DISCLAIMER: I have not used any of the “passwords” in this post as real passwords. So go ahead and try them all you want!
An acquaintance contacted me recently, and was asking about how to use darknet markets. One of the things I had advised this person to do was to make sure that they used a secure passphrase and/or username.
This is just good internet advice in general, but I would say that it goes double for the dark web.
One of my earliest posts on this blog was entitled Dark Web: Fake Words and Secret Codes. In it, I had suggested the diceware method for generating strong passwords – and I still do, actually!
Just to review: the way this is accomplished is that you roll a die (or pair of dice), and each 5-number set represents a word, number, or group of letters taken from a long word list.
They might look like this:
You then combine those words or numbers together, and that’s your password. Some people add periods or dashes in between the words, too. So, the final result would be “ron.noel.acidic.sequel.llll.”
For full details on how the diceware method works, see Diceware Passphrase Home.
This method, however, can be time-consuming. And the longer your password (or “passphrase”) is, the greater the chances are that you’ll make a mistake when typing it.
Throw Away the Dice??
My friend Arne Babenhauserheide, who is a programmer, came up with an alternate method of generating secure passwords, which he shared on his blog, Zwillingssterns Weltenwald.
The post in question is entitled Create secure passwords, usable on US and German keyboards.
Arne goes into detail about what denotes a strong password –
“Use blocks of four letters, chosen at random from a set of safely recognizable characters which are in the same position on German and US keyboards. Delimit blocks by a delimiter chosen at random from another set of characters.”
For a 12-character password: m3M4+v0Tg+ENHS
15 characters: QXL3+GWbh!vUqP.6d3
20 characters: VMCt!u6sF+Mxc5/fSwe/g7Vm
50 characters: MMWW.ruR3+vejH-7s6a.BiQi,89R5-51oq-FsFT,RK1M,HWmG*wvuj,D1om.9g
Well OK, 50 is probably overkill. One thing to point out – though you can use the password generator online, it’s much safer to download the web page and do it offline. I tried it – it works just fine!
There are a number of other sites that have a similar feature, but with any of these, I would recommend the same thing – download the page and generate the password offline.
Even if you don’t want to use these for your passwords, they can be fun to try out:
I confess that I don’t know which of these “generators” are the most or least secure, but if you come up with a passphrase that works for you, then more power to you.
That’s Utter Nonsense!!!!
Oh, I almost forgot – the username part! It’s up to you, but if you want a more pseudo-random username, I like to use nonsense word generators (which I also mentioned in the earlier blog post).
I used to use the one on http://www.soybomb.com/tricks/words/, but it seems to be having errors a lot lately.
There are quite a few more of these as well, some of which I’ll share:
Obviously, you don’t have to do this, but it can be fun, and can also take the effort out of the whole, “What do I pick for a username?”
Here’s a random (or pseudo-random) result:
And there you go. Have fun, kids!
Oh, and you might want to use a VPN too.