Loading...
HOME
 |
How To Remember Complex Passwords - Use the BEST password system ever! | ||
Discussion by travstatesmen with 14 Replies.
Last Update: November 8, 2008, 4:52 pm | |||
 |
|||
 |
 |
|
 |
 |
| Reply / Comment | New Discussion / Topic | Share / Bookmark | E-Mail a Friend |
 |
|
|
The Trap17 forums have a whole subforum devoted to those amongst use who have failed to remember their passwords, and have locked themselves out of their free web hosting account. If you forget your password, you can go to Free Web Hosting, No Ads > FREE WEB HOSTING > FREE WEB HOSTING REQUESTS > Free Web Hosting : Password Reset and ask the friendly admins there to reset your password for you.
Remember the days when your password on the Internet could be something like andrew18? And you could use that same password on all three websites that you visited regularly? Well those days are long gone, and we need to not only create and remember much more complex passwords, but for security reasons we are advised to use different complex passwords for each site we visit, and also we are expected to change those complex passwords regularly. So, here is an example that you can do for yourself. Try memorizing this....
- Trap17 forums password: c?.3\FeO/q),%:!Sg%Uv
- cPanel Login: 3J'hP6#eg&!(%>QS8AwJ
- FTP access password: C%l3`V:?h*F!1myt^!kl
- Login for your Blog: P3lq!5mLtGio;8i*F3%K
- Login for your MySpace or other network profile: WNvd;IiB2jORSY'%?6FF
One suggestion that I have seen on the internet is to develop an interleaved password system, which uses two less complex passwords weaved into each other to create a much more complex password. For example, here are two relatively low-security passwords...
- rubyonrails (11 characters, 48 bits)
- ANDREW18 (8 characters, 42 bits)
- rAuNbDyRoEnWr1a8ils which makes a great password of 19 characters, and 108 bits.
- rAuNbDyRoEnWr1a8ils
Another good idea is to use a password manager. There are plenty of good password managers out there these days, such as the examples above. Many of these packages have the facility to not only store and retrieve your passwords, but also to generate complex random passwords for you on the fly, and even to autofil online forms with your username and password details from their database! Now you will never need to remember another password again! Well, not quite. They will most likely have a single sign-on password that you will need to remember. Your passwords should be stored in such password management programs in an encrypted form, and will need to be decrypted with a key, which you will need to remember!
One of the failings with all of the systems above is that they need to be installed on your local computer. They are not really all that portable. You may need to start thinking about ways to synchronize the password management database, such as emailing the database file between your work computer and your home computer, or making use of a USB thumb drive. But what happens in a situation, such as I have at work, where you are forbidden from attaching anything to your work computer, and plugging in a USB thumb drive could mean that you violate your company's IT policy, and you could get fired! And, whats more, installing a password manager package, even a freeware one, is impossible due to the software distribution policies enforced on the company network. Even if you could access the data on the USB thumb drive you couldn't decrypt it without the password manager application being installed also.
So, here is how I overcome this situation. I use a program called KeePass Password Safe, which not only does not need to be installed, and can run directly from a USB thumb drive, but also they have a PocketPC version which can read the same database as the desktop PC version! What I do is I keep my password database on the miniSD memory card of my smartphone, and either access it though a card-reader on my desktop PC or laptop, or I access the passwords directly on the touch-screen of my smartphone. This means that in situations where you cannot get access to your passwords in any other way on the desktop PC, at least you can still view them and type them in manually from the smartphone. Total portability! The only thing that I can think of that would be better than this is an enterprise grade password management token, such as MandyLion, starting at $US269 for a 5 User Workgroup. One of the best things about KeePass Password Safe is that it is free!
So, there you have it, my solution to the problem of how to remember all those complex passwords. In short, don't! You only need to remember one complex password, which you could create using the interleaved password system outlined above. This password then gives you access to the rest of your passwords, that are stored in a password manager, which can create complex passwords for you, can remember and retrieve them for you, and can create new ones regularly, (even backing up the old ones when it does). This meets most of the expectations of a secure password system. And doing this will take the workload off the Trap17 administrators, so that they don't have to keep on resetting your password for you because you forgot it again!
So, download KeePass Password Safe today. Go on, what are you waiting for?
