site on Diceware, which is where I got the main password list from in Step 3 above... www.eff.org/dice