PDA

View Full Version : how to make a great password!!!!



genocidex
08-07-2011, 02:18 AM
here we go from one geek to the community!

first step find a part of a song you love or saying you can remember. for instance:
counting crows, round here; round here we talk just like lions but we sacrifice like lambs.

now take the first letter from each of those words. r h w t j l l b w s l l

choose a pattern to do capitals in. like every other letter

RhWtJlLbWsLl

now we need at least one number. you can easly choose the last letter and count that on the alphabet *l=12*

so you get: RhWtJlLbWsLl12

this would be a great password in of its self but you can make it stronger.

we need some symbols in there.

if you cant replace letters easly then add a ! at the end.

a=@ I=! ect......

so a great password would be RhWtJlLbWsLl12!

now if the site allows a reminder you just would say "round here" as a reminder. this will not give away your password either because of all the factors.

things you should always avoid:
using complete words or phrases.
using the no no passwords like password or 12345 ect.
dont use your name or other peoples names


things to avoid with recovery questions:
do not use easly researched answers or lie. lieing would be best but you would need something so bold you will remember it. "where were you born" "atlantis"
"who was your favorite athlete" "stephen hawlking"

if you follow steps like these you can have a wonderfuly strong. hope many of you will use these steps too. :hmm3grin2orange:

bignellm
08-07-2011, 02:30 AM
My wife has a cryptic language that only her and 1 of her friends knows from back in grade school. Its totally hard to learn. Virtually an unknown language and the cryptic part is a seemingly random Alphabetical scramble, that seems to have no rhyme or reason. Some vowels are consonants and vise versa... I just make all my passwords in that language thumbs2:

Haven't been hacked yet. As all my pass's look like random keystrokes, LOL

DrNic
08-10-2011, 03:00 PM
You should read this comic. It really makes a good point,
http://xkcd.com/936/

Although it is generally thought that alphanumeric passwords with caps, numbers and symbols are hard to break, they really aren't when using brute force methods. Generally you're simply better off using a longer password that contains multiple words, although putting a number and some caps and symbols in there never hurts. Remembering a sentence is much easier than having to go through the effort of deciphering a scheme in your head. You can also setup the password sentence such that it contains part of the site name so that you never have to reuse the same password more than once. For example,
I saw a 3 headed fish in the AC! --> Isawa3headedfishintheAC!

The only drawback to this method is that some websites will only allow 10-12 characters max.

Trillianne
08-10-2011, 03:22 PM
bf uses a program called Oplop. (Its name is an acronym for One Password = Lots Of Passwords)

http://code.google.com/p/oplop/

Essentially you have to remember a nickname for a website and your master (single) password. Based on that, the program auto-generates a unique password for you to use that you essentially never have to remember, because when you go back... you type in the nickname and the master password and oplop spits back your password for the site.

They have conveniently set up a number of browser extensions so you can get the utility right in your browser, and the program is smart enough to spit the password into the password field in the majority of situations. (Which means you skip making a typo error or needing to c/p.

______________________

Basically.... its a practical application to help address the how to remember multiple passwords problem.

genocidex
08-10-2011, 03:42 PM
Although it is generally thought that alphanumeric passwords with caps, numbers and symbols are hard to break, they really aren't when using brute force methods. Generally you're simply better off using a longer password that contains multiple words.

actually some brute force programs thrive on words. this is because matching it with the alphabet can set up predictable out comes. when i was in computer forensics my teacher set up 4 scenarios to prove a good point. he used bruteforce to break a multiword pass about 12 letters, a common pass like password1234, and this style of passwords. the more combinations the program has to look for, with the unpredictability, and the ability to write down your password without actually writing it down, worked the best. granted nothing will stand to a brute attack for too long but the longer is the better. using a program like Oplop never rubbed me the right way. oh and the 4th scenario was too funny, and sad at the same point, we walked up to his boss's office and his door was wide open. he had his password written on his computer screen for almost everything he had.....

the idea behind a password like i was posting about is to get a rhythm that u use for everything, and just vary the saying. this would make remembering the password vs brute forcing the easiest combo ive seen yet.

bignellm
08-10-2011, 04:45 PM
Hmm. No comments on cryptic languages?

