How to create a strong password...

Discussion in 'Off Topic [BG]' started by Stumbo, Feb 4, 2014.


  1. Stumbo

    Stumbo Wherever you go, there you are. Supporting Member

    Joined:
    Feb 11, 2008
    Messages:
    11,640
    Location:
    Los Angeles
    This is a Kaspersky Security test screen I was able to access as a subscriber while logged onto their support site

    http://blog.kaspersky.com/password-check/

    Try various characters besides letters/numbers to increase your security.

    After you enter a test password an analysis will display.
     
  2. kanonfodr

    kanonfodr Supporting Member

    Joined:
    Jan 10, 2009
    Messages:
    875
    Location:
    Seattle, WA, USA, Earth
    Hmmm...my formula generates a password that would take 3 months to be brute-forced at the minimum. One of them was listed as 3 centuries...yay!!

    Peace,
    Greg
     
  3. 1958Bassman

    1958Bassman

    Joined:
    Oct 20, 2007
    Messages:
    1,886
    11 letters, 10,000+ centuries and it actually has an easy pattern..
     
  4. blastoff99

    blastoff99

    Joined:
    Dec 17, 2011
    Messages:
    435
    Well, that was sobering. Something that is like-my-password-but-not-my-password could be brute-forced in two days by the Mac.

    Guess I'll rethink this - right now.
     
  5. Register to disable this ad
  6. jp58

    jp58

    Joined:
    Dec 9, 2009
    Messages:
    391
    Location:
    Tennessee
    Yeah, looks like my passwords could all be cracked in a few days. I don't have anything on here worth spending two days on though.
     
  7. Selta

    Selta

    Joined:
    Feb 6, 2002
    Messages:
    8,740
    Location:
    Somewhere Far Beyond
    Disclosures:
    Uncompensated endorsing user: EBMM
    I don't even think they should bother with the single home computer as a baseline. Most brute forces are done in a BotNet, so IMO that one should be the top line.
    I use a different password for every site/login I have. If a site doesn't allow at least 15 characters, special characters/high ANSI, I don't register. I like how a theoretical, simple password of mine still shows as 10,000 centuries on the botnet and Tianhe-2.
    I wish more sites would move to dynamic two factor authentication though. Still no where near perfect, but a small step in the correct direction.
    If anyone is really interested in Cryptography, there's some movement being made on program obfuscation recently:
    https://www.simonsfoundation.org/quanta/20140130-perfecting-the-art-of-sensible-nonsense/
     
  8. Stumbo

    Stumbo Wherever you go, there you are. Supporting Member

    Joined:
    Feb 11, 2008
    Messages:
    11,640
    Location:
    Los Angeles
    Are you using a password manager?
     
  9. MJ5150

    MJ5150 Terrific Twister Supporting Member

    Joined:
    Apr 12, 2001
    Messages:
    16,755
    Media:
    13
    Albums:
    1
    Location:
    Lacey, WA
    Someone hacked my password the other day. I had to get a new dog.

    -Mike
     
  10. Pilgrim

    Pilgrim Supporting Member

    Joined:
    Jul 8, 2004
    Messages:
    14,159
    Location:
    Fort Collins, Colorado
    Hmmm. I see why my university changed their password requirements.

    My old 8-character PW with alphabetic characters and numbers would only take 24 minutes for a home PC to break. Adding a special character to it bumped the cracking time to 8 days.

    But using a 14-letter all-alphabetic conversational phrase which is easy to remember gave me a PW that would take 344 centuries to break! However, changing one or two letters makes a big difference in the time. (Hint: unusual words like "bandersnatch" really add time.)

    That's good cause for reflection.
     
