resetting master password

nopenotme
nopenotme
Community Member

One copy of my emergency kit is in our safe deposit box. But recently, a 2nd copy has been misplaced. So I've regenerated my secret key, making sure that the only two authorized devices are in my possession. I'd like to now create a new password. My question is this: how many Diceware words are considered to be a reasonable number for this purpose? I know there will be great variability on this, but is there any guidance? How many is definitely too few? Given the recommended level of entropy in today's environment, how many are considered reasonable? My previous password used 6. I've had it for so many years I've lost count. It just flowed from my finger tips to log in-- yeah, I'm in mourning for that password. It served me well.

I'm using the family version of 1Password, in a browser with Chrome extension, mainly. Also used on iPhone 15 with latest iOS version.

So, is 6 words still considered a decent passphrase?

Comments

  • ag_tommy
    edited May 9

    @nopenotme

    The following may help some with your questions. I'm personally a fan of six word (or more) for my needs. 4 seems too short for my personal use. I've always been someone to prefer increased length passwords. I was actually surprised when I switched to word based at how easy the memorization is.

    How to Create a Strong 1Password Account Password

    Edit: For clarification mine is currently 8 words in length. I used 1Password to create the words. Nothing human conceived when I changed it to ensure true randomness.

  • nopenotme
    nopenotme
    Community Member

    Thanks, maybe I'll stick with 6. I did look through 1Password articles like that, but they didn't seem to provide updated information about my specific question.

    When generating "master" passwords, I use Diceware, and trust no one-- so I don't use computers to generate the list. I printed a copy of the Diceware wordlist about a decade ago, so I don't need to open a document. I keep dice in a plastic bag for this purpose. Roll the dice, and consult the paper list of words. Once I've created the password, I'll keep it on a small piece of paper until I am sure I've memorized it-- then it gets shredded. I write it on the emergency kit printout at that point too. For the individual passwords within my 1Password vault, I use the built-in generator. I'm just a bit reluctant to use computers in any way when it comes to generating the master password.

    I just couldn't find any advice specifically on "if you use a Diceware password, the reasonable number of words we recommend is..."

    I'm probably overthinking this. Unless I hear otherwise soon, I'll likely go with 6.

  • Sounds like a plan. Best of luck and be sure to write that password down until you recall it.