People can secure online accounts and others using password. But humans have limited capacity, and that's a problem.
Many people don't follow proper cybersecurity hygiene by creating strong passwords because doing so can be complicated and intimidating. Those people also tend to reuse passwords for different services, a practice that makes users the most vulnerable during a data breach.
Sure, there are password managers around. But that requires users to remember one extra long master passwords for years - a task that is not easy to accomplish.
Modern cybersecurity is developed based on researchers' paranoia. It needs to meet a lot of tough demands.
Researchers have been dreaming of a way to create one strong password that is random and complex, unbreakable, futureproof, and reliable.
And this time, there is 'DiceKeys', a method to create an ultra-strong password that can last a lifetime, and doesn't require the user to remember anything.
It introduces a novel way of creating and preserving a master password, by simply rolling the dice.
Stuart Schechter, is a computer scientist at the University of California, Berkeley. He is also a lecturer at the university for the School of Information that studies security, human-computer interaction, and distributed systems.
He has developed a simple kit for physically generating a single super-secure key that can serve as the basis for creating all passwords that can last a lifetime, if not decades.
He came up with a way to use a plastic contraption that looks a bit like a word game called Boggle, and pair that with a web app to scan the resulting dice roll.
What makes this method unique is that, the key is offline.
The box of dice is designed to serve as a permanent key.
All users need to do, is just roll the 25 dice into the plastic box, close the box's lid to permanently lock the dice into place, and let the app do the rest.
"You just roll the dice," said Schechter "Instead of having to enter a big secret when you want to do something that requires a super-strong password, you can just scan them in."
Each of the 25 dice has a combination of a letter and a digit, and a barcode-like symbol for marking the dice's orientation relative to the grid. The DiceKeys app can scan the front-facing faces of the dice, to generate a cryptographic key.
Because rolling the dice will make them show random faces in different orientation, the number of possible permutations from the 25 dice with six sides in different orientations, will result in an arrangement of around 196 bits of entropy, Schechter says, meaning there are 2196 different possibilities for how the dice could be positioned.
In other words, according to Schechter's estimates, that's about as many possibilities as there are atoms in four or five thousand solar systems.
"With modern technology, you can’t really build a computer big enough to guess this number without crushing yourself under its gravity," he said, suggesting that the number of possibilities makes it impossible for anyone to reverse engineer it to figure out the underlying key.
It's through these seemingly countless possibilities that the app generates an ultra-long, purely random passphrase that can be cut and pasted into a password manager as its master password, for U2F keys, or for securing cryptocurrency wallets.
To ensure security, the DiceKeys app doesn't store the key it creates from scanning the dice. What users can do, is to only regenerate that same key by re-scanning the dice box.
DiceKeys is a permanent, offline solution to regenerate a master password even if users lose or forget it. As long as users never move the position of the dice, they can always re-scan the dice box to re-create the same exact cryptographic key and subsequent password.
DiceKeys is simple, and more like writing down passwords on a piece of paper.
But also like writing down passwords on a piece of paper, the biggest weakness is when it is lost or stolen. And in DiceKey's case, it's also if the dice is moved, like through unwanted external force.
Schechter said that the blue plastic box is sturdy, and can withstand drops from the height of a tall human. It's also toddler-proof.
Schechter is also working on creating a fireproof version that is made of steel instead of plastic.
So here, DiceKeys is indeed a novel way to create a password, and most importantly, without requiring users to remember anything. This is an advantage to practically anything else, even if compared to writing a password on a piece of paper.
More importantly, Schechter believes that the DiceKeys could actually encourage more people to use a password manager who might otherwise be intimidated by the idea of losing their master password. Schechter knows that DiceKeys is not perfect, but he knows that it pushes people to the right direction.
Schechter said that initially, DiceKeys is still in alpha testing, meaning that there could be bugs and may not be perfect yet.