DiceKeys is a new solution that can increase the security of existing passwords by hundreds of times. Users will no longer need to remember long and complicated passwords as usual. Instead, a DiceKeys password will be generated based on the different characters of the 25 dice.
1. Current status of password storage on the Internet
For an Internet user in general and a cryptocurrency investor in particular, keeping a Web site password or a cryptocurrency wallet will be a dilemma. Usually, they will be able to use an intermediate solution to do this. Each different case will have its own advantages and disadvantages. Specifically.
1.1 For the majority of Internet users
Normally, each different Web site will have its own password management mechanism. Web browser will help us to store these passwords. Next time, when the user logs in, the password for the account belonging to that Web site will be suggested by the browser. Users will not need to remember the password and still be able to log in successfully.
Or there are solutions developed specifically to help users manage all passwords on the Internet. Bitwarden is a prime example. Instead of every time you visit a certain Web site you need to remember its own account and password, now it is managed in one place. That is collectively known as Master Password Manager.
Assuming you create your trading account at Remitano, Google, that Account and password will be able to be kept on Master Password Manager. The next time you access Remitano, instead of having to enter your account name and password, you just need to enter the password of the Master Password Manager to be able to access it. Quite convenient instead of having to remember different long and complex strings of characters for different Web pages.
However, this solution also has some disadvantages as follows:
First, users still have to enter a password: Master Password Manager groups accounts at many Web sites together. And users only need to enter the password once to be able to access those Web sites. But in fact, they still need to remember Master Password’s password. For many people, this is still a nightmare. Complex passwords are often difficult to remember. An easy-to-remember password does not guarantee security.
Second, can be hacked to steal passwords: Normally, when users enter their password, there is definitely a way for hackers to steal this password by some trick. It can be solutions like Key Logger for example. The user after entering the password will be recorded and transferred to the server managed by the hacker. Therefore, it still has many potential security risks.
So for a crypto investor, how do they store their wallet passwords? Let’s take a look at these behaviors of a common investor.
1.2 For crypto investors
For a cryptocurrency investor, because of the complexity of the type of assets they hold, based on the type of e-wallet they use, we can divide it into the following two forms.
One is the use of Master Password. It is used to manage passwords in case they use hot wallets. This is similar to what we just discussed above. The second is to use cold wallet solutions for storage such as paper wallets or specialized wallet devices such as Ledger or Tresor.
In fact, these solutions also have some disadvantages of their own.
First, the issue of durability: For cold wallet solutions such as paper wallets or specialized devices, the biggest risk is related to equipment failure. Unfortunately, if the device is subject to impact or tear, access to get it back seems impossible.
Second, the issue of technology: Today’s dedicated wallet devices are using Bluetooth or Type-C technology. What if 5-10 years from now, these technologies become obsolete and users no longer use it? At this point, either you have to upgrade to a device with the latest technology. Or you don’t use it anymore.
Thus, we can see that there is no absolute optimal solution at present. Every solution offered today has problems that need to be dealt with. In order to solve some of the above disadvantages, a solution called DiceKeys was formed.
It is known to be hundreds of times more secure. And especially never be outdated in technology. So what exactly are DiceKeys? We will learn more about it later in this article.
2. Overview of the DiceKeys solution
In this section, I will give you an overview of this interesting DiceKeys solution.
2.1 What is the DiceKeys solution?
In a word, DiceKeys is a set of solutions that automatically generate passwords based on different characters of the dice (Dice). Of course, it’s not as simple as rolling the dice to get the password as you might think. Behind it is a technology that recognizes and generates a password from the characters on the surface of those dice.
DiceKeys will be connected to the third Master Password solutions mentioned above. When the password is automatically generated, instead of the user having to manually enter the Master Password’s password, the password from DiceKeys will be sent here directly. Now, through DiceKeys, users can access without remembering or entering a password at all.
Stuart Schechter is the creator of this solution. He is an inventor and security researcher at Microsoft Research, MIT Lincoln Laboratory, and has a PhD at Harvard University. He currently teaches the University of California at Berkeley’s Security and Privacy Program in Cybersecurity.
