My password manager nudged me to update the master passphrase this week; apparently I’ve been using the same one since 2016 (!). Which definitely isn’t a best practice. Thought I should share the tool I use to generate a passphrase that’s both random & memorable. Probably still hackable by brute force, but not by figuring out my pets’ names.

I’ve been using Diceware Passphrase for quite some time… it’s a list of thousands of short words, each assigned a number. The numbers are all 5 digits long, each digit between 1 & 6. Which means that you can use a 6-sided die as a random number generator. Roll the die a bunch (I go 30 times), then use the word list to map the numbers to words. You now have a very random passphrase, but instead of having to memorize 30 digits you only have 6 words (and I’m not a cryptologist, but my understanding is that words are harder to brute-force than just digits?). I’ll also throw in a 7th word that does have personal meaning, mixed with punctuation & numbers, just to be thorough.

(In the interest of not-victim blaming, if you get hacked you are not the one at fault. The hacker is, pure and simple. They’re the baddie. And since humans are not inherently ethical and there are baddies prowling in the ecosystem, I believe in helping people set up defenses against them. But I don’t think that saying “here are the ways you can mitigate your risk” is the same as “if you don’t do this, you’re to blame,” and I hope you don’t take it that way.)