Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How to choose the "best" passwords and not forget them

  1. #1
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts

    How to choose the "best" passwords and not forget them

    Many would think that making up some cryptic long list of Capitals, lowercase, numbers and punctuation is the way to go. But chances are that you're going to write some words/phrase using things which look similar. E.g. I've seen several IT personnel think that this is a "good" password:
    Code:
    #@$$^^0#)
    Can you spot it? It's in the shape of the characters:
    # = P or R
    @ = a
    $ = S
    ^^ = W
    0 = O
    ) = D

    So that is then PaSSWORD

    What to do then?

    First, give up on trying to use some easily remembered word. Especially if it's only the one word.

    Second (up to a point) the longer your password is the better - this is to stop the brute force attack (i.e. trying all variants one at a time until the password is accepted). Though there is a limit due to how passwords get encrypted. Anything above 10 characters is considered a decent password, above 15 good, above 20 excellent, but after around 40 it doesn't matter at all. It's a situation falling under the law of diminishing returns. Thus, second "trick" is: Make your password around 10-30 characters long (or more if you want).

    Third, try to make each login unique. Especially for your more valuable logins (like bank accounts).

    Don't think in words, rather try phrases. Even better try a phrase relevant only to the one site you're making that password for. E.g. for your online banking you might think "This bank is stealing my money and robbing me blind". But don't use that directly ...

    Next come up with your own scheme of modifying that phrase into a single password, note here I give a sample - you have to come up with one of your own (for your own sake, not mine). This scheme needs to accommodate a few things:
    • It needs to extract portions from all over that phrase so there's no single word for a dictionary based password cracker to pick up on. The simplest way might be to use the first 2 characters of each word: thbaisstmymoanromebl
    • Next you need to mix upper and lower case. Perhaps go with changing the 1st character of each 2nd word: thBaisStmyMoanRomeBl
    • Next you need to include some numbers and symbols. Looking at that password I notice 3 words: Bias, Moan & Rome. I'm going to use that idea of similar looking on every 2nd character of each: thB@i$StmyM0a#R0m3Bl


    Then update your passwords as regularly as you can. If you follow above, you've got lots of options on how you update your passwords. E.g. say every even month you capitalize the 2nd character instead of the 1st. Every first quarter you use the 1st 2 characters, 2nd quarter next 2, etc.

    You might like to look here for extra ideas: http://www.makeuseof.com/tag/create-...ssword-forget/

    If you go with some "method" behind this madness of making these cryptic passwords, it becomes a lot easier to keep secure & unique passwords, as well as updating them regularly. And no need to keep a black-book or (god forbid) save them in your browser!
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

  2. #2
    Diamond Member
    Join Date
    Mar 2010
    Location
    Cape Town
    Posts
    6,329
    Thanks
    426
    Thanked 978 Times in 795 Posts
    Iabsolutely hate sites that force me to make cryptic passwords with lowercase and uppercase letter and symbols and stuff. My memory is already terrible and its hard enough to remember my basic set of passwords. Anyway, its my password and my choice, all that happens is that I enter something that I almost instantaneously forget.

  3. #3
    Full Member
    Join Date
    Aug 2010
    Location
    Pretoria
    Posts
    35
    Thanks
    0
    Thanked 5 Times in 4 Posts
    Password strength (comic

    Password strength comic analysed.

  4. #4
    Full Member ghostwriter's Avatar
    Join Date
    Nov 2011
    Location
    Mpumalanga
    Posts
    62
    Thanks
    45
    Thanked 1 Time in 1 Post
    Key

    1 = ! ; 2 = @ ; 3 = # ; 4 = $ ; 5 = % ; 6 = ^ ; 7 = & ; 8 = * ; 9 = ( ; 0 = )
    a = 1 ; b = 2 ; c= 3 ; d = 4 ; e = 5 ; f = 6 ; g = 7 ; 8 = h ; 9 = i ; 0 = j
    space bar = _

    abba = 1@2!
    face = 6!3%

    i love my wife = (_love_my_w9^%
    dont forget me = 4ont_^or7%t_m5
    i play ping pong = 9_pl!y_p9n&_pon7
    here fishy fishy…

  5. #5
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts
    Quote Originally Posted by SkyWalker42 View Post
    Password strength (comic

    Password strength comic analysed.
    Yep, I've seen that and agree mostly - the concept I use takes the "phrase idea" from that. The issue is (for me at least) a "random" pass-phrase isn't as remember-able as a sentence which means something in context. Now you've just eliminated a lot of the possible entropy used in that "randomness" assumption by restricting the possible words into a sentence structure. Not to mention, the very long pass phrase means chances of mistyping is greater.

