How To Make Strong, Easy-To-Remember Passwords

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I know most of you are capable of coming up with a strong password that you won’t forget but, in case you need help (or want to pass this on to a family member), here is an article that can be helpful. I guess it is time to upgrade that 123456 password I use for everything.

One way to create a password that's hard to guess but easy to remember is to make up a phrase. You could type in the entire phrase (some sites let you use spaces, others don't) or you can use the initials of each word in the phrase, for instance, "IgfLESi85" for "I graduated from Lincoln Elementary School in '85." An even better one would be "MbfihswE&S" for "My best friends in high school were Eric and Steve." You get the idea--upper case numbers, letters, and symbols that are seemingly meaningless to everyone but you.
Click to expand...
 
I just use KeePass and sync it with DropBox. :) Good article though. I think I tried the phrase once but forgot the exact wording of it...so fail :(
 
For passwords that I atleast attempt to remember, I like diceware passwords. For the storing of my passwords I use password safe and use the random password generator for my less frequently used passwords that I don't feel like remembering.

As for the article, I find it really lacking. Both of the password storage programs listed were closed source commercial offerings. It really isn't a good idea to trust encryption software that is not open source.
 
soulesschild said:
I just use KeePass and sync it with DropBox. :) Good article though. I think I tried the phrase once but forgot the exact wording of it...so fail :(
Click to expand...

How are you doing this? When I create the *.kdbx and *.key files with KeePass running on one machine, then try to open them with KeePass running on another machine I get this error:

8qrourc54vsnngsmnlm.png


Obviously I am using the same password and specifying the same *.key file...
 
criccio said:
How are you doing this? When I create the *.kdbx and *.key files with KeePass running on one machine, then try to open them with KeePass running on another machine I get this error:

8qrourc54vsnngsmnlm.png


Obviously I am using the same password and specifying the same *.key file...
Click to expand...

I tried it both ways, meaning I created a new *.kdbx file on the other machine and the first machine could not open it.

What am I doing wrong?
 
some of my account passwords at work are ridiculous
there's literally about 20 rules your password must follow plus I have to change it every 2 weeks. They are just begging people to store their passwords some where.
 
eon said:
some of my account passwords at work are ridiculous
there's literally about 20 rules your password must follow plus I have to change it every 2 weeks. They are just begging people to store their passwords some where.
Click to expand...

We had 8 passwords that changed at 2,4,6,8 weeks, each a different interval.
That really sucked.
 
Frankly I have some many systems I admin that I had to come up with a system for my password. Unfortunately it is not a real secure way to do things, I simply have the same password .XXX with the XXX starting at 000 and going up until they let you reuse again.

So for example if I used "password" as the base of my password it would be "password.000" then the next time it has to change "password.001" "password.002" and so on. There is a limit to how many passwords you can actively remember if your not some rainman type of person.

I admin 32 seperate "stations" and each is supposted to have a unique and different password changed every 30 days and remembers the last 24 used with the requirements of a minimum 12 chars, and at least 3 of letters, mixed case, numbers, symbols.

Bio-centric authentication Where-R-U!
 
Bone_Enterprise said:
Yeah because trusting open source coders is so much better.
Click to expand...

It is when the security of the algorithm and implementation can be validated. There are several closed source encryption programs that have been found out to be highly insecure. Here is a good example where they claim to use AES and instead use XOR instead: http://www.h-online.com/security/Enclosed-but-not-encrypted--/features/110136/0 I am not saying that being open source makes a program secure, but it is much easier for people to validate the claims of security.
 
criccio said:
I tried it both ways, meaning I created a new *.kdbx file on the other machine and the first machine could not open it.

What am I doing wrong?
Click to expand...

That's interesting. I did it just the way you described and it works fine on my work machine, machine at home, and my netbook. Though I don't have it in a sub folder, maybe that could be a problem? :confused::confused:
 
soulesschild said:
That's interesting. I did it just the way you described and it works fine on my work machine, machine at home, and my netbook. Though I don't have it in a sub folder, maybe that could be a problem? :confused::confused:
Click to expand...

Hmm, no change after putting the file in the root of my Dropbox... Well that's annoying. :mad:
 
I'm not the best as far as using different passwords every time but mine is completely random, means nothing to me or anybody else, and I memorize it easily.
 
soulesschild said:
I just use KeePass and sync it with DropBox. :) Good article though. I think I tried the phrase once but forgot the exact wording of it...so fail :(
Click to expand...

KeePass FTW. What sucks, however, is how limiting most banks/CC companies are when it comes to passwords. Far too many limit you to Numbers and letters. OTOH, if you go to a site like logmein, you can use anything, including control characters.

Heck, I've seen some banks that limit you to 8 or 9 characters [0-9a-zA-Z]. In most cases, you can't even get to 100bits. I think logmein you can create somewhere between 200-300 bit keys.
 
What I use for my important passwords (banks, stores, etc...) is a hex conversion of the decimal code of the alphanumeric characters of a word significant to me and then I add two more characters for each site I visit that are significant to that site.

The final password ends up being a garbled mess of letters and numbers that seem to have no meaning whatsoever.

The only flaw I can see is that if someone gets a hold of two or more of my passwords, they could theoretically guess what the password might be for every other site as long as they figure out what the extra two significant characters are for each site.
 
For those work passwords, just use an incrementing system. It's pretty easy. Have something like abc123. When you have to change it abc124 then abc125 and so on. My work has more password rules than you can shake a stick at but with this system it's a piece of cake. Of course you can be like one of my colleagues who forgets his password to log into his computer and when asked where he keeps a hard copy he replies "A file in the computer". Dolt.
 
nilepez said:
KeePass FTW. What sucks, however, is how limiting most banks/CC companies are when it comes to passwords. Far too many limit you to Numbers and letters. OTOH, if you go to a site like logmein, you can use anything, including control characters.

Heck, I've seen some banks that limit you to 8 or 9 characters [0-9a-zA-Z]. In most cases, you can't even get to 100bits. I think logmein you can create somewhere between 200-300 bit keys.
Click to expand...

+11111111

I find it retarded how banks limit your password scheme. I want my password to be secure damnit! :mad:

I also love how KeePass has the ability to remind you when passwords expire.
 
I hate it at work were we need almost for every single thing and application an user name and password, not only that but the passwords must be changed really often. It makes it really annoying, and sometimes hard to remember if passwords aren't the same. Therefore usually when I must change a password I only add a number after the original password.. Just like twatt posted a couple posts above.
I would've thought that using Secure id and VPN would be sufficient, and one account for the computer itself.
 
R0N1 said:
I hate it at work were we need almost for every single thing and application an user name and password, not only that but the passwords must be changed really often. It makes it really annoying, and sometimes hard to remember if passwords aren't the same. Therefore usually when I must change a password I only add a number after the original password.. Just like twatt posted a couple posts above.
I would've thought that using Secure id and VPN would be sufficient, and one account for the computer itself.
Click to expand...

What I hate is how the dumb fucks in certain departments can't get with the program and let us use the same password for all of these rarely used apps. It doesn't make anything more secure...if anything, it leads to employees using weaker passwords. I also like it when some rogue web app decides that my username is an email address, while everything else uses my log in name....not that it'd fool any employee, since they all have access to that app....of course my favorite is howdoing a password reset changes the password to, you guessed it, password. :rolleyes:

It's not secure. it's securey.
 
You must log in or register to reply here.
Back
Top