Jump to content
Kev

A tool to make strong passwords that are easy to remember

Recommended Posts

Here’s a strong password: Mi7ki#Gi3na&Go1ld$

 

Do not use it anywhere. Read the following to understand how we came up with this password, and use a similar logic to make passwords from words you can remember, without telling anyone! This is for educational purposes only.

 

Why is this a strong password?

Based on the latest research from Carnegie Mellon University, strong passwords have at least 12 characters (the longer, the better), do not contain any dictionary words (the hackers use databases with common words), and have uppercase and special characters at non-obvious places (the hackers know if you put special characters in the obvious places, like replacing a 5 with an S).

 

You can copy the password above and paste it in the Carnegie Mellon Password Strength Meter to see how strong it is, and tweak it to make it even more stronger.

 

How can I remember this password?

Here’s the logic we used to make this password from the three words you entered:

 

First, we capitalized the words. That you can easily remember! It's better to capitalize random letters of each word, but this password does not include that because there is already enough complexity which makes it strong.

 

Then, we inserted a number in the middle of each word, to make it unidentifiable as a dictionary word. For example, ca8ts is harder to guess than cats. You can insert any three numbers you like and remember that.

 

Finally, we inserted special characters between the words. You can pick your own special characters.

 

In combination, this password is long and complex enough that it is hard to guess, but is also based on three words you like, so it’s easy to remember.

 

Why not just use "mikiginagold"?

Because it’s too easy to guess, unless you chose three words that don’t exist in the dictionary. Even then, we recommend you insert some numbers and special characters somewhere in the middle so they increase in complexity. You can play around with the Carnegie Mellon Password Strength Meter tool.

 

Why three words? Why not just two words and numbers and special characters?

The longer the password, the harder it is to guess, and the stronger it is. It takes exponentially more effort for hackers to crack a longer password. This is really really important.

 

Why not just "miki123" or "gina123" or "gold123"?

Never ever use these! It’s very common for people to simply add 123 or 123! to their favorite words and use that string as a password, but such passwords are the weakest and can be guessed very easily. Millions of passwords have been breached and stored in hacker databases, and xxx123! are very common in them.

 

Why are strong passwords important?

Because passwords are stolen all the time, and if your password is weak, it can be guessed and your accounts can be breached.

 

Did you know that you can actually find out if any of your existing passwords may have been breached? Go to https://monitor.firefox.com/ and enter your email address. It will show you all your passwords that may have been breached.

 

What else can I do to keep my passwords safe?

First, use strong passwords for all accounts with the logic explained above. If any of your online accounts support social logins via Google or Facebook, use that and avoid creating a password!

 

Second, use unique passwords for each of your online accounts. Do not use the same password for multiple accounts. If one is breached, you don’t want the others to be exposed as well.

 

Third, enable two-factor authentication when possible. Even if your account is breached, two-factor allows you to confirm when someone is trying to login to your accounts–that’s a good safety mechanism.

 

Finally, keep an eye on password breaches by registering at https://monitor.firefox.com/ . It will email you if any of your passwords were found in a breach, and you can change them immediately.

 

Link: https://makestrongpassword.com/

Source: Google

  • Upvote 1
Link to comment
Share on other sites

Ce nu am inteles eu niciodata e: "La ce folosesti o parola secure?"

Oricum trebuie sa folosesti parole diferite pentru fiecare serviciu. Parola Mi7ki#Gi3na&Go1ld$ e inutila daca o folosesti si pe gmail si pe hacker-romania-forum.biz.co
Adminul serviciului se poate sa nu ii faca nici macar un hash, sau sa o vanda el, personal ca leak.

In opinia mea, parola Mi7ki#Gi3na&Go1ld$ e overkill pentru gmail, facebook, instagram, etc. Nu se poate face bruteforce la login, iar hashul parolei, daca e leak, e leak si la content. Ca doar nu face cineva dump doar la tabelul parole dar nu si la tabelele mesaje si admin.
In plus chiar daca e leaked hashul parolei de facebook, sper ca facebook foloseste salted hash... Si poate hardened cu 100000x rounds scrypt?!? Adica mult mai greu de crackuit...

Adica parola Mi7ki#Gi3na&Go1ld$ nu e ideala nici pentru servicii in care nu ai incredere, nici pentru servicii in care ai incredere maxima.

Desigur, parola e ok in cazul in care ai asteptarea ca hashul devine public. (ca de exemplu JWT tokens, ECC keys, public SSH etc.) In cazul asta cred ca e mult mai rezonabil sa folosesti o parola random, cu o entropie definita. Si ca sa o retii folosesti un keychain privat cu ce parola vrei tu. (plus hardening 10000..x rounds scrypt, bcrypt, etc.)

Sunt curios la ce folositi voi o parola ca "Mi7ki#Gi3na&Go1ld$"? Care e pitfall-ul in care cad eu, crezand ca o parola ca "AlexFootballC00L!!!" e mai mult decat ok pentru majoritatea situatiilor?

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...