Jump to content



Welcome to KnowledgeSutra - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!
Photo
- - - - -

How To Set A Secure Password ?


20 replies to this topic

#1 Gammmae105

Gammmae105

    Newbie [Level 1]

  • Kontributors
  • Pip
  • 21 posts
  • Gender:Male
  • myCENT:45.99

Posted 17 April 2010 - 06:32 PM

I've never actually thought of remembering a PW that way.. Really smart. If you wanna hear my way, it's simple and similar to your method. What I do is I think of something I encounter daily(like an awards certificate for example) and I take the date of the certificate(say for example December 19, 1988), then I take the first line of the certification(Ex. "This is an excellence award") and I make a password out of it. The password would be (D191988Tiaea). I don't think anyone will be able to figure that out even if they had the certificate(unless they read this post. lol)
  • 0

#2 nirmaldaniel

nirmaldaniel

    Privileged Member

  • Kontributors
  • PipPipPipPipPipPipPipPipPip
  • 524 posts
  • Gender:Male
  • Location:India
  • Interests:Surfing the Internet !
  • myCENT:52.58

Posted 17 April 2010 - 06:35 PM

Passwords, it is a thing which every one ought remember, but still they cant afford to use a simple word for the same.
For example if some one keeps his/her password as "international", they can remember the password very well, on the other hand
there is a threat. Dictionary attack can be possible and the attacker might even guess simple passwords. In particular
if you have the password as "Jasmine" and if it is the favourite flower of the person, some one who is a friend or who is
closely assosiated can easily guess the password. So Keeping a simple password, i mean a simple word as a password has
the advantage of remembering it easily but on the other hand it can be guessed or hacked using some dictionary attacks.

So now how to keep a secure password. Let me suggesst a simple and a well acknoledged way in many security forums. I am
sure that every one have some songs in mind. I mean everyone will be remembering the lyrics of some song. Just take the starting letter of the words in the song and keep it as your password. For example" if the song goes like ,"God is good all the
time, He put His song of praise in this heart of mine" , then the password can be "Gigatt,HpHsopithom" , i am very sure
the password is strong enough and no one can guess it and its secure !! So this is one suggestion by which you can set
your password.
  • 0

#3 rvalkass

rvalkass

    apt-get moo

  • [MODERATOR]
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,107 posts
  • Gender:Male
  • Location:Devon, England
  • Interests:At the moment, Physics mainly!
  • myCENT:-38.03
  • Spam Patrol

Posted 17 April 2010 - 08:14 PM

A better password would actually be a passphrase. What makes a password take longer to crack is length, not an array of weird characters (although that helps). Obviously, as passwords get longer they become harder to remember if they are something like Tr4pSevenTeen!Wo0h!, but a lyric from a song is easy to remember and quick to type (as you are typing normal words, rather than searching around for weird symbols). For example take the lyric Living in an Amish paradise. Assuming the password is made up of only letters and spaces, that's still (26+26+1)^27 = 3.6x1046 possibilities for that length of pass word. An 8 character password incorporating a selection from 100 different symbols only has 1x1016 possibilities, and is much harder to remember ;)
  • 0

#4 Gammmae105

Gammmae105

    Newbie [Level 1]

  • Kontributors
  • Pip
  • 21 posts
  • Gender:Male
  • myCENT:45.99

Posted 17 April 2010 - 10:23 PM

rvalk, your method makes so much sense to me. It's foolproof too, because it's so easy to remember, and takes someone who knows nothing about you a very very long time to figure out(not that they'd go that far), but yea. I'll start adopting your idea and using the secure password. Thanks for that suggestion ;).
  • 0

#5 web_designer

web_designer

    "french rose sparkle under moonlight"...do you believe in the magic of moonlight??!!...