QUOTE (travstatesmen)
If you forget your password, you can go to Free Web Hosting, No Ads > FREE WEB HOSTING > FREE WEB HOSTING REQUESTS > Free Web Hosting : Password Reset and ask the friendly admins there to reset your password for you.Link: view Post: 405539
You can reset your hosting account password yourself by visiting http://www.trap17.com/manage/ Just log in with your forum username and password, and choose the option to reset your hosting account password. Then it gets done instantly and automatically, rather than waiting for someone to do it for you
A theory I advocate, rather than passwords is passphrases. Most software used to guess passwords will cycle through common patterns, dictionary words, etc. However, even a password like g"1R%v can be guessed by software fairly quickly by cycling through every possible character in every possible location. Now that graphics cards are being used to do this, the time taken to crack a password has dropped dramatically. However, consider the following passphrase:
First in my class here at M.I.T., Got skills, I'm a Champion of DND
That contains a mixture of uppercase and lowercase characters, and punctuation. You can always tag a number on the end if you have to. It is also incredibly easy to remember (as long as you are a Weird Al fan
).Now look at how long each one would take to crack:
The first password has 128 possible characters per place, and is 14 characters long. 4.40x1012 possibilities. At 200,000 guesses per second, that would take an absolute maximum of 254 days to guess. Two computers takes that down to half.
The second passphrase, even if it was all in lowercase, would have 26 possible characters, and is 66 characters long. At our best estimates the Sun would have exploded long before it was guessed
Passphrases, to me, make much more sense than passwords. They are far easier to remember, and are much more secure. Also, when typing words you type much quicker than typing random symbols. This helps stop people reading your password over your shoulder as you type.QUOTE (travstatesmen)
So, there you have it, my solution to the problem of how to remember all those complex passwords. In short, don't! You only need to remember one complex password, which you could create using the interleaved password system outlined above. This password then gives you access to the rest of your passwords, that are stored in a password manager, which can create complex passwords for you, can remember and retrieve them for you, and can create new ones regularly, (even backing up the old ones when it does). This meets most of the expectations of a secure password system. And doing this will take the workload off the Trap17 administrators, so that they don't have to keep on resetting your password for you because you forgot it again!Link: view Post: 405539
The problem with password managers is their encryption. If the encryption algorithm is flawed then you may as well not bother with the password in the first place. I even once saw a password manager that stored the passwords in a plaintext file in the following format:
trap17.com|username|password
On top of using hte manage page of changing your password you can change your password there for free and thus you can save yourself 15 credits, Unless of course you forgot your password or it no longer works and so yo uhave to spend the 15 credits to get back. As for remembering password the best thing to do is write it down and on top of that use it in several other accounts such as email, IM clients etc etc. It took me a few weeks to memorize my password after changing it for the first time in 12 years and heres the disturbing thing it was a no no password, someone's name. So yeah how I survived the last 12 years on that password without having any problems Iwill never know.
Ok to break your post down to toss in a bit of reality, password managers are only as effective if you have a secured system because if your computer gets trapped that password manager just became your worse enemy. The other thing is though if your system was to crash and your password were connected to the web you have to be able to remember them again and if you don't you have to go through the process of changing all of them. So the best thing I would do is two 1-3 password you can memorize 100% accuracy and that way when you do have to type it in again your fingers will fly over the keyboard in putting it in.
However, lets not forget all those online password generators, don't use them because your asking for a world of hurt since the algorithms could easily be hacked and most of them are not new either. Another recommendation I would make is learn about leetspeak, that is a good way to help create a stronger password since your changing 1's into i's or 3's to E's.
Ok to break your post down to toss in a bit of reality, password managers are only as effective if you have a secured system because if your computer gets trapped that password manager just became your worse enemy. The other thing is though if your system was to crash and your password were connected to the web you have to be able to remember them again and if you don't you have to go through the process of changing all of them. So the best thing I would do is two 1-3 password you can memorize 100% accuracy and that way when you do have to type it in again your fingers will fly over the keyboard in putting it in.
However, lets not forget all those online password generators, don't use them because your asking for a world of hurt since the algorithms could easily be hacked and most of them are not new either. Another recommendation I would make is learn about leetspeak, that is a good way to help create a stronger password since your changing 1's into i's or 3's to E's.
