- Do you write them all down on a sheet of paper? (- What if this piece of paper … ?)
- Do you save them all in an application on your smartphone? (- Hopefully you are using a strong master passphrase to protect them?)
- Or do you use something simple like ‘123456’ each time, just for the sake of using a password? (- You do know you shouldn’t do this, don’t you?)
A Multi-Level Strategy For Creating Safe Passwords
Roll the dice several times, and write down the numbers you get. You’ll need a total of five dice rolls to come up with the first word in your passphrase. – Don’t just make up some numbers. It is very important that you roll the dice because you are generating entropy by doing so and extracting true randomness from nature.
If you roll the number three, then one, then two, then six, then two, and then look up in the Diceware word list 31262, you’ll see the word “glass”. That would be the first word in your passphrase.
You now repeat this step until you came up with at least a six-word-passphrase.
If you want a stronger passphrase you can use more words; but I wouldn’t use less than six words because the strength of a Diceware passphrase does depend on how many words it contains.
The above mentioned article on The Intercept fetches the math behind passphrase guessing and points out that a five-word passphrase could be cracked in just under 6 months, whilst cracking a six-word passphrase would take 3,505 years on average.