Are there too many obstacles involved in trying to use Diceware to set a new master password?

jazzman

I was reading all the tips on how to use Diceware. The instructions say you should take all the necessary steps before installing your wi-fi router, opening a new security account and setting up any encrypted disks. Good luck with that. Can someone explain to me how anyone could achieve this? I'm baffled to say the least. First, I get all paranoid about passwords from Dave Teare's last e-letter, and now I find it is all but impossible to even use Diceware according to the instructions.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

jazzman

Hi @Stephen_C@littlebobbytables

Would you guys please take a look at this for me. I would appreciate your thoughts on the matter.

Vee_AG

Hi @jazzman,

Kudos for looking into diceware and taking your online security so seriously!

The instructions say you should take all the necessary steps before installing your wi-fi router, opening a new security account and setting up any encrypted disks.

I'm sorry but I'm not familiar with what steps you're referring to. Diceware is just a method for creating strong, memorable passphrases using random words, and it's not necessarily related to routers or encrypted disks or anything. A good example of a diceware tool we like is https://www.xkpasswd.net/.

Related is our ever-popular blog post: Toward Better Master Passwords

Could you provide us a link to what you were reading, so we can better comment? Thanks in advance!

jazzman

Hi @Vee,

Thanks for your response. What I was referring to can be found here: http://world.std.com/~reinhold/diceware.html. It says: "You should follow the Diceware instructions here to create your passphrase before installing a WiFi router, creating your PGP or GPG key, opening a new security account or setting up an encrypted disk."

I read all of "Toward BetterMaster Passwords" and was heading in that direction until I saw that one sentence. Do you recommend Reinhold"s Diceware method or what? Seven words, maybe, including one grouping of words/symbols of your own?

jazzman

Hi @Vee,

The above is found once you get there under "What Is A Passphrase?" about half way down.

Stephen_C

Diceware is simply a method for creating strong, but memorable pass phrases using random words. You don't have to use it but it's a good way of achieving strong and memorable passwords for absolute key things you need to remember, like your master password. Clearly most passwords you store in 1P don't need to be so memorable so you can use the 1P password generator for those.

Stephen

jazzman

Hi @Stephen_C

How about the thing where it says you should take all the necessary steps before installing your wi-fi router? That puzzles me.

Stephen_C

What the article actually says is:

You should follow the Diceware instructions here to create your passphrase before installing a WiFi router, creating your PGP or GPG key, opening a new security account or setting up an encrypted disk.

(The emphasis is mine.) I take that to mean anywhere you want or need to use a Diceware pass phrase you should set up initially using that strong pass phrase (i.e., not initially set up with a weak one—or, worse still, the router default—which may leave yourself open to intrusions).

I don't think there's any magic in this. It's just sensible to use strong passwords or pass phrases anywhere you need to have a password.

Stephen

jazzman

Thanks. I got it.

Megan

Hi @jazzman,

I'm glad to hear that Stephen was able to answer your questions. If you have any further, we're happy to help!

jazzman

Hi @Megan,

Just one, Megan. Do you use Diceware?

Megan

Hi @jazzman,

I've used Diceware to create my Master Password, and for other passwords that I want to remember (like my Dropbox password, and my Apple IDs, because Apple seems to continually pop up and request them!) but all other passwords are random strings of gibberish generated by 1Password.