Thankyou. I will use this to remember my passwords also.
Does it need a serial, or license key?
Does it need a serial, or license key?
Some interesting comments and perspectives, as always, Saint_Michael and rvalkass. I can see that I am going to enjoy getting into debates with you two later. My wife tends to enjoy discussion and chat more, but I quite enjoy an intellectual challenge, having to back up my comments with facts and such. I'll meet you both at some time in the Life Talk > Debates forum no doubt. I haven't had time to get there yet, but I look forward to sparring with you both.
I found an interesting little tool on the Internet a while ago which I thought I'd share here. It is an Online Password Calculator by Last Bit Software. It will take as inputs the length of the password (to a maximum of 20 characters), the number of passwords per second that are being processed by a brute force attack, and the ASCII character groupings (upper case, lower case, digits, punctuation, etc) and will calculate how long it would take for a brute force attack against such a password to be completed. It basically does what rvalkass did above, but I am not a mathematician so I rely on such tools. As they say, there are three types of mathematicians in the world: those that can count and those that can't.
According to the Online Password Calculator, it would take only 10 days to crack the password example g"1R%v that was given by rvalkass, at 200,000 passwords per second. Whereas, the longer example, a line from my theme song "White and Nerdy" by Weird Al Yakovic (good choice rvalkass!) can not even be evaluated by the Online Password Calculator as its 67 character length exceeds the limit of this online tool. But at the maximum limit of the tool, 20 characters, this online tool says that it would take 2.1367476784093944x1023 years to crack the password for a single computer crunching 200,000 passwords per second. That would be something similar to the Deep Thought computer, the second largest computer ever made (according to fiction author Douglas Adams), wherein the makers of the computer that ran the program had to leave it to their ancestors to finally read the results. In the meantime the ancestors had formed a whole religion out of the computer and its program, while waiting for the answer.
Speaking of mathematicians who can't count, I'm pretty sure that your example from a line of "White and Nerdy" is actually 67 characters in length, rvalkass, and not 66 as you stated. However, the passphrase idea is a good one, as long as, as you say, it includes punctuation and numbers.
Link: view Post: 405547
I agree, keeping all your treasure in a safe where the lock is broken and the door is held closed with a bit of chewed up bubblegum probably isn't going to be adequate protection. The encryption systems that KeePass Password Safe uses are the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithms to encrypt its password databases. There is a detailed discourse about the security measures implemented in Keepass Password Safe which, being that I have already acknowledged my own inadequacies as being mathematically challenged, I will leave it up to you to interpret.
I found an interesting little tool on the Internet a while ago which I thought I'd share here. It is an Online Password Calculator by Last Bit Software. It will take as inputs the length of the password (to a maximum of 20 characters), the number of passwords per second that are being processed by a brute force attack, and the ASCII character groupings (upper case, lower case, digits, punctuation, etc) and will calculate how long it would take for a brute force attack against such a password to be completed. It basically does what rvalkass did above, but I am not a mathematician so I rely on such tools. As they say, there are three types of mathematicians in the world: those that can count and those that can't.
According to the Online Password Calculator, it would take only 10 days to crack the password example g"1R%v that was given by rvalkass, at 200,000 passwords per second. Whereas, the longer example, a line from my theme song "White and Nerdy" by Weird Al Yakovic (good choice rvalkass!) can not even be evaluated by the Online Password Calculator as its 67 character length exceeds the limit of this online tool. But at the maximum limit of the tool, 20 characters, this online tool says that it would take 2.1367476784093944x1023 years to crack the password for a single computer crunching 200,000 passwords per second. That would be something similar to the Deep Thought computer, the second largest computer ever made (according to fiction author Douglas Adams), wherein the makers of the computer that ran the program had to leave it to their ancestors to finally read the results. In the meantime the ancestors had formed a whole religion out of the computer and its program, while waiting for the answer.
Speaking of mathematicians who can't count, I'm pretty sure that your example from a line of "White and Nerdy" is actually 67 characters in length, rvalkass, and not 66 as you stated.