A full set of DiceKeys will typically include some of the following components:
Dice Set (Required): Includes 25 plastic beads. Each bead has 6 faces with different characters specified earlier. These seeds will be contained in a divided plastic box. The purpose of these beans is to generate a different character set from which to generate different password variations for the user.
DiceKeys App (Required): An application that helps generate passwords from the above dice. Through the camera, it scans the characters on the dice. A password is then generated from here and sent to the previously linked applications.
SoloKeys (Optional): A type of security key that creates the most secure login method to limit unauthorized access.
Cost and where to buy DiceKeys
Currently, DiceKeys has not been officially offered to the market. Actually Stuart is selling DiceKeys as Pre-order (1). Stuart sold it through a crowdfunding site called Crowd Supply starting October 1, 2020. By the time I write this article, they have 1,555 supporters (Backer) and raised $128,198.
The cost for a set of DiceKeys (25 seeds) above is sold for 25 USD. Users can optionally purchase and use additional Solo Keys for an additional $35. This is a retail purchase cost and of course users will receive a discount when buying multiple sets at the same time.
In addition to the above cost, the user will have to pay an additional shipping fee (Shipping). It is listed at $8 for US shipping and $12 for worldwide shipping. More details can be found here.
2.2 How DiceKeys works
In this section, I will not cover how the technology behind the DiceKeys solution works. Instead, we will learn about the mechanism that makes DiceKeys work. Thereby, you will find it is not complicated to use. Based on this feature, it can be completely applied to daily life.
DiceKeys itself revolves around a mechanism called Scan & Generate for short. The dice are arranged to create different sets of characters. That character set will be decoded through DiceKeys’ system. This system will use the camera of electronic devices such as phones, tablets, to scan and recognize the above character set. After that, the character set will be entered into DiceKeys’ system to receive a corresponding password sequence.
With each different character set will correspond to a different password sequence. This means that when the user changes any one of the 25 dice, the generated password will change. According to calculations by the DiceKeys development team, with 25 dice, each with 6 faces, each face has 4 directions of contact can generate more than 196 bits of different passwords. Therefore, to be able to guess the password seems to be impossible.
However, DiceKeys itself is not an absolute optimal solution. Although it helps to solve some of the disadvantages of the traditional solutions we talked about above, it still has some disadvantages of its own. What specifically, we will clarify in the next part of this article.
3. Advantages and disadvantages of DiceKeys
DiceKeys itself was created from the outset to solve the problems encountered with solutions like Master Password. Therefore, it has a number of advantages that must be mentioned below.
High security: With 25 dice plus 6-sided design as mentioned above, DiceKeys itself can generate more than 196 bits of different passwords. With such a large number, it would normally require a high-performance computer system to help guess or decrypt the password. However, there is no guarantee that the decryption will be successful with such a large number of passwords.
Long-term storage: In fact, DiceKeys is an all-plastic toolkit. Users only use it to scan codes and generate their own passwords. Therefore, we will almost never have to worry about problems with it. Furthermore, DiceKeys’ password generator app utilizes the devices’ cameras to scan codes. This makes it not backward in technology like some solutions currently using Bluetooth or Type-C technology.
We have not had too much experience with this DiceKeys solution, so we have not been able to recognize many problems from it. However, based on the information from the development team, there are some problems as follows:
Performance issue: The solution itself is still in development. So surely it will still exist innumerable such as “unfortunate” errors that make users suffer. Not to mention, the DiceKeys App experience on the Web browser is still pretty slick. This version for mobile devices is still in development, so users can’t use it yet.
Usability: This is probably the most important thing that a solution like DiceKeys needs to aim for. No matter how useful the solution is, it must not only solve the needs of the user, but also bring convenience to them. In fact, there are not many Master Password solutions that integrate DiceKeys into their systems. DiceKeys itself has opened the API connection to the outside but maybe because it is so new it doesn’t seem like many units connect to it. The official DiceKeys website itself does not see any mention of this issue. Moreover, it is still in the semi-testing stage (via Pre-order on Crowd Supply) rather than being sold in mass but other solutions.
According to information from the development team, the DiceKeys solution will be ordered and sent to users from March 9, 2021 onwards. So, try to learn about the steps to use it so that you get used to it if you intend to own this solution.
4. DiceKeys User Manual
This user guide is compiled from the information introduced by the development team. No actual product has been experienced by experts in the world yet. Here are the steps to work with this solution.
