Change Your Password: This New Word List Makes the Diceware Method User Friendly

Plain English passwords can still be plenty strong.

Cybersecurity technology.
Cybersecurity technology.

Given all the cybercrime over the last several years, you can pretty much guarantee that your password has been compromised. If you want to check, head over to Troy Hunt’s HaveIBeenPwned site and enter your email. You’re probably on there (I am). Most people are overdue to update their (terrible, terrible) passwords.

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a rel="nofollow noreferer" href="">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

The best way to generate a good password involves random chance. The Electronic Frontier Foundation recently released a new list of words that can be used to generate a super secure password from plain English words. A tech fellow at the non-profit security and privacy organization, Joseph Bonneau, put the new list together, informed by his PhD research.

EFF believed an update was needed, because the list that has been commonly used for some time featured a lot of weird, hard to remember words. This list draws on research into widely familiar words, making it cognitively lighter to remember a strong password.

Here’s some passwords I made using the new EFF list:

  • conjoined sterling securely chitchat spinout pelvis
  • rice immorally worrisome shopping traverse recharger
  • diary boondocks charcoal escapist bonehead arise

Compare those to the weird words I got using the heretofore dominant Arnold Reinhold list, which contains more obscure words, but keeps them short (no words on Reinhold’s list run longer than six letters):

  • dobbs bella bump flash begin ansi
  • easel venom aver flung jon call
  • beige sulk chuck for virus epoch

To generate a weird phrase of your own, go straight to a text file of the more user friendly list of words, which you can easily download.

To use it, generate five random numbers between one and six. Look for that sequence of numbers on the list. That gives you your first word. So, if you rolled 5-3-4-3-3, the corresponding word would be: securely.

Do that six times in a row and you have a password that no one is guessing any time soon.

If you really want true randomness, use real dice. Or pay middle schooler Mira Modi to roll one up for you, for $8. She’ll write your password down by hand and mail it to you in an opaque envelope. She’s been doing this for a while, though, so she might not be using EFF’s easy word list.

SEE ALSO: This is just about the only free adult content site that’s TLS-secure

That said, you’ll probably be fine if you use a random number generator online. One option: the Diceware Random Generator. The site lets you customize your password a number of ways. It has EFF’s new list built in (select it on the drop down menu), but it also has words in other languages.

I just generated this password in Swedish (I hope it’s not rude):

  • dika spasm sans bygel slyna nr

I previously wrote some guidelines for generating stronger passwords from your personal biography. I still stand by them. They may not quite pass the test of what a cryptography PhD would recommend, but using those easy to remember methods will give you much better passwords than those that most people use.

Whatever you do, change your password. You’re due.

Change Your Password: This New Word List Makes the Diceware Method User Friendly