However, the passphrase idea is a good one, as long as, as you say, it includes punctuation and numbers.QUOTE (rvalkass)
The problem with password managers is their encryption. If the encryption algorithm is flawed then you may as well not bother with the password in the first place.Link: view Post: 405547
I agree, keeping all your treasure in a safe where the lock is broken and the door is held closed with a bit of chewed up bubblegum probably isn't going to be adequate protection. The encryption systems that KeePass Password Safe uses are the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithms to encrypt its password databases. There is a detailed discourse about the security measures implemented in Keepass Password Safe which, being that I have already acknowledged my own inadequacies as being mathematically challenged, I will leave it up to you to interpret.
A few things to note regarding passwords:
Generally bruteforce attempts are done locally on stolen hashes. Web servers should lock out users who repeatedly fail login attempts (or at least hinder them, for example by forcing them to answer a CAPTCHA on each login attempt like gmail). This means that your password is safe unless the database of the website is compromised - in which case a hacker would only have a password hash. (Assuming they didn't store your password as plaintext!!)
Common hashes (e.g. MD5, SHA-1) can be bruteforced extremely fast - at millions of tests a second on a regular computer.
There exists wordlists of many thousands of words and common passwords, these would be tested first! This means that having a password of 1234567890 or qwertyuiop is going to be unsafe, even though they are both 10 digits long..
There are only about 95 (don't know the number off the top of my head) usable characters in the first 128 ASCII characters, so counting the other 30 in calculations is probably useless... However, having a password like 2²=4 using characters which are in the second half of the ASCII table would greatly increase security - well at least if it's lengthy! 2³²=4294967296 would make a great password...
Keep in mind that someone trying to bruteforce a password does not know what character types are in it.
Generally bruteforce attempts are done locally on stolen hashes. Web servers should lock out users who repeatedly fail login attempts (or at least hinder them, for example by forcing them to answer a CAPTCHA on each login attempt like gmail). This means that your password is safe unless the database of the website is compromised - in which case a hacker would only have a password hash. (Assuming they didn't store your password as plaintext!!)
Common hashes (e.g. MD5, SHA-1) can be bruteforced extremely fast - at millions of tests a second on a regular computer.
There exists wordlists of many thousands of words and common passwords, these would be tested first! This means that having a password of 1234567890 or qwertyuiop is going to be unsafe, even though they are both 10 digits long..
There are only about 95 (don't know the number off the top of my head) usable characters in the first 128 ASCII characters, so counting the other 30 in calculations is probably useless... However, having a password like 2²=4 using characters which are in the second half of the ASCII table would greatly increase security - well at least if it's lengthy! 2³²=4294967296 would make a great password...
Keep in mind that someone trying to bruteforce a password does not know what character types are in it.
Hi,
It was too technical for my little head but I tried to figure a way to create good passwords and remember them easily...
Consider a verse of a song that you love, that you chant easily...
Who can hold a fire in his hand and think to the frost Caucasus?
OK!
Now look at this: W!c@H#a$F%i^h&H*a(T)t!T@f#C
Pretty complex huh?
You can memorize it by a simple pattern and there are many nice verses that you know that you can use.
Just a little experience!
Good luck with your password,
CyrusX
It was too technical for my little head but I tried to figure a way to create good passwords and remember them easily...
Consider a verse of a song that you love, that you chant easily...
Who can hold a fire in his hand and think to the frost Caucasus?
OK!
Now look at this: W!c@H#a$F%i^h&H*a(T)t!T@f#C
Pretty complex huh?
You can memorize it by a simple pattern and there are many nice verses that you know that you can use.Just a little experience!
Good luck with your password,
CyrusX
QUOTE (travstatesmen)
According to the Online Password Calculator, it would take only 10 days to crack the password example g"1R%v that was given by rvalkass, at 200,000 passwords per second.Link: view Post: 405601
However long it would take, we have established that it is not all that long. What is considered by many to be a secure password is, in fact, not very secure at all. People use passwords like that for online banking, their emails, and all sorts of other incredibly important accounts. If someone is determined enough, they don't need long to crack that password.