You will need to prepare the following ingredients:
1 set of DiceKeys. It may or may not include a Solo Keys option depending on your needs.
1 mobile device with camera support. The purpose of this is to scan the characters on the surface of the 25 dice in the DiceKeys set.
4.2 Steps to use DiceKeys
Step 1, put the dice into the box: When you buy, you will be given 25 dice with a plastic box. This plastic box has 25 small cells to hold the other dice. Please fill them in these boxes. You don’t have to care about which side of the dice.
Step 2, use DiceKeys App (dicekeys.app) to scan and generate password: Use browser on mobile device with camera > Go to dicekeys.app page > Select Scan your DiceKey. Then point the camera at the part of the dice that have been placed in the box as done in step 1.
Step 3, send that password to the previously connected application to log in: DiceKeys allows other applications to connect to it via the API. After the pairing is successful, you can send the password generated after scanning the dice to those apps.
Step 4, generate security keys (FIDO security keys – SoloKey): This is an option for crypto investors. You can use DiceKeys to generate a seed (2) password for Solo Key. If you lose this key, you can make a cryptographically identical copy of the one you lost.
DiceKeys is a completely new solution at the present time. Maybe it helps to solve the problems of today’s traditional solutions. However, accepting such a new solution means that you understand the risks you may face during use. What those risks are will be discussed in more detail in the next section.
5. The risks of using DiceKeys
5.1 Some inherent risks of this solution
Here are some possible risks when using DiceKeys:
First, it has not been tested by many people for safety and usefulness: The current information is provided by the development team. There is not much information about it either. Whether it works as described by the development team or not, there is no proof at all.
Second, the release version is still a test version: The first version will be delivered to customers in March 2021. But there is also no guarantee that that version will work consistently. We have tested the scan feature, but it’s not working properly at the moment.
This means that this solution may or may not succeed. Therefore, if you intend to use it, please pay attention to this issue. The question here is whether to use DiceKeys to support cryptocurrency storage? Here are some of our views on the matter.
5.2 Should DiceKeys be used to support cryptocurrency storage?
With what DiceKeys currently has, perhaps using it to support cryptocurrency storage will be very risky. Simply because this solution itself is still not really suitable in some of the following points.
First, there are not many units connected to DiceKeys: To be able to use it and support storing crypto-wallet passwords, DiceKeys themselves must be connected to it by many other units. However, in fact, there is no information about other units putting this solution into use. So, even if you want to, you can’t use it right away. This is the disadvantage of popularity that I mentioned above.
Second, there is no guarantee that it will work properly: Therefore, if you use it to support wallet password storage, you will most likely lose access when it does not work properly.
At the present time, in my opinion, perhaps we should use DiceKeys for the purpose of experience and discovery more than the actual application. We should wait until it is tested and widely used to get started with it. At this stage, traditional storage solutions should still be the top choices that you should consider.
6. What are the ways to ensure safety in cryptocurrency transactions?
DiceKeys is one of many solutions offered to minimize users being victims of cyber attacks. While this solution is not yet ready for mass use, users should.
Use two-step authentication (2FA): Two-step authentication is a way to help you increase the security of your crypto wallet account. Using a long, hard-to-guess password with lots of different characters is good, but it’s not enough. We always remind our customers to enable two-factor authentication to secure their accounts. Try to check if you have enabled this feature or not? If not, you can refer to this article to help you manipulate.
Beware of attacks in cyberspace: There are many different ways hackers use to attack users. So, the best way is that you should not click on strange links sent on the Internet, even if those links are sent from people you know. In addition, do not log in to your important accounts in places with public Internet. Because behind that free, there are countless risks that you can’t anticipate.
It is recommended to use cold wallets to store cryptocurrencies: The KuCoin hack in 2020 and many previous hacks shows us the importance of using cold wallets. Currently, this is probably considered the safest solution in supporting cryptocurrency storage that you should apply.
The idea of DiceKeys is considered good because it helps us to raise the level of security more than it is currently. However, from a user perspective, it is still quite new. Whether the use of DiceKeys will cause things you do not want or not is not predictable. Therefore, if you intend to use DiceKeys, consider its risks as well as its disadvantages.