A tool for making strong, memorable passphrases.
DicePhrase is a browser extension that helps you easily create strong, memorable passphrases, such as
BazookaClangUnstuckTransferQuoteJokingly, by rolling six-sided dice to randomly select from a set of thousands of words. This system is more unpredictable than picking words on your own or trusting computer-generated randomness.
Why passphrases instead of passwords?
Long, random passphrases are more secure because they're more difficult for an attacker to guess than simple passwords. While
Batman1989 is too easily guessed and
&1KJl6a8y$g*01W}i21!MZ is too hard to remember, random passphrases like
DonutConfinedCurveHurricaneJuggleWidget are strong and memorable.
Passphrases don't need to be personal to be memorable. Personal things like birthdays, addresses, anniversaries, names, lyrics, books, movies, etc. are not very secret; anyone can find out your address, pet's name, or favourite songs. Picking words randomly ensures your passphrase is unbiased and unpredictable.
How does it work?
You do five dice rolls to randomly select each word for your passphrase, so if you need a 6-word passphrase, that's 30 dice rolls. You input the numbers into DicePhrase, which uses them to look up corresponding words in a table of 7776 possible words, and a passphrase is generated. The more words you have, the chances that anyone would ever guess your passphrase become exponentially smaller.
Why use dice?
Dice are a more reliable and transparent source of randomness than choosing numbers yourself or having a computer generate random numbers. Humans tend to have too much bias when attempting to make random selections, and it's hard to prove that the complex systems used by computers for creating randomness are truly unpredictable. If you don't need such a high level of unpredictability, DicePhrase can generate pseudo-random numbers without dice when you click "Skip" in the main popup window, although using dice is still recommended.
When should I use passphrases?
Passphrases are ideal when used to encrypt information. They're perfect as the master password for a password manager so you only need to remember a single strong passphrase. They're also great for securing WiFi networks, disk encryption, PGP or SSH encryption keys, and any other encryption system. Use them whenever you need memorable authentication in general.
For online accounts, having strong passphrases is good, but may not be enough protection from attackers who use techniques like phishing to steal credentials. You should enable Two-Factor Authentication, which adds a second step to the login process, and consider saving unique passphrases for each account in a password manager.
DicePhrase has a variety of features to protect the confidentiality of your passphrases. Most importantly, passphrases aren't saved, they're automatically cleared 10 minutes after they've been created (you should memorize them or save them in a password manager application). DicePhrase is also free and open source software, so anyone can inspect the code to verify its safety. You can read more about DicePhrase's security design, as well as how to report bugs, in the Help document.
DicePhrase requires Google Chrome, Chrome OS, or Chromium, version 22 or later. Make sure you're running the latest version of your browser in order to have the best security protection.
At least one six-sided die is needed to create random passphrases. If you don't have any dice available, DicePhrase can generate pseudo-random numbers instead, although real dice are still recommended.
Anyone is welcome to help build this program. Together, we can make it even better. You can help by:
- Reporting software bugs or suggesting new ideas on the issue tracker.
- Submitting code changes or fixes.
- Auditing the code and reporting security issues.
- Telling your friends about DicePhrase and/or sharing it with them.
DicePhrase's documentation needs to be compiled using Jekyll. See the build notes for more info.
By submitting code changes, you agree to licence your work under the GNU General Public License, version 3 or later. By submitting documentation changes, you agree to licence your work under the GNU Free Documentation License, version 1.3 or later.
DicePhrase is copyright © 2018 Lucas Bleackley Petter.
DicePhrase is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
DicePhrase is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
Permission is also granted to copy, distribute and/or modify DicePhrase's documentation under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
The full text of both licences is bundled with DicePhrase here.
Credit to third-party software used in DicePhrase
- Bootstrap is copyright © 2011-2016 Twitter, Inc., licenced under the MIT License.
- "external-link-ltr-icon.svg" is part of MediaWiki, copyright © 2016 MediaWiki collaborators, licenced under the GNU GPL 2.0 licence.
- Font Awesome is copyright © 2016 Dave Gandy, licenced under the MIT and SIL OFL 1.1 Licenses.
- The Long Wordlist is copyright © 2016 Electronic Frontier Foundation, licenced under the Creative Commons Attribution 3.0 licence.
- Modernizr is copyright © 2016 Modernizr collaborators, licenced under the MIT License.
- OpenWireless is copyright © 2014 Electronic Frontier Foundation and other contributors, licenced under the Apache 2.0 licence.