How to make a secure usuable Password

It's simple really:

Using more than one simple word as your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password. It takes: * 1,163,859 years using a brute-force method * 2,537 years using a common word attack * 39,637,240 years using a dictionary attack It is 10 times more secure to use "this is fun" as your password, than "J4fS

Thanks for the tip. I myself procrastinate on this issue. I'm always telling friends and family to make sure the passwords they choose be complicated yet easy to remember. I, on the other hand use variations of the same few passwords I've been using for the last 8 years or so. So far, so good! But good advise nonetheless.

Why use words at all? My important passwords are 12 digits and contain numbers, letters and symbols. Using words leaves you open to people who know you figuring them out, IMO anyway. I pick my passwords and drill them into my head so That I remember them. Unimportant passwords might only be 6-8 digits but still a mix.

Never use real words in a password. Using words at all is dangerous. Password hacking programs look for words, whether one or several. They have a dictionary attached and can go through every single word. A far better way to create a password that is meaningful to you, but to no one else, is to make up a sentence that is meaningful to you, one you can easily memorize, but looks like nonsense.

Example: I have a book on my desk right now that has a blurb on the back that says, "A divine message, hidden in plain sight." The password becomes aDm,hiPs95. That's pretty good because it has upper and lower case, punctuation, and some numbers, in this case the birth year of my dog. I made up the capitals because I figured divine would be good capitalized and 'plain' would be a good candidate for emphasis.

I've used password hacking programs in Unix. I was once a sysadmin for a firm of 200 people. I ran the program against the email password file and got about 25% of the passwords in my first pass. So I sent the passwords to the employees saying, "Is this your password? Of course it is. If I can figure it out in an hour how long do you think it would take a dedicated hacker to find it? Change it and I'll check again next week." Then I told them how to do it.

Next week I got 10%. The following week was 6% where it more or less stayed because people just don't always pay attention to their IT department. Least I tried. And you can bet the server and root passwords were lengthy and obscure.

I just started converting my old and tired passwords to something more substantial.

I've taken phrases or quotes and mixed them up by capitalizing vowels or swapping numbers for letters and sticking in switches and pipes.

I went from 6 digit worthlessness to 20+ character awesomeness.

Everybody should take their passes more seriously.

I've started using TrueCrypt on work/finance/personal type stuff too. So easy I can't believe I waited so long to do this stuff.


Posted Via ATS Mobile: m.abovetopsecret.com

I actually have an algorithm in my head I use to password everything. Everything I password has a different password based on the algorithm, contain capital, lowercase, numbers and symbols. The shortest password I use is 15 characters long. Yeah I am a paranoid nutjob

reply to post by iforget


Good point but if you have Firefox like me. Just go up to:

1. Tools
2. Options
3. Security
4. Saved Passwords

That is every single password you ever saved onto your computer!

reply to post by iforget


My other post wasn't showing something so...

1. Go to CMD
--start-run-cmd

2. Next type: Net User (Name of User) *
--or just Net User, It will show info on all the users.

3. Then After (2.) Type a password. It shouldn't show the text you are typing.

Then press enter. If you have XP you just changed the users password....

Originally posted by xShadow13
reply to post by iforget

 

Good point but if you have Firefox like me. Just go up to:

1. Tools
2. Options
3. Security
4. Saved Passwords

That is every single password you ever saved onto your computer!

edit on 22-4-2011 by xShadow13 because: (no reason given)

That does not strike me as something one ought to do. Your passwords are vulnerable on your computer as much as they are on the internet. If you had your computer stolen, all your passwords are stolen along with it.

reply to post by xShadow13


There wern't any

If you use a program like RoboForm it has a built in password generator.

84un938J9oVx2zkZV7z6 - for example

Then you use RoboForm to access it and bingo an encrypted password system and no Firefox passwords.

I use a password manager tool called KeePass. There are others out there as well, but this one is free.

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

keepass.info...
Using this tool, I have auto-generated most of my passwords using 10-20 characters including numbers, various cases of letters, and symbols. I keep a copy of the database backed up in two locations. That was I do not have to know my passwords and can use highly secured random passwords.

Regarding saved passwords, that is only accessible to a thief if they can log into the computer as you, since the storage itself is encrypted with a key that is tied to your windows user account. So the weakest link there is your initial windows log in ID. I suggest using a simple name or word with number and symbol replacement that has NOTHING to do with you (something random or obscure from your past) and for your password hint, something equally random or obtuse that can phonetically or symbolically remind you of you password.

I don't use less than 16 characters, they are not written down anywhere or stored anywhere, and they are typically a seemingly random mixture of letters numbers and special characters...

I have a good memory and remember random strings of information very well.

what about using a made up word or numbers and letters?

reply to post by Eonnn


keystokes are my favorite, many people tend to use qwerty, but thats a bad one. things like 76yuhjnm or 5thn4rgb are fast and easy to remember and not bruteforced with dictionary lists.



i wouldnt try to beat the brute force programs by using strings of words, from what i understand people are using quad SLI GPUs to process these attacks and they can attack at a much faster rate now.

reply to post by iforget


good luck securing your password from a quantum computers brute force attack suckers!

another thing not mentioned is
if your serious about security, when making a password, never use the same character twice in a row. Not go to to deep into details, but When attempting to break encryption, one of the first things to do is see if theres two consecutive letters, as you will notice it in the encrypted pattern. Thats just one possible starting point.

how I like to make my passwords-

first 3 letters are random letters or could be initials of someone you know- erd
uppercase one of the letters, i usually do the middle - eRd
Now think of a common word or a word that means something to you - apple
now remove double letters - aple
now do some uppercase - ApLe
combine the two- eRdApLe
now add two numbers - eRdApLe89

Another good method that is easy to remember is to take the first name of a favorite musician and the last name of another favorite musician. and do the uppercase and numbers at the end. Easy to remember, hard to break!

Well since my last email account got hacked from someone in china, I switched over from using a 7 digit password to a 62 digit password. Needless to say my new email address has the word unhackable in it ;-P

A good password is easy to make and remember.
A password like "Th15_i5-my_pa5sw0rd" would take years to brute just like "this is my password" would take years (using spaces) to brute.

I use a random password gen to make mine (some) so i get this // _wHHy+Bt:r@`1`uj-l8x.92Ge"03Dne

Nice link OP but I find it hard to believe any password is really "secure", depending on who wants it.

On a related note, I recently changed all of my passwords to "incorrect", that way when I forget them the computer tells me "your password is incorrect" and then I'm good to go...