Poor password management is a perennial problem for enterprise IT. Nobody seems to have developed a good way to get users to come up with passwords that they can remember but computers can't easily crack. Until now, perhaps. The website Diceware offers a system that is not only easy but costs no more than the price of a box of dice, explains Constantine von Hoffman in a post at CIO magazine.

Instead of passwords, Diceware advocates passphrases, which are much longer and harder for computers to crack. The typical password dreamt up by a user does not involve enough uncertainty to create a solid defense against hacking. To build in more uncertainty, Diceware suggests a system developed by cryptography expert Arnold Reinhold.

You start by rolling a die five times and recording the result each time, creating a five-digit number. Then you pull up a list of 7776 short words on the Diceware site and locate the word that matches your five-digit number. You repeat the process at least three times, so that you end up with a phrase, which you can modify so it's easy to remember. With three words, you've got a 15-digit code, with four words, you've got a 20-digit code, and so on.

The more words in your easy-to-remember passphrase, the harder it is to crack. You can even come up with your own unique word list to add in more uncertainty.

For more, see:
- Constantine von Hoffman's post at CIO

Related Articles:
Survey: IT pros guilty of password shortcuts
Not-so-conventional wisdom on password management