Making up passwords is hard. You want something you can remember which is and you need something difficult to guess or brute force.
For countless years, I have been a fan of Diceware for generating memorable passwords, really pass-phrases, and you should be too. (Purely coincidentally, it lives on a server, the first version of which I setup in 1989!)
At its heart Diceware is simple, it’s a list of 7,776 words that looks like:
1 2 3 4 5 6 7 8 9 10
Why 7,776? Because each word has a 5 digit identifier and each digit of that identifier is a number from 1-6. ‘6**5 = 7776’. That may seem strange, but it means that each a random word can be selected by rolling 5 (6-sided, you nerd) dice.
If I roll five dice and get 1, 3, 2, 5, and 1, I would find 13251 and get balky from the standard English Diceware list. Repeat five more times and I would get something like
It’s a strange bit of prose, but it’s also something you can actually remember if you put you mind to it.
The absolutely safest way to generate these passwords is to use actual, physical dice. Roll five of them six times and use those numbers. But… You’re not going to do that are you?
OK, if you want some code, it might look like:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Running the script will spit out six, randomly selected words. If six is not you thing, it optionally takes a numeric argument for the number of words you want.
A six word Diceware pass-phrase has 77 bits of entropy which is strong. Need numbers or symbols in your pass-phrase? Visit the Diceware page for a technique using dice to add numbers and symbols to the words you generate. You’ll also find word lists in Dutch, Esperanto, Finnish, French, German, Italian, Japanese, Polish, Russian, Spanish, Swedish and Turkish.
There are no perfect passwords, but with Diceware in your toolbox yours will be better.