How to create stronger passwords

For discussions about security.
Post Reply
Message
Author
labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

How to create stronger passwords

#1 Post by labbe5 »

https://null-byte.wonderhowto.com/how-t ... s-0156907/

Be prepared to be shocked by what you will read about passwords. After reading this, you will understand why Google and others add two-factor authentication to their user accounts.

Probably, the method that will frustrate hackers like me the most, is to develop a passphrase that is long and includes no words and all of the available character types.

I have seen many articles online that advise folks on how to create passphrases and I simply laugh at them because I know that their advice will simply create a passphrase that is still easy for me to crack. Things like adding a date and month after a word, reversing the order of dictionary words, and so on just beg to be cracked in short order.

Here is what will make my job most difficult.

First, create a phrase or sentence that is meaningful to you. In this way, it will be easy to remember. For instance, "I love mountain biking and hiking." Now, take that phrase and convert it into single string of uppercase, lowercase, numbers, and special characters, like this one:


"I<3mtnb1K1ng&H1k1ng" may not be an impossible passphrase to crack, but it's definitely harder.

Note that I have converted "love" to <3, "mountain" to mtn, "biking" to b1K1ng, "and" to &, and finally, "hiking" to H1k1ng. It is critical to intersperse special characters and numbers into the passphrase as well as use both upper- and lowercase letters.

This creates an 18-character passphrase that uses uppercase, lowercase, special characters, and numbers that, although not unbreakable, would make someone like me invest significant time and computing resources to crack it.

Most importantly, because it has special significance to you, you will remember it. Obviously, this is key. No matter how complex, passwords or passphrases that you can't remember defeat the whole purpose.


Further reading :
https://securityintelligence.com/the-in ... -password/
https://null-byte.wonderhowto.com/how-t ... s-0173926/
The "Your Password" Email extortion scam
https://www.ghacks.net/2018/08/09/the-y ... tion-scam/
https://www.bleepingcomputer.com/news/s ... unt-hacks/
https://teachmehacking.com/choose-strong-password/
https://www.bleepingcomputer.com/news/s ... ack-money/
Last edited by labbe5 on Wed 17 Oct 2018, 13:10, edited 5 times in total.

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#2 Post by rufwoof »

Let's begin by saying that hackers like me don't simply try to guess your password at your login screen. That would be impractical. Most login screens lock an attacker out after three incorrect attempts. I want to be able to try millions or billions of attempts.

What attackers will do is steal the storage of the passwords on a vulnerable system.
Assuming that obtaining copies of the password database is trivial, the password database is salted specifically to make rainbox/dictionary attacks conceptually prohibitive in all but the most extreme cases. The article somewhat understates the required effort/time, but otherwise sound advice about passwords. Thanks.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#3 Post by 8Geee »

grc.com will pick a password for you... no sweat.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#4 Post by Flash »

First of all, this jerk is not a hacker, he's a cracker. Richard Feynman was hacking when he figured out how to find the combinations of locks. Hackers do it for the technical challenge. Crackers are out to steal your life savings with the least possible effort and risk.

Post Reply