[Editors note: I’m running a new coin promotion – check it out here!]
This has been a long time coming, but it’s finally here and I’m super excited to finally announce this! In November 2020, I started brainstorming on something really cool and unique that I could offer my patrons on Patreon. I wanted to create something truly unique, something rare, something collectible, something fun and on-brand, and something that would also help them to enhance their security. I believe I have succeed on all counts! Over the course of the last 6 months or so, I’ve worked with a skilled coin maker and an amazing fantasy artist to design and manufacture the first official Firewalls Don’t Stop Dragons challenge coin!!
If you’re not familiar with the concept of a challenge coin, check the Wikipedia entry here, but basically, it’s something usually given as a very special thank you or to indicate membership in an elite organization.
I have minted 100 of these very special coins, in three different finishes: gold, silver and copper. The coin is 2″ (5 cm) in diameter and weighs a hefty 1.8 ounces (51 grams). My iPhone photography and Photoshop skills do not do these things justice, but below are some pictures of the three designs, front and back. They look truly amazing in person!
I wanted the image on the front to be a fun, fantasy depiction of a dragon ravaging a castle – to coincide with the central metaphor in my book and the theme of the podcast. You’ll even note that in the drawing, the owner of this castle was caught with his drawbridge down! The back of the coin has dragon flames, the name of the book/podcast, and my signature catch phrase!
But how can this coin be used to enhance your security, you ask? Well, you may have noticed two other interesting features about the coin design that come into play here. First, around the edge of the front you’ll see numbers, ranging from 1 to 20, in random order. And if you look carefully at the back, you’ll notice that in the middle is a slightly raised nub. This coin is actually a spinning top… or what you could call a “dice coin”! If you place the coin on a flat surface, you can spin the coin and stop it with your finger. In this way, you can “roll” a 20-sided die (a “d20” in Dungeons & Dragons parlance) to generate random numbers between 1 and 20.
Okay… so that’s cool, but how can I use that to be more secure? Well, you can use these randomly generated numbers to pick a secure passphrase! That is, you can use the dice rolls to pick random words from a special list – and those words are used to create a secure passphrase! To learn more about passphrases and the math behind them, see my recent blog post. But if done properly a 6-word passphrase can be about as secure as random 12-character password – and it’s much easier for the human brain to remember.
So where do you get this special word list? There have been others in the past, like the famous Diceware list and the EFF’s version of that list. But those lists were built for using five, regular 6-sided dice – they have 65=7776 words. Since I wanted to use three 20-sided dice (d20’s), I needed a list of 203=8000 words. So I took EFF’s list and added 224 more words – fun, fantasy-themed words, including characters from mythology, D&D and literature!
Generating a Fun Passphrase
And where can you find this new list? Why, on my brand new website, of course! Introducing d20key.com! (You can view the entire word list here.) On this site, you (or anyone) can roll virtual d20 dice to generate a secure passphrase of between 3 and 7 words long. (Note that there’s some sort of weird web caching issue that causes some dice to “re-roll” when you roll any other die of the same value… I’m working on a fix for that. It doesn’t change the value, it just re-runs the GIF.)
But, if you want to be truly secure (any sufficiently paranoid security person would refuse to trust a virtual die roll), you can roll your own dice and enter the values manually to look up the corresponding word in the list. Just select the “Manual” option for the dice style. And of course, this is the perfect use for the new challenge coin!
Get Your Own Coin
So the only question left to answer is: HOW DO I GET ONE?? On May 24th, 2021, I launched a promotion campaign to sign up new patrons on Patreon. If you join at the $5 tier, I will send you a challenge coin, in the color of your choice! If you sign up for the $10 level, I will send you two coins! There are other great benefits to being a patron, including a private Discord server where you can chat with me and other patrons! UPDATE: I’ve posted a detailed “making of the challenge coin” video for my patrons, too – so you can see how I got the idea, designed the coin, and got it manufactured!
Click the button below for full details!
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!