Users want passwords that are easy to remember, unfortunately that generally also means easy to crack. Here is a way to solve both those problems The weakest link in IT security is usually users. Their biggest weak spot is passwords. Users want passwords that are easy to remember – which means easy to figure out. The solution is something that’s easy to remember and hard to crack. Thanks to a site called Diceware the solution is also free. What Diceware does is replace passwords with passphrases. The reason this is better for both users and security is elegantly explained by XKCD. Cartoon courtesy of xkcd In short, most human generated passwords don’t contain enough entropy (uncertainty, for us lay folks). The more uncertainty involved in the password the better. Diceware takes care of that. It is a simple, free system created by Arnold Reinhold, who has written books for Wiley and on cryptography. The system only requires you know how to read and have access to a plain old six-sided die. (So there might be one expense: A big box of dice.) Roll the die five times and write down each result in order. That will give you a five digit number like 33152. Go to the Diceware Word List – which contains 7776 short English words, abbreviations and easy to remember groups of letters. Find the word that matches your number. Repeat three (or more) times. Here’s what I got: 33152 = Hobbs 54336 = slave 34362 = Jason 34345 = jam You can alter that in any way that makes it easier to remember. I would change jam to jams to make a complete sentence out of it: Hobbs slave Jason jams. You get the idea. Even better its so simple even the folks in marketing should be able to use it. Hopefully. It doesn’t have to be four words, of course. Use more if you want to make it harder to crack. If you don’t want to use the Diceware list you are free to generate your own. The system is clearly adaptable. Of course another free way to make your security even better is to have users change their catchphrases on a regular basis. Good luck on that. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe