Hey, howdy, hallo,
Happy New Year!
GrapheneOS is releasing a new feature: 2-factor fingerprint unlock. While I’m not going to talk about that feature today, I do want to discuss something they mentioned in that post: Diceware passphrases.
If you’ve ever used a password manager, you’ve likely relied on the built-in password generator to create long strings with all sorts of symbols, letters, and numbers. These are fantastic—don’t get me wrong—but they have some downsides. Have you ever tried to share one of these with someone verbally? If someone is visiting and needs your Wi-Fi password, it can be a nightmare to explain what to type.
On the flip side, have you ever tried to manually type one that you couldn’t autofill? It makes you question why you use them in the first place.
That brings us to passphrases. These are strings of randomly chosen words. When it comes to future-proof security, it’s all about length. A complex password that’s 10 characters long, using uppercase letters, lowercase letters, numbers, and symbols, will not be as secure as a 5-word passphrase. It’s also much easier to type out “product-doorpost-fraternal-defuse-tarantula” than “m^rY%)7Q#},nH;g”.
These passphrases are designed to be created using a physical set of dice and a word list. While this might not be practical for everyone, there are websites and password managers that can generate these passphrases for you. Essentially, you roll 5 dice, match the resulting number to a word on the list, and that becomes your first word. You then repeat the process for as many words as you want in your passphrase.
Rather than re-writing something that is already well explained, I recommend reading these two sources if you’re planning to use them.
The goal of this email was to make you aware of these options, so take a look and consider using one for your password manager or Owner User Profile on GrapheneOS.
I hope you had a great December, and Happy New Year!
-Josh
I loved Lego’s growing up. This site has an interesting write-up on the UX of Lego interface panels.
🎧 Stuxnet — The world changed forever in 2010. Stuxnet revolutionized the way nations waged war in cyberspace, and there was no turning back.
🎧 Conficker — Conficker exploited a vulnerability in Windows systems (MS08-067) to spread rapidly across millions of machines, from government networks to critical infrastructure.
🖥️ My Top 3 Favorite Linux Commands (and How I Use Them) — I share my three favorite Linux commands that I use daily: dig, whois, and ping.
🖥️ How GrapheneOS Releases Work - Everything You Need to Know — Have you ever wondered why your device doesn’t immediately get the latest GrapheneOS update after it’s announced?
🟡 Yellowball is a podcast hosting service I built and run. I didn’t like the options out there when I wanted to start my podcast, so I built the service I wish existed. It’s where I host my show, In the Shell. If you’re interested in starting your own show, checkout https://yellowball.fm for more information, or reply to this email if you have any questions about it.
“Clarity comes from engagement, not thought.”
I intentionally don’t include any tracking or analytics in my emails, which makes it tough to tell if anyone actually reads them. If you enjoyed this email, feel free to reply with a 🎆 and if you didn’t write back one sentence on what you would change.