QUOTE (travstatesmen)
Whereas, the longer example, a line from my theme song "White and Nerdy" by Weird Al Yakovic (good choice rvalkass!) can not even be evaluated by the Online Password Calculator as its 67 character length exceeds the limit of this online tool. But at the maximum limit of the tool, 20 characters, this online tool says that it would take 2.1367476784093944x1023 years to crack the password for a single computer crunching 200,000 passwords per second. That would be something similar to the Deep Thought computer, the second largest computer ever made (according to fiction author Douglas Adams), wherein the makers of the computer that ran the program had to leave it to their ancestors to finally read the results. In the meantime the ancestors had formed a whole religion out of the computer and its program, while waiting for the answer.Link: view Post: 405601
A password only really needs to be strong enough so that, when it is finally inevitably cracked, the information/power/access the cracker gets is pointless and of no use to them. If a password will take a thousand years to crack, by the time that has been done, the password would be of no use to the cracker.
QUOTE (travstatesmen)
Speaking of mathematicians who can't count, I'm pretty sure that your example from a line of "White and Nerdy" is actually 67 characters in length, rvalkass, and not 66 as you stated. However, the passphrase idea is a good one, as long as, as you say, it includes punctuation and numbers. Link: view Post: 405601
I counted it and calculated it before I put the comma between the two lines
Even without punctuation and numbers, even with only lowercase letters, a passphrase is a much better bet. A 20 character all-lowercase password is 1,000 times better (literally!) than a 12 character password using punctuation, uppercase, lowercase, etc. Punctuation and numbers are only included to satisfy those signup forms that require them.QUOTE (Nabb)
Generally bruteforce attempts are done locally on stolen hashes. Web servers should lock out users who repeatedly fail login attempts (or at least hinder them, for example by forcing them to answer a CAPTCHA on each login attempt like gmail). This means that your password is safe unless the database of the website is compromised - in which case a hacker would only have a password hash. (Assuming they didn't store your password as plaintext!!)Link: view Post: 405619
If the entire database was compromised, the hacker would have all the information anyway. If, however, they only had usernames and passwords, then I would hope the creator of the site had used salted one-way encryption to store the passwords.
QUOTE (Nabb)
Common hashes (e.g. MD5, SHA-1) can be bruteforced extremely fast - at millions of tests a second on a regular computer.Link: view Post: 405619
Unless they are salted. The rainbow tables which store all possible hashes, and the passwords which create them, have unsalted hashes. What you need to do is hash something like "74gfbv94372bv03864" + "password". That way, a rainbox lookup table has to be created solely for your site, which takes a colossal amount of time, and isn't worth the effort.
QUOTE (Nabb)
There are only about 95 (don't know the number off the top of my head) usable characters in the first 128 ASCII characters, so counting the other 30 in calculations is probably useless... However, having a password like 2²=4 using characters which are in the second half of the ASCII table would greatly increase security - well at least if it's lengthy! 2³²=4294967296 would make a great password...Link: view Post: 405619
Unfortunately my keyboard doesn't feature keys for characters like ³, ², µ and ». Using them in a password would be great, but looking them up in a character table on the screen would be a bit obvious!
QUOTE (Nabb)
Keep in mind that someone trying to bruteforce a password does not know what character types are in it.Link: view Post: 405619
Sometimes they do. Some websites stipulate a password must contain lowercase, uppercase, numerals and punctuation. Some still say it must all be lowercase. Some set the length. They have no reason to do any of this, but they do it anyway.
QUOTE (travstatesmen)
[*]Trap17 forums password: c?.3\FeO/q),%:!Sg%Uv[*]cPanel Login: 3J'hP6#eg&!(%>QS8AwJ
[*]FTP access password: C%l3`V:?h*F!1myt^!kl
[*]Login for your Blog: P3lq!5mLtGio;8i*F3%K
[*]Login for your MySpace or other network profile: WNvd;IiB2jORSY'%?6FF
Link: view Post: 405539
I wonder these passwords can be remembered..
some people suggest me to use number and then change it to symbol, if your password is perhaps 891105 then the password should be *(!!)%, because when trying to input the number, press shift and change it to symbol right above the number in keyboard. Is this good?
QUOTE (innosia)
I wonder these passwords can be remembered..some people suggest me to use number and then change it to symbol, if your password is perhaps 891105 then the password should be *(!!)%, because when trying to input the number, press shift and change it to symbol right above the number in keyboard. Is this good?
