Tuesday, February 15, 2011

Password-fu

Not here, over at Paladin's.  He shows you why a good password is important.  With numbers. [Link now dead, unfortunately.  See the update below  - Borepatch]

The only thing I'd add is that you can make it even stronger if you shift from a password to a passphrase.  The problem with passwords is that as you add the complexity that Paladin rightly suggests, they get harder to remember.  A passphrase doesn't have that problem.

Step 1.  Think of a sentence you can remember.  "Borepatch is the most boring Blog EVER!" is a good start.  You can use anything you like, as long as you'll remember the sentence.

Step 2.  Take the first letter of each word.  I have "BitmbBE!" - pretty incomprehensible, but I can mumble it to myself as I type it.

Step 3. Profit!  Err, or something.  There isn't any step 3 - you got your passphrase in step 2.

And now head on over to Paladin's to see how long it would take someone to crack it.

UPDATE 29 August 2017 16:16: Peter emails to point out the link was dead, but also to point out that he has a password strength checker, on a page that has a great overview of how to create strong and easy to remember passwords.  Recommended.

11 comments:

Alex said...

You could make it even stronger by changing one or more of the letters for numbers as well. For instance, make the 2nd B an 8 in your example. So Bitm8BE!

The word to or too becomes 2 instead of t, b's can become 8's, S's could become 5's. Just adds more complexity, and I have found that it is just as easy to remember as the catch phrase.

raptros-v76 said...

I just randomly generate mine. They don't take long to memorize.

ASM826 said...

Then, and most importantly, don't write it on a post-it and put under your keyboard.

Syrysly, don't.

New Jovian Thunderbolt said...

Shoulda done "B1tmbBE!"

and I'd go more than 8 characters, but I'm a suspender and a belt man.

wolfwalker said...

Borepatch, I'll see your flash-card strength chart and raise you an interactive password tester.

Double or nothing: if you don't trust an unknown site, here's a known one. Which appears to agree with the first, more or less, for the three passwords I tried on it.

wolfwalker said...

Hey Borepatch, I'll see your password-strength chart and raise you an interactive password checker.

aczarnowski said...

Get a copy of KeePass. I copy my desktop's password database to my Android phone regularly and use KeePassDroid there too (lots of other phone OSs supported it looks like). As open source, it's not tied to a company and has more than a few eyes sweeping out the bugs.

The redundant copies mean backups are happening naturally and I don't ever have to remember all the different character jumbles.

bj03064 said...

Unless you have a coercive password generation scheme that requires no more than 2 alphas with one in uppercase, then at least one number, then no more than 3 alphas (mixed case again), etc...

I tried to explain that this kind of coercive password generation requirement makes passwords to hard to remember so many people write them down... only to be told to "use something you can remember".

Heh...

KurtP said...

I generally use one of my favorite trucks... 96makemodel or if they want caps 96MakeModel.

Long enough and easy to remember.

Ian Argent said...

My last password was based on a lyric from an earworm; at first I was like "what was I THEENKENG!?" because every time I typed my password I got earworms, but frequent use has reduced the effect.

Knucklehead said...

ASM826,

Doubt you will ever read this as I am 5 years+ late to the party, but BorePatch sent us here, so here goes. Not that very long ago I was in a retail establishment when a brief power failure caused the POS terminal to reset and that apparently required the current checkout person, who apparently never opened the place of business and had never logged the terminal in, to have to login. He had no idea of the password and started making phone calls to try and discover it. After a while a manager showed up and, no kidding, lifted the keyboard and withdrew the sticky. I couldn't help laughing.