Many of you maybe thinking, “That’s great… if I know someone uses Diceware, then I’ve got myself a wordlist for brute-forcing.” Even if you know an individual uses Diceware and download the wordlist, it’d be a difficult passphrase to crack.
The Diceware list has 7,776 words. If you use a five-word passphrase, the total number of possibilities is 7,776 to the 5th power. If you use a seven-word passphrase, you’re looking at a whopping 1,719,070,799,748,422,591,028,658,176 possibilities, which boils down to about 90 bits of entropy. Of course, you could achieve this same mount of entropy with a password generated by a password manager, but it would be extremely difficult to remember. It would, however, be equally difficult to crack.
Overall, this is a great solution for the chicken egg problem of password managers. During the first week of using it, you may need to have the passphrase written down. After that, it’s just muscle memory. It couldn’t be simpler. Aside from the extra security, making a Diceware passphrase is also kind of fun; I rolled up the four-word passphrase “man haley i’d cream” which gives me an entropy of 71 bits. Not bad, definitely better than my old password “hunter2” which was only 24 bits… and probably on a list somewhere.