Infosec fundamentals 102

“Treat your password like your toothbrush. Don’t let anybody else use it and get a new one every six months” – Clifford Stoll

It’s 8:55am, you have your morning coffee in one hand and all your meeting notes in the other.

You step into the office and sign into your computer and the first thing you see is this:

You don’t have time to change your password.

Your meeting is starting and everyone is already waiting for you.

You decide to quickly add another number to your previous password and mentally note that you will change the password to something more secure after the meeting.

the truth is, you don’t…

The true-case scenario is you forget that you changed it and attempt to enter the old password several times before you remember what you have done.

The worst-case scenario is that somebody with malicious intentions accesses company files through your recently changed password.

Although this is unlikely to happen, there is still a possibility this CAN happen.

So, is there an easy method of changing your password into something secure but easy to remember?

The short answer is yes, yes there is.

Diceware – the art of a lazy password

Diceware is the technique of randomly generating a passphrase through the use of standard six-sided dice to select words at random from a specific list known as the Diceware Word List.

Each word in the list is preceded by a five-digit number.

Every digit in the number is between 1 and 6, which allows you to use the outcome of five dice rolls to determine the selected word from the word list.

Generating the password

So, say you have one or more dice lying around and want to generate a password, how do we start?

  1. Download the Diceware list from the following link or use any of the other alternatives below:

1. Roll your dice five times for every word you want to make and note them down in groups of 5, i.e. for a six worded passphrase you will need to roll 6 times 5 times for a total of 30 dice rolls.

2. Look up each of the five-digit numbers in the Diceware list and search for the word next to it.

3. After the numbers have been converted to words, note the words down in any order, memorize them and you have created the passphrase!

Putting Diceware to practice

Now that we know how to create the passphrases, let us make one as an example of how easy it is to create!

Let’s say you roll 5 dice five times and you get an outcome like this:

1, 2, 6, 6, 4, 4, 2, 6, 1, 5, 5, 5, 2, 6, 5, 1, 1, 2, 5, 2, 3, 2, 5, 3, 6

Which can then be separated into groups of five dice rolls like this:

1, 2, 6, 6, 4

4, 2, 6, 1, 5

5, 5, 2, 6, 5

1, 1, 2, 5, 2

3, 2, 5, 3, 6

Then by looking up the newly created 5-digit numbers on your corresponding Diceware wordlist, you can find the words corresponding to the numbers.

For this example, we’re using the default Diceware list:

5-digit number Diceware word
12664 Avid
42615 Morse
55265 Sport
11252 Ada
32536 Heir

Now, we are ready to put the words into a passphrase by putting the words together in any order.

The passphrase can be:

AvidMorseSportAdaHeir Or MorseSportAdaHeirAvid Or SportAdaHeirAvidMorse

The list goes on!

And just like that, from using five dice to generate five words, you have created a passphrase that would take approximately 861 quadrillion years for a computer to crack.

To further increase the strength of your passphrase, you can add special characters or numbers into the passphrase.

Avid-Morse Sport-Ada Heir Or Avid1Morse2Sport6Ada6Heir4

The only thing left to do now is memorise it!

Wielding your newfound power

Now that you know how to generate passwords with this new technique, you can go out and make stronger unique passwords for your social media, banking, business systems, work accounts or anywhere that requires a password!

If you think memorising a long unique password is hard, lookout for the next chapter of our information security series: Password Managers.

And if you missed out on our first chapter, Infosec fundamentals 101:  Bad passwords, practical passphrase, read it here.

Join the Discussion

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts