HOW TO MAKE A PASSWORD - PASSWORD CLASS 101

Started 14 Feb 2019
by Drakuz
in Suggestions
okay, so i know a lot of new people on the internet have stupid passwords like : "backspace1"
let me explain a little bit of the crack side of this so that you can understand why this is a nono.

there are 2 different kinds of cracks. Dictionary and Bruteforce.
dictionary uses normal (properly spelled) words with a number.
it may take about 10 minutes or less to crack that example password using a dictionary attack.

a bruteforce attack will take longer, possibly a couple of hours, just depends on the hardware spec's of the attacker.
but a bruteforce is Thorough.

so the idea in making a password is to DENY dictionary attack, and make the bruteforce take as long as possible.

IMO the best passwords incorporate UNICODE characters into the password (good luck finding a place that lets you enter them)
or even other language characters.

okay so let me help you, with the above understanding on how to make a non-crappy password.

take backspace1
now we're going to change it a bit.

backspace1 -> BACKspace1
slight modification, half of it is in caps

BACKspace1 -> B@CKsp@c#1
changed vowels to specialty cahracters

B@CKsp@c#1 -> B@CKsp@c#1!
this is focusing on the 1, we're doing 1 twice, once with "shift key"
if the number was 12, i would do this as 12!@


the moral is, the more "rules" you create for your rules of password creation, the more complicated it is, the longer it is, the easier it is to remember, and the harder it is to crack.

knowing how to make a password removes chances of your accounts missing, email's hijacked, across anything you do on the net.
Thu 14 Feb 2019 7:19 PM by FFpheonix
The length and ease to remember matter a lot to people. "password1!" is a bad password, "password1!isabadpassword" is a much better password and it's easy to remember .
Thu 14 Feb 2019 7:25 PM by Drakuz
if the bruteforce is forced to check capital letters, you double the amount of character's it has to check
26x2

it runs in order of ACII character's
so lower case a-z will be checked first.
Thu 14 Feb 2019 7:30 PM by Drakuz
length is a big factor.

if i use ''abc'' as a password.

it has to check this many password combinations:

a = 26
b = 26x26
c = 26x26x26

the above is not including capital letters, no numbers, or specialties in the bruteforce check.
if the bruteforce is set to check all - of -everything... that process to find "abc" will take longer.

so you want to force them to take as long as possible.
and there is limitation on character's, like 22 max cahracters in a password.
Fri 15 Feb 2019 8:13 AM by Sepplord
I assume at least a few people playing here will have their password set to match their login, and that in combination with the Login's being public leads to hacked accounts.

I once knew a dude who (on a freeshard) had one account for each of his chars (ironically so not all can get hacked at the same time). To make it easier to manage all his accounts though, he made the login and password match the name of the character... it was mindboggling

Compared to that backspace1 will be an awesome password (unless your Nickname is Backspace1 too )
Fri 15 Feb 2019 11:14 AM by Tavi
Drakuz wrote:
Thu 14 Feb 2019 6:48 PM
.
take backspace1
now we're going to change it a bit.

backspace1 -> BACKspace1
slight modification, half of it is in caps

BACKspace1 -> B@CKsp@c#1
changed vowels to specialty cahracters

B@CKsp@c#1 -> B@CKsp@c#1!

This is not how secure passwords work, there is a misconception that the combination of upper/lower and special characters makes your pw safe. The length of the pw is much more important.

For example

At a rate of 1000pw/min

3 days for the following pw:
Tr0ub4or&3

550 years for the following pw:
correcthorsebatterystaple

Long story short, take random not related words and have a super secure pw.

Src: https://www.androidauthority.com/whats-safest-way-lock-smartphone-796086/


Edit: I think what the devs are doing with the two factor authentication is the way to go here. Good job on that!
Fri 15 Feb 2019 10:43 PM by Chimosh
The safest password is actually 3 words with a space between them. and not only that, its easier to remember without all the symbols and uppercase lowercase bullsht
But GL with that, because a lot of places do not allow a space.

For example.

the brown fox

would take about 2 thousand years to crack.
Fri 15 Feb 2019 11:51 PM by jg777
Wait wait wait- you’re telling me supercalifragilisticexpialidocious could be the safest password if it’s spaced out?? 🤭
Sat 16 Feb 2019 10:01 AM by Tavi
jg777 wrote:
Fri 15 Feb 2019 11:51 PM
Wait wait wait- you’re telling me supercalifragilisticexpialidocious could be the safest password if it’s spaced out?? 🤭

Better take some random words rather than this one.
Mon 18 Feb 2019 3:35 PM by lukedeavenport
Just make it a pass phrase and get away from pass 'words'. A line from your favorite movie, some lyrics, a statement or fact. And use different passwords for everything.
Tue 19 Feb 2019 8:07 AM by Koljar
Made myself a PW generator just to mess around with options. Allowed are 0-9, A-Z, a-z and a bunch of extra signs like #, $, etc. I only need to define the length of the PW and that's it. Results in something like "4-Iu$.#Zv5" for a 10 digit PW and is easily doable in excel.

The major problem with that is memorizing PWs like that


I mainly stick to the option of making up a rather long sentence in my head (use whatever language you wish). Then I use only the first letter of the sentence (including small, capital letters, numbers and commas etc.
A sentence like "Last night I dränk 2 beer, 1 whine and 3 shots!" turns into "LnId2b,1wa3s!". That is much easier to memorize. Misses out on capital letters but use, say German, and you get a lot more capital letters within that sentence. Feel free to add a site specific section to the password and you can get along with just one sentence and a site specific addition that prevents someone cracking all you have with just one PW because you where lazy...

Never use a PW someone suggests or uses as an example!
This topic is locked and you can't reply.

Return to Suggestions or the latest topics