Many of my clients have rolled their eyes in disdain or cringed in repulsion once they hear my most frequent recommendation for improving their online security and privacy: change their personal email password. I understand their moanin’ and groanin’. Creating a new password that is supposed be secure, yet memorable, is difficult to create if you don’t know where to begin.
I already discussed why it’s important to change your personal email password. I’ve also alluded to using passphrases instead of long random-character passwords. But I don’t think I’ve shared how easy it can be to create a complicated, secure passphrase for your personal email account. Or your password manager vault.
Gimme a D
There’s a nerdy concept out there in Privacy-Securityville called Diceware. Essentially, it’s a method of creating bulletproof passwords by piecing together random words from lists, and making it fun by rolling dice to select a corresponding word to the number of a rolled die in the passphrase. Wait! don’t click away from me just yet. It gets better…
Gimme an E
In the dark alleys of Privacy-Securityville, the folks wearing black hoodies with laptops covered with stickers of obscure nerdy sayings? They refer to the strength of passwords as entropy. In relating to passwords, entropy is used as a measurement of how random a password is. The higher the entropy of a password, the harder it is for the bad people to hack you. And from what I’ve learned after reading numerous nerdy articles and research papers on the internet, passphrases with diceware have pretty robust entropy. Stick with me…we’re almost to the good part!
Gimme an F
It actually is possible to make a new passphrase from your own diceware setup. Visualize four dice with the numbers on these dice ranging from one to six. On a sheet of paper, create four categories of things you like, then write six items in each list. For example:
Fruit
1 = apple
2 = strawberry
3 = peach
4 = blackberry
5 = kiwi
6 = durian
Friends
1 = monica
2 = rachel
3 = phoebe
4 = ross
5 = chandler
6 = joey
Classic Rock Bands
1 = foreigner
2 = heart
3 = eagles
4 = aerosmith
5 = journey
6 = styx
Periodic Table of Elements
1 = lithium
2 = sodium
3 = silicon
4 = chlorine
5 = iodine
6 = platinum
Four categories, six words apiece. Now you roll those four dice. Four - Three - Five - Five.
Gimme a P
Your DIY Diceware passphrase is: blackberryphoebejourneyiodine. That’s a 29-character password, but it can be visualized. Phoebe is sitting on the couch putting some iodine on her finger and complaining to Joey about getting a papercut. She’s listening to “Don’t Stop Believing” and eating a bowl full of blackberries. If it turns out that your personal email password is required to contain numbers or special characters, add your lucky number and a character to the passphrase: 7blackberryphoebejourneyiodine!
If you don’t want to go the DIY route of creating four lists of six words, this webpage creates Diceware passphrases for you from a large random word list.
I will never stop stressing the importance of keeping your personal email account secure. It holds the keys to a lot of your kingdom. By devising ways to make a fun, memorable passphrase, you make it easier to remember during authentication and much, much tougher for the bad people to grab your password via brute force.