    Quote Originally Posted by ghostwriter View Post
    Key

    1 = ! ; 2 = @ ; 3 = # ; 4 = $ ; 5 = % ; 6 = ^ ; 7 = & ; 8 = * ; 9 = ( ; 0 = )
    a = 1 ; b = 2 ; c= 3 ; d = 4 ; e = 5 ; f = 6 ; g = 7 ; 8 = h ; 9 = i ; 0 = j
    space bar = _

    abba = 1@2!
    face = 6!3%

    i love my wife = (_love_my_w9^%
    dont forget me = 4ont_^or7%t_m5
    i play ping pong = 9_pl!y_p9n&_pon7
    This is probably similar to the Mutation from the comic's analysis and the last item in my suggestion. Especially the inconsistent use: e.g. why the e in "I love my wife" instead of 5 / %. And how do you sometimes use the shifted symbol above the number instead? If this is random, how do you remember how you did this random mutation?



    My point is to try and use a combination of such schemes, but in such a way that you need only remember the absolute minimum - which could add to the entropy a lot more than simply mutating or lengthening alone could. I'm not giving anything new, they've all been around for quite some time now. And even my idea of combining them is not novel either. But I find so many thinking that only using one principle to make your passwords "better" is a good idea.

    The thing is: if you complicate your password you're going to loose security because you're going to circumvent it (i.e. forget and reset, write it down, make it easily guessable). A prime example is sites which require mix of upper case, lower case, decimals & symbols (at least one of each) and 8 characters minimum, which usually tends to produce something silly like: P@ssW0rd

    So for remembering it, rather use some sentence. If the sentence is too long, then extract portions from it. If possible try to mutate to use different characters. And have a strategy on how you update your password either by adjusting the extract and/or mutation, and/or changing the sentence to something else (though I'm a bit skeptical if that's a good idea).
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

  6. #6
    Diamond Member
    Join Date
    Mar 2010
    Location
    Cape Town
    Posts
    6,329
    Thanks
    426
    Thanked 978 Times in 795 Posts
    The only password that I need to worry about is the one that the DM will try and crack...I ain't got no money so there is nothing to steal in the bank.

  7. #7
    Full Member ghostwriter's Avatar
    Join Date
    Nov 2011
    Location
    Mpumalanga
    Posts
    62
    Thanks
    45
    Thanked 1 Time in 1 Post
    simplified solution:

    Click image for larger version. 

Name:	k1.jpg 
Views:	187 
Size:	45.7 KB 
ID:	3820

    hold shift down for red
    no shift for green

    !@#$EDCRDXsdf7890

    just remember the pattern

    thats the dogs bollocks

    ###

    you can go from front to back from bottom
    to top it is up to you
    Last edited by ghostwriter; 13-Aug-13 at 09:10 AM.
    here fishy fishy…

  8. #8
    Full Member ghostwriter's Avatar
    Join Date
    Nov 2011
    Location
    Mpumalanga
    Posts
    62
    Thanks
    45
    Thanked 1 Time in 1 Post
    Quote Originally Posted by irneb View Post
    e in "I love my wife" instead of 5 / %.
    bollocks i did that on the fly was walking around in
    the mall note that you are asked to type in your
    password twice so under normal conditions it will
    work

    normally i go ! 1 a but a 1 ! or 1 ! a can work
    here fishy fishy…

  9. #9
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts
    Latest news on this: http://arstechnica.com/security/2013...ong-passwords/

    So it seems a caveat to this is to use a phrase which is not that common. The more garble your phrase is, the better. I.e. stay away from a sentence, choose a bunch of words without structure, arrange them in your mind according to some idea (similar to the xkcd comic) then do variations on mutating - not just one.

    An FFS DO NOT use a phrase already shown in any web site as an example, no matter how random it appears! Simply because you can be sure that that exact phrase (and all its initialization variants) will already be in the "1st to check" list - i.e. even more insecure than 12345.

    It seems it's getting to the point where it's going to be extremely difficult (if not impossible) to keep your passwords safe. So the best thing you can do is to have (at least) 2 sets of passwords, those you use for "non-serious" logins and those you cannot afford to have cracked. Then never use them interchangeably, only use your "stupid" set on sites you don't mind about and is probably not as secure as the more important sites, and visa-versa. Because if an insecure site is compromised, the crackers would generally have your hashcode - and using that program could probably get any password out of it given enough time. Now if that password is reused in some other more critical site, they can get into that without needing to crack that site too.
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

  10. #10
    Full Member Zesty App Services's Avatar
    Join Date
    Aug 2013
    Location
    South Africa
    Posts
    29
    Thanks
    3
    Thanked 2 Times in 2 Posts
    Great information a creating passwords guys! My only problem is that I have so many passwords and accounts online it really get's hard to keep track of everything later on. The question is where to store all those passwords in a safe place?

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 17-Jul-14, 10:16 AM
  2. Zuma Controversy " Cast the First Stone...""
    By sgafc in forum South African Politics Forum
    Replies: 23
    Last Post: 17-Feb-10, 03:02 PM
  3. "Grandad Bandit" Serial Bank Robber - Can only happen in the States
    By BBBEE_CompSpec in forum General Chat Forum
    Replies: 0
    Last Post: 13-Nov-09, 12:48 AM

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •