• Digital Kleptos
  • Posts
  • Lock Down Your Password Manager With An Extremely Strong Diceware Passphrase

Lock Down Your Password Manager With An Extremely Strong Diceware Passphrase

Since your Password Manager is the “keeper of the keys” to your online life, keeping it secure is a top priority.

Author

Anthony Collette
September 30, 2025 • Estimated Reading Time: 7 minutes

Happy Tuesday!

Last week we explored Password Managers — a truly elegant solution to a very irritating problem — how to create, remember and type all the passwords we need for our online accounts.

Your Password Manager can create Modern Passwords for you almost instantly, and you don’t have to remember or type them anymore. Quite an improvement!

But how do you secure your Password Manager? Since you’re trusting it with the keys to your online life, it needs to be locked down, too. But you also need a memorable password so you never get locked out!

That’s where Diceware Passphrases come in. They’re a rock-solid method to keep the contents of your Password Manager private.

— Anthony Collette
Founder, Loistava Information Security

What’s A Diceware Passphrase?

Roll the dice, match the numbers to words, get a passphrase. That’s the idea behind Diceware. It’s very simple, but very secure.

A Diceware Passphrase is a string of 6 or more words — all lower case and chosen completely randomly using dice.

Typical passwords are usually short, eight to twelve characters and often include special characters and capitalized letters. Passphrases are usually much longer — typically 25 to 64 characters (including spaces). Diceware Passphrases rely on greater length for security.

Creating a strong passphrase is extremely important to protect all the passwords for your online accounts that are stored in your Password Manager. This “master password” should be used only for one purpose, to secure your Password Manager. That means you don’t use this particular Diceware Passphrase anywhere else.

A Diceware Passphrase should be:

  • Known only to you

  • Chosen completely randomly using normal dice

  • Long enough to be secure (6 or more words in length)

  • Hard to guess — even by someone who knows you well

  • Easy for you to remember

  • Easy for you to type accurately

Privacy-first email. Built for real protection.

End-to-end encrypted, ad-free, and open-source. Proton Mail protects your inbox with zero data tracking.

How Do You Create A Diceware Passphrase?

It’s pretty easy. You simply roll 5 six-sided dice all at once and write down the numbers. Then you look up that randomly generated 5-digit number in a Diceware Word List. Repeat the process for each word in your new Diceware Passphrase.

Feel free to write them down and securely store them. But memorizing that new passphrase can be kinda fun! After you’ve created your new custom, completely random passphrase, memorize it using a comical voice in your head, saying it like:

  • Your favorite Disney character.

  • A wizard’s spell.

  • John Wayne.

  • Lizzo.

You get the idea! Try to have a little fun with it, and the experience will be more enjoyable.

If you prefer a video explanation, check out this one by the EFF.

How Do I Make A Diceware Passphrase?

To begin your Diceware Passphrase adventure, you’ll need some regular, 6-sided dice.
And you’ll want to download a copy of the improved Diceware Word List. Here’s a link to the EFF Diceware page, where you’ll find more information, and links to various wordlists: https://www.eff.org/dice

If you’d like a PDF of the EFF Long List, which also includes an introduction written by Joseph Bonneau, that’s available here.

What Makes Diceware Passphrases So Special?

Many security concepts are difficult to explain because they’re abstract or highly technical and are unfamiliar to most typical users. But creating Diceware Passphrases involves an easy-to-understand, straightforward manual process, which offers a tactile experience.

Diceware Passphrases are:

  • Easy to create.

  • Easy to demonstrate.

  • Easy to do correctly.

That last point is important because for many typical users, adding security to their daily online experience creates friction, and it’s easy to do security processes incorrectly.

What If Someone Tries To Guess My Diceware Passphrase?

It’s extremely difficult for a hacker to guess.

If one of those Digital Kleptos™ tries to hack into your Password Manager, they won’t know:

  • That you’re using a Diceware Passphrase.

  • Which Word List you used.

  • How many words you chose.

  • In which order those words appear.

  • Which word separator you used (spaces, underscores, dashes, etc.)

  • If any of the words are in a language other than English.

This Combination Makes All The Difference

  1. Use a Password Manager to create strong, Modern Passwords for your online accounts.

  2. Lock your Password Manager with a Diceware Passphrase.

  3. Lock your laptop/workstation when you walk away from it.

By using this powerful combination, you don’t even need to know what your passwords are, which is a huge relief. You can eliminate 95% of the pain of passwords. Right Now.

Next week we’ll wrap up our Brilliant At The Basics Of Cybersecurity series with an exploration of Multi-Factor Authentication. That’s another way to prove it’s really you logging into one of your online accounts.

Diceware is a trademark of Arnold G. Reinhold.

Join us

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette

Digital Kleptos™

Reply

or to participate.