  • Kontributors
  • PipPipPipPipPipPipPipPipPipPipPip
  • 1,390 posts
  • Gender:Female
  • Location:US, CA
  • Interests:internet and the web
    reading books
    sport
    watching tv series
    drawings and art
  • myCENT:70.51
  • Spam Patrol

Posted 17 April 2010 - 11:08 PM

good idea nirmaldaniel, this way no one can guess what your password is, but first you should remember this song always in your mind ;)

another good way, i think using a combination from your nickname plus your favorite numbers plus your favorite signs like * for example, using capital and small letters and should be more than six digits.
  • 0

#6 anwiii

anwiii

    I wont bite...unless you WANT me too

  • Kontributors
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 2,704 posts
  • Gender:Male
  • Location:Chilhowee, MO
  • Interests:watching grass grow....
  • myCENT:62.06
  • Spam Patrol

Posted 18 April 2010 - 12:26 AM

well you don't really need to remember passwords if you save them on your pc or laptop. then you just have to worry about the people you know who has access to that computer but you can always protect your passwords with one main password. the combination of that with a password to log in to your computer should be enough security and if you are away on vacation and have someone house sit or something, you can always just hide the power cord.

i don't think passwords to accounts should have any meaning to them or a certain order to them. passwords should be random characters that include upper and lower case and symbols. i don't agree with the couple posters who say that it's only the length of the password that matters and i certainly don't like phrase passwords at all. the words can be found in any dictionary and those are the easiest to hack. longer is better, yes.....but that's not the only way to protect.
  • 0

#7 nirmaldaniel

nirmaldaniel

    Privileged Member

  • Kontributors
  • PipPipPipPipPipPipPipPipPip
  • 524 posts
  • Gender:Male
  • Location:India
  • Interests:Surfing the Internet !
  • myCENT:52.58

Posted 18 April 2010 - 01:15 AM

@ rvalkass , ya .. yours too is a cool idea. PassPhrase, mmm . But i guess the example which you have quoted should be kn0l3dg3 5utr4!Wo0h!, and not Tr4pSevenTeen!Wo0h! ;)

And people be careful, dont even tell your old password to others , because Gmail provides an option to recover passwords by using various informations, in that one such information is "Please enter the last password which you remember" . So dont ever think that you have changed your password to a new one, so that you can give your old password to your friends.
  • 0

#8 rvalkass

rvalkass

    apt-get moo

  • [MODERATOR]
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,107 posts
  • Gender:Male
  • Location:Devon, England
  • Interests:At the moment, Physics mainly!
  • myCENT:-38.03
  • Spam Patrol

Posted 18 April 2010 - 08:43 AM

i don't think passwords to accounts should have any meaning to them or a certain order to them. passwords should be random characters that include upper and lower case and symbols. i don't agree with the couple posters who say that it's only the length of the password that matters and i certainly don't like phrase passwords at all. the words can be found in any dictionary and those are the easiest to hack. longer is better, yes.....but that's not the only way to protect.


It seems other people have had the same idea of using pass phrases:

http://www.codinghor...ss-phrases.html
http://www.codinghor...evangelism.html
http://kb.iu.edu/data/acpu.html

The dictionary attacks generally just check for passwords that are one word long (such as "password" or "football") or words with a number tagged on the end ("password42", "football7"). Multiple words aren't often searched for. Multiple words with capitalisation aren't often searched for. Or with punctuation added. Even if you assume the passphrase is being cracked by trying all possible words, separated by spaces, the number of combinations is still huge. There are 616,500 wordforms in the OED, so an 8 word passphrase has 616500^8 = 2x1046 possibilities. An 8 symbol password, using 72 symbols, has 72^8 = 7.2x10^14 combinations, and is much harder to remember.

Current hardware can try approximately 250,000,000 passwords per second. So, to be certain of cracking the 8 character random symbol password it would take 40,000,000 seconds, or around 33.5 days. The pass phase, of 8 words long, and trying to crack it with all permutations of words (not individual letters) would still take 9.66x1032 days, or 2.64x1030 years, which is roughly 2x1020 times the age of the universe to date.
  • 0

#9 nirvaman

nirvaman

    Super Member

  • Kontributors
  • PipPipPipPipPipPipPipPipPip
  • 210 posts
  • Gender:Male
  • Location:Localhost
  • myCENT:12.94

Posted 18 April 2010 - 09:25 AM

if you are away on vacation and have someone house sit or something, you can always just hide the power cord.

Yeah , i have remembered a story about a man who threw his mobile phone in his neighbor's house when the bills came ;) :P

well you don't really need to remember passwords if you save them on your pc or laptop

I think that saving your passwords on your hard drive is a very bad idea . Well people are curious , and whatever will be your security measures , people * your mom , dad , bro ,sis ,GF , ....* can have access to your PC/Laptop and discover your passwords!

I think that every one can remember a tough password when they want too , so instead of saving your password on your hard drive , just take an hour to remember it !

