Why do I have to roll dice for a new password?

Rolling dice makes the creation of random data transparent for you. To make sure, that the random data is good enough, you only have to check if the dice has all numbers from 1 to 6 and is shaped like a cube. To check the quality of random data that is created by an algorithm you need to not only be able to program to read the algorithm, but have very good mathematical knowledge as well. Another advantage of rolling dice is that it decentralizes the creation of random data whereas an algorithm centralizes that. This means that a not random dice only allows cracking of the password of very few users using that dice, but a bad algorithm potentially allows the cracking of millions of passwords. See the Debian OpenSSL Security Bug for reference.

How hard is it to crack my password?

This table shows how hard it is to crack your new password in comparison to other common password types.

Description Alphabet size Length Possible passwords Bits
Lowercase letters 26 8 268 ≈ 2,09E11 37
Lowercase letters 26 10 2610 ≈ 1,41E14 47
Lowercase letters 26 11 2611 ≈ 3,67E15 51
Lowercase letters 26 14 2614 ≈ 6,45E19 65
Lowercase and uppercase letters 52 7 527 ≈ 1,03E12 39
Lowercase and uppercase letters 52 9 529 ≈ 2,78E15 51
Lowercase and uppercase letters 52 12 5212 ≈ 3,91E20 68
Lowercase and uppercase letters and special characters 80 6 806 ≈ 2,62E11 37
Lowercase and uppercase letters and special characters 80 8 808 ≈ 1,68E15 50
Lowercase and uppercase letters and special characters 80 10 8010 ≈ 1,09E19 63
Dice method 65 one word 65 = 7776 12
Dice method 65 three words (65)3 ≈ 4,7E11 38
Dice method 65 four words (65)4 ≈ 3,66E15 51
Dice method 65 five words (65)5 ≈ 2,84E19 64

Why should I let a website create my passwords? Doesn't this enable the website to store my password and steal it that way?

That is true. I vow to not try to steal your passwords with this website. Moreover the web server does not know the created password at any point in time, because all necessary computations are done with javascript in your browser. To make sure that this really is the case you can do the following:

  1. Change to private browsing mode to make sure that after closing this website no data is saved.
  2. Open this website.
  3. Navigate to Get new Password
  4. Change to offline mode pull out your network cable if your browser doesn't have an offline mode.This ensures that now no data can be transferred from you to the server or from the server to you.
  5. Select your desired security level.
  6. Roll the dice to create your password.
  7. After you created your password close the browser. This action in combination with the private browsing mode makes sure that no data can be sent to this site after creating your password.
  8. Change back to online mode, to be able to regularly surf the web again.

Alternatively you can have a look at the source code of this page and check how the password creation works.

Or you could create your password manually. This works the following way:

  1. Download the word list here. Right click to here and then Save target as
  2. Roll the dice 5 times and write the rolled numbers down.
  3. Open the downloaded file with Notepad or Wordpad or another text editor.
  4. Search for the number you just rolled in the downloaded file.
  5. Write down the word next to this number. This is the first part of your password.
  6. Repeat steps 2 to 5 until you have written down at least 3 words and reached the desired length for your password.