The weakest link in IT security is usually users. Their biggest weak spot is passwords. Users want passwords that are easy to remember \u2013 which means easy to figure out. The solution is something that\u2019s easy to remember and hard to crack.\n\tThanks to a site called Diceware the solution is also free.\n\tWhat Diceware does is replace passwords with passphrases. The reason this is better for both users and security is elegantly explained by XKCD.\n\tCartoon courtesy of xkcd\n\tIn short, most human generated passwords don\u2019t contain enough entropy (uncertainty, for us lay folks).\u00a0 The more uncertainty involved in the password the better. Diceware takes care of that.\n\tIt is a simple, free system created by Arnold Reinhold, who has written books for Wiley and on cryptography. The system only requires you know how to read and have access to a plain old six-sided die. (So there might be one expense: A big box of dice.)\n\tRoll the die five times and write down each result in order. That will give you a five digit number like 33152. Go to the Diceware Word List \u2013 which contains 7776 short English words, abbreviations and easy to remember groups of letters.\u00a0 Find the word that matches your number. Repeat three (or more) times.\n\tHere\u2019s what I got:\n\t\n\t\t33152 = Hobbs\n\t\n\t\t54336 = slave\n\t\n\t\t34362 = Jason\n\t\n\t\t34345 = jam\n\t\n\t\t\u00a0\n\n\tYou can alter that in any way that makes it easier to remember. I would change jam to jams to make a complete sentence out of it: Hobbs slave Jason jams. You get the idea.\u00a0 Even better its so simple even the folks in marketing should be able to use it. Hopefully.\n\tIt doesn\u2019t have to be four words, of course. Use more if you want to make it harder to crack. If you don\u2019t want to use the Diceware list you are free to generate your own. The system is clearly adaptable.\n\tOf course another free way to make your security even better is to have users change their catchphrases on a regular basis. Good luck on that.