Password management & Diceware

Why is password management important?

The majority of people use weak passwords and reuse them on different websites. This is problematic, as you should use strong and unique passwords for each website. The best solution is using a password manager.

A password manager stores login information of all websites you use (including email) and help you log into them automatically. The password database is encrypted with a master passphrase, which is easier to memorize than a complex and unique password. That master passphrase is the only thing you have to remember.

Password reuse is a serious problem because of the many password leaks that occur each year. When your password leaks malicious individuals often have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites like your email or PayPal account. This is especially problematic if you have not set another means of authentication, which you do with something called two-factor authentication, or 2FA.

Personal information in passwords

While it is not recommended, internet users tend to include personal information in their passwords for easy memorization. The trouble with using personal information to construct passwords is that it gives hackers a leg up in the task of cracking them. If they can simply find out more about the person, then they can take educated guesses about their passwords.

And how do they find out more about a person? Same as the rest of us – a Google search,  a lookup on Facebook, LinkedIn, Twitter, Pinterest, etc. At the same time they will note a person’s interests in case they are presented with other security questions when they attempt to gain access to the systems on their hit list. Social media sites are fountains of information for even the most inexpert of hackers.

In the tutorial I’m walking you through the steps of creating a Diceware passphrase and installing KeePassXC. The Diceware passphrase is used as the key to the castle, so to speak. You use it to open the vault.

Tutorial was kindly and beautifully produced by my friend Seán Hannan – thank you!

1Password

Update 2022: I’ve switched over to 1Password from KeePassXC. It’s much easier to use and syncs across all your devices. For 3 dollars a month you’re settled. https://1password.com/

The video tutorial is still of use. I’ll walk you through creating a master passhprase with Diceware from scratch. Just replace KeePassXC with 1Password, and you’re good to go.

Create passwords of 20 characters (or more) and use a mix of numbers, letters and symbols.

Diceware

Below you can find the information to the best Diceware resources, including the Diceware long list. I recommend creating a 6-word passphrase as a master passphrase for you password manager vault.

https://www.eff.org/dice

https://en.wikipedia.org/wiki/Diceware

https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

Other links

For those who are curious what the so called “brute-forcing” means, here more information.

And the Wikipedia password cracking entry is here.