  11. Selta

    Selta

    Joined:
    Feb 6, 2002
    Messages:
    8,740
    Location:
    Somewhere Far Beyond
    Disclosures:
    Uncompensated endorsing user: EBMM
    Yes. I use KeePass (http://keepass.info/) , and for my extra paranoid self, I keep the password file and key file in separate TrueCrypt containers (http://www.truecrypt.org/) that are themselves encrypted. Still not secure, but it'd be pretty difficult for most people to get to my credentials. Nothing is saved to the cloud, or within my browsers etc. KeePass is only run when I need the username/password, then closed, and the TrueCrypt containers dismounted.
    KeePass has a sweet password generator too that I sometimes use.

    Edit:
    Found a flaw already. They didn't include common rainbow table elements. If you put in 1a2b3c4d5e6f7g8h9i10j it says "4 years" for a BotNet. However, most rainbow files include that and permutations of that as well and would be cracked in most likely hours.
     
  12. mellowinman

    mellowinman Guaranteed to break the Ice at Naughty Parties Supporting Member

    Joined:
    Oct 19, 2011
    Messages:
    6,149
    Media:
    28
    Albums:
    1
    Location:
    Fort Wayne, IN
    Here is my old password:

    mimbiczu4%X9281yulabobnomnX429beagLehrblstN!rmle*yrmamazupadupa?lvRb0y853$

    I was having trouble remember it, so I decided to go back to

    password12345
     
  13. icks

    icks

    Joined:
    Jul 12, 2001
    Messages:
    1,008
    Location:
    Charleroi, Belgium
    Kids with text-message vocabulary will increase their password easily

    my name ' laurent ' is hack in 1 sec but " £@ur3nT " is better
     
  14. jasper383

    jasper383 Supporting Member

    Joined:
    Dec 5, 2004
    Messages:
    3,910
    Location:
    Durham NC
    Simple three word nonsense phrases can be very effective.

    Using a site like this one:
    https://howsecureismypassword.net/

    A password like Maury Jackal Eleven would take a quintillion years to crack.
     
  15. wild4oldcars

    wild4oldcars

    Joined:
    Jan 22, 2012
    Messages:
    965
    Location:
    Garner, NC
    2 seconds... great :rollno:
    but my other one is 44 years. not too bad
     
  16. SoComSurfing

    SoComSurfing Mercedes Benz Superdome. S 127. R 22. S 12-13. Gold Supporting Member

    Joined:
    Feb 15, 2002
    Messages:
    5,459
    Media:
    1
    Location:
    Mobile, Al
    Odd. My formula of a combo of capital letters, lowercase letters, and numbers. When I substitute a number with a special character, it goes from 8 centuries to 2. I wouldn't have expected that. Another combo in that formula goes from 7 to 1.
     
  17. SteveC

    SteveC

    Joined:
    Nov 12, 2004
    Messages:
    15,233
    Location:
    Grand Forks, North Dakota
    What are they doing with all the "test" passwords people are entering?
     
  18. 1958Bassman

    1958Bassman

    Joined:
    Oct 20, 2007
    Messages:
    1,886
    That's what I wondered. However, if someone goes to that site and their computer already has a keystroke logger, or if that site uses one, we're all screwed in the event that we decide to use some of the best new passwords.
     
  19. DwaynieAD

    DwaynieAD

    Joined:
    Nov 20, 2010
    Messages:
    2,255
    Location:
    Mechanicsburg, PA
    average home computer in 4 seconds. hell yeah
     
  20. DwaynieAD

    DwaynieAD

    Joined:
    Nov 20, 2010
    Messages:
    2,255
    Location:
    Mechanicsburg, PA
    forget the last letter in each of those nonsensical words and it gets better
     
  21. Phil Smith

    Phil Smith Mr Sumisu 2 U Supporting Member

    Joined:
    May 30, 2000
    Messages:
    4,512
    Location:
    Peoples Republic of Brooklyn
    Disclosures:
    Creator of: iGigBook, iGigBook Mobile, iGigBook Index, iGigBook Pager
    A brute force attack assumes there's no limit to the wrong attempts i.e. no lockout feature. Once you introduce a lockout feature, the brute force attack isn't effective at all.
     

Share This Page