Six Word Password

What?

Passwords are one of the most misused and misunderstood ways to access our life. Theres lots of conflicting practices, and many, many reused passwords. As we solidify our presence in the digital world these passwords become increasingly important and simultaneously poorly made. Many people reuse the same password for every account, some use birthdays, names of loved ones, and common phrases.

On top of this, the privacy and data practices of companies have been dwindling leading to data breaches that seem to never end. Often these data breaches can expose your name, email address, phone number, physical address, and of course, your password. Even when this information is encrypted (as it should be), common or reused passwords can still be checked against large databases of known passwords and their hashes leading to many lost accounts. If you reuse your passwords, it only takes one breach to lose access to your entire digital presence.

Many people post their whole lives online making it easy for an attacker to put together a short database with your interests, family members, pet's names, and birthdays to generate a long list of all potential passwords for any given person.

For common or short passwords attackers might not even need to research their target. Generating every possible short password is quite easy, so easy in fact that there are already lists online containing all commonly used passwords and all randomly generated short passwords.

To combat this, it's necessary to use unique, long, and random passwords. This is why many sites have requirements for length and require the use of numbers and special characters. For every additional character or the inclusion of a number or special character makes it significantly more difficult to guess or generate for an attacker.

Who is remembering hundreds of unique passwords? It's incredibly difficult just to remember phone numbers or people's names. A random collection of letters, numbers, and special characters is downright impossible to remember for many people including myself.

One solution to this is a password manager. Many will generate long and unique passwords and then automatically use them to login for you. This is a great solution but what password do you use to login to your computer, phone, or password manager? You could just remember a couple random passwords, but a better solution is using a passphrase. A mix of a couple words and numbers separated by special characters will increase the time for attackers to generate passwords by such a large degree that it becomes effectively impossible.

Why?

I wanted a way to make my own passwords with a flashy UI. Although I was originally intending to add this code to a password manager, my new password manager added it shortly after I finished my project.

How?

The website is made with Next.js and CharkraUI, although this is soon going to change. I initially use ChakraUI for its styled elements, but an unintended side effect is forcing client side rendering and a flashbang effect from ChakraUI loading background colors. Many of the elements I used can and will be redesigned using Tailwind CSS.

Each password is randomly generated from a list of words made available by the EFF. To generate the password, I would get five random numbers, put them together, then find the word associated with that final number. The dice visuals are meant to convey the randomness of the number generation and serve as a nice visual.

You can visit the SixWordPassword website here.