"diceware is the one way to teach the general public to make passwords, if you could only teach the general public one thing"
thoughts?
@handle Diceware is for encryption key seeds imo.
Guess and check style passwords, like a debit card pin, don't actually need to have that much entropy in them. They just need to not follow obvious patterns and to be unique. And unfortunately, they also need to be flexible enough to adhere to whatever stupid draconian password policy will be forced on the user.
If I was going to teach someone one thing about passwords, I would probably teach them Password Manager + paper backup. Am I cheating? Is that two things? I don't know. If I had to cut it down to one thing I might choose paper.
@handle I just first try rolled "kinda awake viper chap" Which sounds like it was not randomly generated, but it actually was
🐍🎩
@handle I solved the "how do you generate a secure password" problem by just writing the code myself.
https://pwm.sequentialread.com/
Obviously, that's not something that the average person can do, but I hope at least that I'm improving the situation by publishing my result.
Sometimes I don't even use that thing though. I just think up random words. it will be some word or weird train of thought that comes from something that happened that day or from a news article that I saw that day. And after I choose a word, then I start over and try to find another separate source of something random to choose a word based off of.
I'm sure that this produces slightly less entropy than a dice roll would, but honestly, I don't think it really matters. I don't think anyone brute forces these kinds of things.