Q: What is Diceware?
A: Diceware is a system for building strong passwords that was developed by Arnold G. Reinhold. The Diceware method create strong passwords that are easy to remember but extremely difficult for hackers to crack. Passwords contain random words from the dictionary, such as: alger klm curry blond puck horse.
Q: Why use Diceware?
A: Passwords need two characteristics to thwart hackers. First, they must be unique - meaning not available in any of the publicly available lists of previously hacked passwords. Second, they must contain a lot of "entropy" - which roughly means that it would take a powerful computer a very long time to guess the password. Basically, a high entropy password is a long password.
Studies have shown that most people are not very good at thinking up unique, long passwords on their own. So that is why Diceware is a good method for passwords that you really want to be secure - such as the passwords for e-mail and financial accounts.
Q: How does Diceware work?
You roll a die 5 times and write down each number. Then you look up the resulting five-digit number in the Diceware dictionary, which contains a numbered list of short words.
The Diceware creator recommends that people should use six words for their passwords (or five words, plus a character). He says:
Five words are breakable with a thousand or so PCs equipped with high-end graphics processors. (Criminal gangs with botnets of infected PCs can marshal such resources.)
Six words may be breakable by an organization with a very large budget, such as a large country's security agency.
Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030.
Eight words should be completely secure through 2050.
Q: Why should I buy a Diceware password instead of making one myself?
A: You can definitely make one yourself. I started this business because my mom was too lazy to roll dice so many times, so she paid me to roll dice and make passwords for her. Then I realized that other people wanted them, too.
Q: How much do passwords cost?
I make passwords containing six words. Each password costs $2.
Q: How do you know I'm not stealing your passwords?
A: Once you get your passwords you need to make some changes such as capitalizing some letters and/or adding symbols such as exclamations. This way it's not the exact same one that I gave you.
Q: How do you remember the passwords?
A: I personally find that my Diceware passwords are surprisingly easy to remember. However, I only use a few Diceware passwords for important accounts. I use a password manager, 1Password, to create and store passwords for my less-important accounts.