Link: view Post: 405705
Just because symbols look a bit more confusing than numbers don't always mean that they are the most secure. However, if you are trying to be secure against a dictionary attack it might be better, but then so would any password that has more than lowercase letters. As for a brute force attack, most methods try symbols last just because they are less likely to be in the password, but then it depends on the brute force method you are doing and what you have set. For example if somebody knew that the password was all symbols it would greatly increase the ease of getting your password using brute force. Think of it this way. If A is the number of possible different characters your password could be made up of, and B is how long your password is the worst case senario for a brute force attack would be AB. If you change your password from letters to symbols you are only adding about 15 to A, however, every new character you add to your password would add 1 to B. Therefore if you start adding new characters to your password it will start taking longer and longer for a computer to generate that password.
Also, take a look what rvalkass said here:
QUOTE (rvalkass)
A 20 character all-lowercase password is 1,000 times better (literally!) than a 12 character password using punctuation, uppercase, lowercase, etc.Link: view Post: 405651
Well... Actually I don't remember passwords. I have opera wand to remember it for me. Every time I open the forum, the wand automatically inserts it for me. It's more efficient than using a password storing software.
Ok, since here we are discussing about ways to create passwords which are easy enough to be remebered by humans but complex enough for so called cracking algorithms, I have a suggestion.
Yet another way of forming passwords:
We know that we have to insert good combination of numbers and letters to make a password complex. But how? Answer --> Instead of choosing correct english spellings, one could use something like:
1) EchTooEssOhhFoure for H2SO4 (either spaced or joined, giving a bad time for dictionary attacks)
2) 6T9 (for 69)
3) La8 (for Late)
after forming the individual words, just combine them either spaced or joined. You can find out more yourself. Just needs a bit of creative thinking, a step aside from english, that's it.
If your mother tongue is other than english or you know other language then just use it. Isn't that good? These modified words in your passwords would be second nature to you after you use it for a few times.
On the end note, I just want to say, think practical, the master cracker (not the ordinary one) sitting at the nook won't trouble your account unless, what you own is google's root admin account, paypal's super admin account or the like
.
Ok, since here we are discussing about ways to create passwords which are easy enough to be remebered by humans but complex enough for so called cracking algorithms, I have a suggestion.
Yet another way of forming passwords:
We know that we have to insert good combination of numbers and letters to make a password complex. But how? Answer --> Instead of choosing correct english spellings, one could use something like:
1) EchTooEssOhhFoure for H2SO4 (either spaced or joined, giving a bad time for dictionary attacks)
2) 6T9 (for 69)
3) La8 (for Late)
after forming the individual words, just combine them either spaced or joined. You can find out more yourself. Just needs a bit of creative thinking, a step aside from english, that's it.
If your mother tongue is other than english or you know other language then just use it. Isn't that good? These modified words in your passwords would be second nature to you after you use it for a few times.
On the end note, I just want to say, think practical, the master cracker (not the ordinary one) sitting at the nook won't trouble your account unless, what you own is google's root admin account, paypal's super admin account or the like
.
Hmm interesting, i will try using this my password is really easy i guess but a warning to all not to use personal details easily accesed and don't use your credit card number for your password! The admin of site could easily get at your credit card then and you will be screwed . Good Luck
- Daft Punk
- Daft Punk
QUOTE (travstatesmen)
The Trap17 forums have a whole subforum devoted to those amongst use who have failed to remember their passwords, and have locked themselves out of their free web hosting account. If you forget your password, you can go to Free Web Hosting, No Ads > FREE WEB HOSTING > FREE WEB HOSTING REQUESTS > Free Web Hosting : Password Reset and ask the friendly admins there to reset your password for you.
Remember the days when your password on the Internet could be something like andrew18? And you could use that same password on all three websites that you visited regularly? Well those days are long gone, and we need to not only create and remember much more complex passwords, but for security reasons we are advised to use different complex passwords for each site we visit, and also we are expected to change those complex passwords regularly. So, here is an example that you can do for yourself. Try memorizing this....
- Trap17 forums password: c?.3\FeO/q),%:!Sg%Uv
- cPanel Login: 3J'hP6#eg&!(%>QS8AwJ
- FTP access password: C%l3`V:?h*F!1myt^!kl
- Login for your Blog: P3lq!5mLtGio;8i*F3%K
- Login for your MySpace or other network profile: WNvd;IiB2jORSY'%?6FF
One suggestion that I have seen on the internet is to develop an interleaved password system, which uses two less complex passwords weaved into each other to create a much more complex password. For example, here are two relatively low-security passwords...
- rubyonrails (11 characters, 48 bits)
- ANDREW18 (8 characters, 42 bits)
- rAuNbDyRoEnWr1a8ils which makes a great password of 19 characters, and 108 bits.
- rAuNbDyRoEnWr1a8ils
Another good idea is to use a password manager. There are plenty of good password managers out there these days, such as the examples above. Many of these packages have the facility to not only store and retrieve your passwords, but also to generate complex random passwords for you on the fly, and even to autofil online forms with your username and password details from their database! Now you will never need to remember another password again! Well, not quite. They will most likely have a single sign-on password that you will need to remember. Your passwords should be stored in such password management programs in an encrypted form, and will need to be decrypted with a key, which you will need to remember!
One of the failings with all of the systems above is that they need to be installed on your local computer. They are not really all that portable. You may need to start thinking about ways to synchronize the password management database, such as emailing the database file between your work computer and your home computer, or making use of a USB thumb drive. But what happens in a situation, such as I have at work, where you are forbidden from attaching anything to your work computer, and plugging in a USB thumb drive could mean that you violate your company's IT policy, and you could get fired! And, whats more, installing a password manager package, even a freeware one, is impossible due to the software distribution policies enforced on the company network. Even if you could access the data on the USB thumb drive you couldn't decrypt it without the password manager application being installed also.
So, here is how I overcome this situation. I use a program called KeePass Password Safe, which not only does not need to be installed, and can run directly from a USB thumb drive, but also they have a PocketPC version which can read the same database as the desktop PC version! What I do is I keep my password database on the miniSD memory card of my smartphone, and either access it though a card-reader on my desktop PC or laptop, or I access the passwords directly on the touch-screen of my smartphone. This means that in situations where you cannot get access to your passwords in any other way on the desktop PC, at least you can still view them and type them in manually from the smartphone. Total portability! The only thing that I can think of that would be better than this is an enterprise grade password management token, such as MandyLion, starting at $US269 for a 5 User Workgroup. One of the best things about KeePass Password Safe is that it is free!
So, there you have it, my solution to the problem of how to remember all those complex passwords. In short, don't! You only need to remember one complex password, which you could create using the interleaved password system outlined above. This password then gives you access to the rest of your passwords, that are stored in a password manager, which can create complex passwords for you, can remember and retrieve them for you, and can create new ones regularly, (even backing up the old ones when it does). This meets most of the expectations of a secure password system. And doing this will take the workload off the Trap17 administrators, so that they don't have to keep on resetting your password for you because you forgot it again!
So, download KeePass Password Safe today. Go on, what are you waiting for?
Link: view Post: 405539
i'v always used passwd like Liverpool+gerald
For my password, I actually practice a meaningless password that consists of random keyboard strikes. As long as you practice it enough, it will be in your muscle memory, and you can "play" your password each time. Works like a charm!
Wow! Thanks, man! I was thinking of a way, and, well this seems great! You don't know how much you helped me. Again thanks, oh and also, very nicely organized and laid out. I look forward to more.
|
|
|
|
|
|
| Reply / Comment | New Discussion / Topic | Share / Bookmark | E-Mail a Friend |
Similar Topics:
Mass Password Brute
Are you a member of Rockyou.com? You probably know about this (and have most likely deleted your account and sided it with a complaint letter to the company), but 33 MILLION passwords were stolen from the database, and are now floating around in cyberspace. Some people have gotten so ticked, they’ve ...more
View Saved Passwords
With Firefox, your saved logins and passwords for quick access to protected services like messaging, forums, etc.. can be accessed and seen if you do not remember a password and you want to find it.
Let's see how it works :
1.In order to access the list of saved passwords, click the ...more
Google 39 s Password System Hit By...
 How To Download Any Flv Files From Any Sites (7)
|
(0) Clearing Your Ie Tif Clear your Temporary Internet Files on IE 
|
How to Choose Strong Passwords
Password Security - Learn how to Create Strong Passwords
Create strong passwords
How to create a strong password
Remembering & Creating Strong Password Made Easy
