Choosing a new password is always an interesting topic. When I started using
computers for the first time, my idea was to find some useful words which I can
remember, maybe 2-3 of those words together. With time I found that the
websites have different requirements when it comes to choosing a new password.
But, in the last few years we also saw many examples where brute forcing a
password is a rather simple thing. The modern powerful computers enable anyone
to find a right combination of characters in a decent time frame.
What is a diceware password?
Diceware passwords are normal passwords (a few words together) generated from a
list of words by either rolling a dice, or by computer. You can read more in
the original Diceware website.
Using diceware project to generate your passphrases
If you notice, I have written passphrase instead of password. This is
because passphrases are not only easier to remember than a complex password,
but they also provide better security from bruteforce attacks. The following
comics from XKCD explains it better than any words.
diceware is a very simple command line
tool written in Python. It can help you to choose a diceware passphrase easily.
It was already packaged for Debian, last week I have packaged it for Fedora
(thank you Parag for the
review). Yesterday night it was pushed to stable. So, now you can install it
$ sudo dnf install diceware
$ diceware MotorBolsterFountainThrowerPorridgeBattered
By default it is creating passphrases with 6 words in it, but you can increase
-n command line argument. You should use at least 7 words in your
passphrase. Read the
from Micah Lee to understand how this helps to
increase the strength of your passphrases in many folds.
The man page of the
diceware has more details about usage.
Start using a password manager
Now is a good time to start using a password manager. Save all the
passwords/passphrases in one place, and secure it with a super long passphrase
which you can remember. This
from Martin Shelton has many examples. The
members of Fedora engineering team uses a command line tool called
pass which uses gpg to encrypt the passwords.