1. Please take 30 seconds to register your free account to remove most ads, post topics, make friends, earn reward points at our store, and more!  
    TalkBass.com has been uniting the low end since 1998.  Join us! :)

How to create a strong password...

Discussion in 'Off Topic [BG]' started by Stumbo, Feb 4, 2014.

  1. Stumbo

    Stumbo Wherever you go, there you are. Commercial User

    Feb 11, 2008
    Intergalactic Mind Space
    Song Surgeon sofware rep.
    This is a Kaspersky Security test screen I was able to access as a subscriber while logged onto their support site


    Try various characters besides letters/numbers to increase your security.

    After you enter a test password an analysis will display.
  2. Hmmm...my formula generates a password that would take 3 months to be brute-forced at the minimum. One of them was listed as 3 centuries...yay!!

  3. 1958Bassman


    Oct 20, 2007
    11 letters, 10,000+ centuries and it actually has an easy pattern..
  4. blastoff99


    Dec 17, 2011
    SW WA
    Well, that was sobering. Something that is like-my-password-but-not-my-password could be brute-forced in two days by the Mac.

    Guess I'll rethink this - right now.
  5. jp58


    Dec 9, 2009
    Yeah, looks like my passwords could all be cracked in a few days. I don't have anything on here worth spending two days on though.
  6. Selta


    Feb 6, 2002
    Pacific Northwet
    Total fanboi of: Fractal Audio, AudiKinesis Cabs, Dingwall basses
    I don't even think they should bother with the single home computer as a baseline. Most brute forces are done in a BotNet, so IMO that one should be the top line.
    I use a different password for every site/login I have. If a site doesn't allow at least 15 characters, special characters/high ANSI, I don't register. I like how a theoretical, simple password of mine still shows as 10,000 centuries on the botnet and Tianhe-2.
    I wish more sites would move to dynamic two factor authentication though. Still no where near perfect, but a small step in the correct direction.
    If anyone is really interested in Cryptography, there's some movement being made on program obfuscation recently:
  7. Stumbo

    Stumbo Wherever you go, there you are. Commercial User

    Feb 11, 2008
    Intergalactic Mind Space
    Song Surgeon sofware rep.
    Are you using a password manager?
  8. MJ5150

    MJ5150 Terrific Twister

    Apr 12, 2001
    Lacey, WA
    Someone hacked my password the other day. I had to get a new dog.

  9. Pilgrim

    Pilgrim Supporting Member

    Hmmm. I see why my university changed their password requirements.

    My old 8-character PW with alphabetic characters and numbers would only take 24 minutes for a home PC to break. Adding a special character to it bumped the cracking time to 8 days.

    But using a 14-letter all-alphabetic conversational phrase which is easy to remember gave me a PW that would take 344 centuries to break! However, changing one or two letters makes a big difference in the time. (Hint: unusual words like "bandersnatch" really add time.)

    That's good cause for reflection.
  10. Selta


    Feb 6, 2002
    Pacific Northwet
    Total fanboi of: Fractal Audio, AudiKinesis Cabs, Dingwall basses
    Yes. I use KeePass (http://keepass.info/) , and for my extra paranoid self, I keep the password file and key file in separate TrueCrypt containers (http://www.truecrypt.org/) that are themselves encrypted. Still not secure, but it'd be pretty difficult for most people to get to my credentials. Nothing is saved to the cloud, or within my browsers etc. KeePass is only run when I need the username/password, then closed, and the TrueCrypt containers dismounted.
    KeePass has a sweet password generator too that I sometimes use.

    Found a flaw already. They didn't include common rainbow table elements. If you put in 1a2b3c4d5e6f7g8h9i10j it says "4 years" for a BotNet. However, most rainbow files include that and permutations of that as well and would be cracked in most likely hours.
  11. mellowinman

    mellowinman Free Man

    Oct 19, 2011
    Here is my old password:


    I was having trouble remember it, so I decided to go back to

  12. icks


    Jul 12, 2001
    Charleroi, Belgium
    Kids with text-message vocabulary will increase their password easily

    my name ' laurent ' is hack in 1 sec but " £@ur3nT " is better
  13. jasper383

    jasper383 Supporting Member

    Dec 5, 2004
    Durham NC
    Simple three word nonsense phrases can be very effective.

    Using a site like this one:

    A password like Maury Jackal Eleven would take a quintillion years to crack.
  14. wild4oldcars


    Jan 22, 2012
    Garner, NC
    2 seconds... great :rollno:
    but my other one is 44 years. not too bad
  15. SoComSurfing

    SoComSurfing Mercedes Benz Superdome. S 127. R 22. S 12-13.

    Feb 15, 2002
    Mobile, Al
    Odd. My formula of a combo of capital letters, lowercase letters, and numbers. When I substitute a number with a special character, it goes from 8 centuries to 2. I wouldn't have expected that. Another combo in that formula goes from 7 to 1.
  16. SteveC

    SteveC Moderator Staff Member Supporting Member

    Nov 12, 2004
    North Dakota
    What are they doing with all the "test" passwords people are entering?
  17. 1958Bassman


    Oct 20, 2007
    That's what I wondered. However, if someone goes to that site and their computer already has a keystroke logger, or if that site uses one, we're all screwed in the event that we decide to use some of the best new passwords.
  18. average home computer in 4 seconds. hell yeah
  19. forget the last letter in each of those nonsensical words and it gets better
  20. Phil Smith

    Phil Smith Mr Sumisu 2 U

    May 30, 2000
    Peoples Republic of Brooklyn
    Creator of: iGigBook for Android/iOS
    A brute force attack assumes there's no limit to the wrong attempts i.e. no lockout feature. Once you introduce a lockout feature, the brute force attack isn't effective at all.