"oppsi" for instance is my middle name in this crypt language. And I keep a pass pass phrase in this language that is at least 12 characters long. Also, I keep secret password reset questions in this script.

thumbs2: My guess, is the computer would have a *bleep* of a time figuring out a non-discovered language to figure out my passwords. :computer: Lockdown

Kayfish
08-10-2011, 06:34 PM
I agree that a cryptic language derived from your own mind is virtually impossible to figure out.
Lol, I guess I shouldn't use my birthday... JK
By the way, Great idea and format genocidex!

genocidex
08-10-2011, 06:40 PM
thats the method my teacher taught me, so i cant take the credit for the idea, but its something id like to share with everyone :P

DrNic
08-10-2011, 06:44 PM
@genocidex I definitely agree that social engineering can be a LOT easier than brute force. Particularly if the password is on the desk somewhere. :hmm3grin2orange:

bignellm
08-10-2011, 07:05 PM
@genocidex I definitely agree that social engineering can be a LOT easier than brute force. Particularly if the password is on the desk somewhere. :hmm3grin2orange:


My Accounting Information Systems Professor has a CISA and says this is by far the easiest way for him to get into any systems he wants. Goes into office, if is unlocked and person's gone, then checks the desk for a password taped to it. Says 3/4 of the time, it's bingo! Usually on a slide out keyboard or other slide out item.

genocidex
08-10-2011, 07:47 PM
exactly. with my method you can still write down your pass and it still wouldnt be found out. when some one sees:
AC -> shinedown, begin again
yahoo-> drop kick murphies, boston
ect

they wont know your ideas on where the caps are, what numbers u used, and symbols, and the best thing is they need to pick threw the song and fine the exact phase you used.

bignellm
08-10-2011, 07:52 PM
Mine works pretty well too. Just everything you write down is encrypted on paper form. From site, pass, user, to secret questions and answers. :hmm3grin2orange:

Give them a WTH is their expression I bet.

uypps, synenso, sojdfslnf, wlsnen
etc... LOL.

At the moment I also use security level universal passes.

I do like yours better though. I might switch over. As sometimes I have to ask wife to translate her language... for me. I still need more practice before I'm fluent. :computer:

genocidex
08-10-2011, 10:19 PM
lol urs is cool but not every one can make up a new language :P

plus ur wife can get ur passes :P

bignellm
08-11-2011, 02:10 AM
lol urs is cool but not every one can make up a new language :P

plus ur wife can get ur passes :P


^^^^ Yea, will be a pain, if we ever split.

mommy1
08-11-2011, 04:06 AM
Hmm. No comments on cryptic languages?

"oppsi" for instance is my middle name in this crypt language. And I keep a pass pass phrase in this language that is at least 12 characters long. Also, I keep secret password reset questions in this script.

thumbs2: My guess, is the computer would have a *bleep* of a time figuring out a non-discovered language to figure out my passwords. :computer: Lockdown
Is your middle name Allen? If it is, I just broke your wife's code in less than 5 minutes. If I am wrong, then this is still a fair warning, don't give hints to your passwords on a public forum. It's only a matter of time before I hit on the right name with the same 2nd and 3rd letters, you never know who is watching.

bignellm
08-11-2011, 12:40 PM
No my middle name is not Allen. Not even close. Also, I don't use my actual name as a password, never had, never will.

The part that really messes with a password cracking of this language, is that some vowels are consentents and some consentents turn into vowels. Otherwise, this crypt would be a POS crypt.

mommy1
08-11-2011, 01:20 PM
I didn't think you used your name as part of your password. I was just telling you that you shouldn't even give hints as to what you do use. There are trolls and spammers on this forum almost daily, and like I said, it's only a matter of time for a good hacker to choose the right name. A substitution code is the easiest to break, and they always have vowels as consonants and vise versa.

Red
08-11-2011, 03:28 PM
all those fancy ways of making a password are great, until you forget the password.

bignellm
08-11-2011, 07:45 PM
I didn't think you used your name as part of your password. I was just telling you that you shouldn't even give hints as to what you do use. There are trolls and spammers on this forum almost daily, and like I said, it's only a matter of time for a good hacker to choose the right name. A substitution code is the easiest to break, and they always have vowels as consonants and vise versa.


Well, that's the point. A straight hard attack on my password would be harder than guessing. Point is to make them take the hard route. No telling if I really put 100% true hints either :hmm3grin2orange: