20 replies to this topic

[Gammmae105]

I've never actually thought of remembering a PW that way.. Really smart. If you wanna hear my way, it's simple and similar to your method. What I do is I think of something I encounter daily(like an awards certificate for example) and I take the date of the certificate(say for example December 19, 1988), then I take the first line of the certification(Ex. "This is an excellence award") and I make a password out of it. The password would be (D191988Tiaea). I don't think anyone will be able to figure that out even if they had the certificate(unless they read this post. lol)

[nirmaldaniel]

Passwords, it is a thing which every one ought remember, but still they cant afford to use a simple word for the same.
For example if some one keeps his/her password as "international", they can remember the password very well, on the other hand
there is a threat. Dictionary attack can be possible and the attacker might even guess simple passwords. In particular
if you have the password as "Jasmine" and if it is the favourite flower of the person, some one who is a friend or who is
closely assosiated can easily guess the password. So Keeping a simple password, i mean a simple word as a password has
the advantage of remembering it easily but on the other hand it can be guessed or hacked using some dictionary attacks.

So now how to keep a secure password. Let me suggesst a simple and a well acknoledged way in many security forums. I am
sure that every one have some songs in mind. I mean everyone will be remembering the lyrics of some song. Just take the starting letter of the words in the song and keep it as your password. For example" if the song goes like ,"God is good all the
time, He put His song of praise in this heart of mine" , then the password can be "Gigatt,HpHsopithom" , i am very sure
the password is strong enough and no one can guess it and its secure !! So this is one suggestion by which you can set
your password.

[rvalkass]

A better password would actually be a passphrase. What makes a password take longer to crack is length, not an array of weird characters (although that helps). Obviously, as passwords get longer they become harder to remember if they are something like Tr4pSevenTeen!Wo0h!£, but a lyric from a song is easy to remember and quick to type (as you are typing normal words, rather than searching around for weird symbols). For example take the lyric Living in an Amish paradise. Assuming the password is made up of only letters and spaces, that's still (26+26+1)^27 = 3.6x10⁴⁶ possibilities for that length of pass word. An 8 character password incorporating a selection from 100 different symbols only has 1x10¹⁶ possibilities, and is much harder to remember

[Gammmae105]

rvalk, your method makes so much sense to me. It's foolproof too, because it's so easy to remember, and takes someone who knows nothing about you a very very long time to figure out(not that they'd go that far), but yea. I'll start adopting your idea and using the secure password. Thanks for that suggestion .

[web_designer]

good idea nirmaldaniel, this way no one can guess what your password is, but first you should remember this song always in your mind

another good way, i think using a combination from your nickname plus your favorite numbers plus your favorite signs like * for example, using capital and small letters and should be more than six digits.

[anwiii]

well you don't really need to remember passwords if you save them on your pc or laptop. then you just have to worry about the people you know who has access to that computer but you can always protect your passwords with one main password. the combination of that with a password to log in to your computer should be enough security and if you are away on vacation and have someone house sit or something, you can always just hide the power cord.

i don't think passwords to accounts should have any meaning to them or a certain order to them. passwords should be random characters that include upper and lower case and symbols. i don't agree with the couple posters who say that it's only the length of the password that matters and i certainly don't like phrase passwords at all. the words can be found in any dictionary and those are the easiest to hack. longer is better, yes.....but that's not the only way to protect.

[nirmaldaniel]

@ rvalkass , ya .. yours too is a cool idea. PassPhrase, mmm . But i guess the example which you have quoted should be kn0l3dg3 5utr4!Wo0h!£, and not Tr4pSevenTeen!Wo0h!£

And people be careful, dont even tell your old password to others , because Gmail provides an option to recover passwords by using various informations, in that one such information is "Please enter the last password which you remember" . So dont ever think that you have changed your password to a new one, so that you can give your old password to your friends.

[rvalkass]

anwiii, on Apr 18 2010, 01:26 AM, said:

i don't think passwords to accounts should have any meaning to them or a certain order to them. passwords should be random characters that include upper and lower case and symbols. i don't agree with the couple posters who say that it's only the length of the password that matters and i certainly don't like phrase passwords at all. the words can be found in any dictionary and those are the easiest to hack. longer is better, yes.....but that's not the only way to protect.

It seems other people have had the same idea of using pass phrases:

http://www.codinghorror.com/blog/2005/07/p...ss-phrases.html
http://www.codinghorror.com/blog/2005/08/p...evangelism.html
http://kb.iu.edu/data/acpu.html

The dictionary attacks generally just check for passwords that are one word long (such as "password" or "football") or words with a number tagged on the end ("password42", "football7"). Multiple words aren't often searched for. Multiple words with capitalisation aren't often searched for. Or with punctuation added. Even if you assume the passphrase is being cracked by trying all possible words, separated by spaces, the number of combinations is still huge. There are 616,500 wordforms in the OED, so an 8 word passphrase has 616500^8 = 2x10⁴⁶ possibilities. An 8 symbol password, using 72 symbols, has 72^8 = 7.2x10^¹⁴ combinations, and is much harder to remember.

Current hardware can try approximately 250,000,000 passwords per second. So, to be certain of cracking the 8 character random symbol password it would take 40,000,000 seconds, or around 33.5 days. The pass phase, of 8 words long, and trying to crack it with all permutations of words (not individual letters) would still take 9.66x10³² days, or 2.64x10³⁰ years, which is roughly 2x10²⁰ times the age of the universe to date.

[nirvaman]

Quote

if you are away on vacation and have someone house sit or something, you can always just hide the power cord.

Yeah , i have remembered a story about a man who threw his mobile phone in his neighbor's house when the bills came

Quote

well you don't really need to remember passwords if you save them on your pc or laptop

I think that saving your passwords on your hard drive is a very bad idea . Well people are curious , and whatever will be your security measures , people * your mom , dad , bro ,sis ,GF , ....* can have access to your PC/Laptop and discover your passwords!

I think that every one can remember a tough password when they want too , so instead of saving your password on your hard drive , just take an hour to remember it !

Quote

A better password would actually be a passphrase.

I don't think soo , i think that weird symbols (!:^^$^"-(=)èç'àé&à) , are much more secure then a passphrase !
and i also think that a person who can't remember a combination of symbols , won't be able to remember your passphrase.

[anwiii]

it's a nice theory to use passwords that way, but you are only going on the assumption that hackers are using programs to hack. if someone was worried about a program attack to hack a password, then this would be a good way to protect ones self. unfortunately, in the real world, hackers can be people you know. now these aren't your typical hackers, but these are people that can get your passwords easily none the less and it happens more frequent than people realize or are willing to admit because they thought they can trust the ones they know.

i'm not saying it would be easy to hack a password like that even if it's someone you know, but there really are better methods that use randomness to the equation. i don't suggest people to be lazy. all you are really suggesting is upgrading a pasword to include more words that your pets name or your girlfriends name. also, with the method of a passphrase gotten from the lyrics from a song can easily be figured out if someone you know knows your m.o. because obviously most likely it will be important lyrics to that person most likely.

nirv- yes, just storing passwords on your computer is not safe. that is why you shoudl also have a password to log in, and a password to protect the passwords already saved on your computer. those you know are usually not smart enough to get them that way. and if you are ever gone for a day or more, it's important to hide your power cord so people can't even use the computer at all.

now granted. on the internet, most people aren't going to get hacked. hackers don't randomly select people to hack. you are usually either targeted for some reason, or they use phishing sites to collect your passwords if someone is naive enough to log in from a website that looks the same as a website you are familiar with. also, there are programs that can collect information so you have to be carefull in what you save on your computer and don't download anything that you are unsure of. it's the same concept that you don't open emails from people you don't know. just don't do it!

so aside from the phishing sites, most hackers already have you targeted as someone they want to hack and most likely it's either someone you know, or someone you know who has a friend who is a hacker.

this thread doesn't really mean much to the experienced computer users because most experienced users already know how to protect themselves and yes, a passphase of 5-8 words is possibly good enough not to get hacked EVER. but i am not talking "possibly". i am talking about PROBABLY and speaking out for those who are not as experienced.

if there are websites out there to guide people in choosing pass phrases, that is a red flag to me. and i wouldn't use those techniques. if you ARE going to impliment a pass phrase, use the one letter from each word technique with the capitol letters and the comma symbols but i don't recomend that either as there is no randomness to it. get used to not being lazy in choosing your passwords. the internet and computers are ever changing and growing and you don't just want to protect yourself from the current technology and techniques hackers use, but future technology and techniques.

lyrics to a song? first thing i would do is to see if they have a myspace or similar account that has songs posted. then save all the lyrics of all the songs and then create a program that can check every possible combination of what was already posted in song format on their website. it's not that hard and people posting public suggestions in choosing pass phrases like that is making it easier for hackers because people will actually do this! that's just one technique i would use if i was a hacker and there are many more....

anyway, i suggest again. use RANDOM letters and symbols. it's the absolute BEST way to protect yourselves! and don't use the same password for multiple accounts!