Skip to main content

Create strong passwords with Diceware

Your accounts are only as strong as the passwords you use to protect them.

Diceware is a great way to generate memorable, random, and long passwords. It’s a great strategy for your most precious passwords, especially those for which two-factor authentication or a password manager is unfeasible (e.g. the password to your computer, your backups, or your encryption key).

You can even use Diceware to create secure brainwallets, which are Bitcoin wallets that exist only in your head.

To generate a password using Diceware, you just need a good die and some pen and paper.

You can find the diceware list at the ExpressVPN website. 

Make sure you are alone and there are no cameras nearby. For maximum protection, disconnect your computer from the internet (after you save the Diceware list!) and cover your webcam.

To start, roll the die five times. Record the number from each roll on the pen and paper. You will end up with a five-digit number. We got 52611.

Now search on the Diceware list for the five digit number you just created. Write down the word the number corresponds to, in our case it is ‘salvo’. This word by itself is not a good password, it would only take about a thousandth of a second to crack. Repeat the dice rolling process at least, four times.

After five sets of five rolls, we ended up with 52611 51631 63432 43123 21641.

This corresponds to the password “salvo rhoda walton mudd croft." 

It would take a single computer about six nonillion (which is 6 x 1030) years to crack this. It is an unimaginably large number and for comparison, the universe is only 14 x 10 to the power of 9 years old.

If you had a billion computers, each one a billion times stronger than the computers available today, you would still not be able to crack this password.

Memorize this password and then shred the piece of paper on which you recorded your dice results. Ideally, you should burn it.

To remember your new Diceware password, you will need to use it regularly, especially while it is still fresh in your memory. Frequently log into the service you created this password for, or set yourself a routine to practice it. Remember to destroy any physical copies you make!

Eventually, the password will become muscle memory and typing it will be as natural as drinking or eating.

Use Diceware to create brainwallets and store Bitcoins in your head 

The words generated with Diceware are random and secure, so you could even use them for your Bitcoin brainwallet.

In such a brainwallet (also called a hierarchical deterministic wallet, or HD wallet), your private and public Bitcoin keys are generated from a list of words instead of a number generator—just like the list we got from rolling the die. This list of words is called a seed.

The seed technique makes it possible for humans to remember large and complex Bitcoin addresses. Instead of using a large string of numerical digits as your Bitcoin key, you can use your randomly generated word seed instead, meaning you can quite literally put money in your head.

Your mind beats all forms of electronic storage. USB sticks, CDs, and SD cards can all corrupt, and who knows how easily a computer might access them in the future? But your brain will most likely remain unhackable for the foreseeable future.

A few great wallets allow you to use seed words for your bitcoin keys, such as Breadwallet (iOS), Mycelium (Android), and Electrum (Windows, Mac, Linux). These services do not allow you to enter your own words as a seed. Instead, they insist on generating the words themselves with an electronic Diceware algorithm. This is done to protect uninformed users from creating wallets with non-random words, such as song lyrics, then losing their Bitcoins to someone else who has used the same lyrics as their own seed words.

To demonstrate how word seeds work, we used Electrum to create a brainwallet and a separate watch-only Bitcoin wallet. This watch-only wallet can be filled up with actual Bitcoins and used to monitor your Bitcoin accounts, but since it doesn’t have a private key, nothing can be stolen.

Lexie M writes about information security, bitcoin, and privacy. She is excited about empowerment through technology, space travel, and pancakes with blueberries and blogs for ExpressVPN who is TechRadar’s number one VPN provider. This is an excerpt from Lexie’s eBook called “Bitcoin Security and Privacy : A Practical Guide” which is free to download on iOS, Android, Kindle Kobo and Nook