A better password would actually be a passphrase.

I don't think soo , i think that weird symbols (!:^^$^"-(=)'&) , are much more secure then a passphrase !
and i also think that a person who can't remember a combination of symbols , won't be able to remember your passphrase.
  • 0

#10 anwiii

anwiii

    I wont bite...unless you WANT me too

  • Kontributors
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 2,704 posts
  • Gender:Male
  • Location:Chilhowee, MO
  • Interests:watching grass grow....
  • myCENT:62.06
  • Spam Patrol

Posted 18 April 2010 - 09:27 AM

it's a nice theory to use passwords that way, but you are only going on the assumption that hackers are using programs to hack. if someone was worried about a program attack to hack a password, then this would be a good way to protect ones self. unfortunately, in the real world, hackers can be people you know. now these aren't your typical hackers, but these are people that can get your passwords easily none the less and it happens more frequent than people realize or are willing to admit because they thought they can trust the ones they know.

i'm not saying it would be easy to hack a password like that even if it's someone you know, but there really are better methods that use randomness to the equation. i don't suggest people to be lazy. all you are really suggesting is upgrading a pasword to include more words that your pets name or your girlfriends name. also, with the method of a passphrase gotten from the lyrics from a song can easily be figured out if someone you know knows your m.o. because obviously most likely it will be important lyrics to that person most likely.

nirv- yes, just storing passwords on your computer is not safe. that is why you shoudl also have a password to log in, and a password to protect the passwords already saved on your computer. those you know are usually not smart enough to get them that way. and if you are ever gone for a day or more, it's important to hide your power cord so people can't even use the computer at all.

now granted. on the internet, most people aren't going to get hacked. hackers don't randomly select people to hack. you are usually either targeted for some reason, or they use phishing sites to collect your passwords if someone is naive enough to log in from a website that looks the same as a website you are familiar with. also, there are programs that can collect information so you have to be carefull in what you save on your computer and don't download anything that you are unsure of. it's the same concept that you don't open emails from people you don't know. just don't do it!

so aside from the phishing sites, most hackers already have you targeted as someone they want to hack and most likely it's either someone you know, or someone you know who has a friend who is a hacker.

this thread doesn't really mean much to the experienced computer users because most experienced users already know how to protect themselves and yes, a passphase of 5-8 words is possibly good enough not to get hacked EVER. but i am not talking "possibly". i am talking about PROBABLY and speaking out for those who are not as experienced.

if there are websites out there to guide people in choosing pass phrases, that is a red flag to me. and i wouldn't use those techniques. if you ARE going to impliment a pass phrase, use the one letter from each word technique with the capitol letters and the comma symbols but i don't recomend that either as there is no randomness to it. get used to not being lazy in choosing your passwords. the internet and computers are ever changing and growing and you don't just want to protect yourself from the current technology and techniques hackers use, but future technology and techniques.

lyrics to a song? first thing i would do is to see if they have a myspace or similar account that has songs posted. then save all the lyrics of all the songs and then create a program that can check every possible combination of what was already posted in song format on their website. it's not that hard and people posting public suggestions in choosing pass phrases like that is making it easier for hackers because people will actually do this! that's just one technique i would use if i was a hacker and there are many more....

anyway, i suggest again. use RANDOM letters and symbols. it's the absolute BEST way to protect yourselves! and don't use the same password for multiple accounts!
  • 0

#11 martvefun

martvefun

    Member [Level 1]

  • Kontributors
  • PipPipPipPip
  • 59 posts

Posted 18 April 2010 - 10:56 AM

I saw a nice trick on lifehacker :
shift your fingers one key to the right
with my azerty keyboard, "pretty good password" becomes "^tryyu hppf ^zssxptf"
the main disadvantage of this method is if you are travelling and have a different keyboard...
  • 0

#12 rvalkass

rvalkass

    apt-get moo

  • [MODERATOR]
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,107 posts
  • Gender:Male
  • Location:Devon, England
  • Interests:At the moment, Physics mainly!
  • myCENT:-38.03
  • Spam Patrol

Posted 18 April 2010 - 12:41 PM

I don't think soo , i think that weird symbols (!:^^$^"-(=)'&) , are much more secure then a passphrase !


and i also think that a person who can't remember a combination of symbols , won't be able to remember your passphrase.


Which of these do you honestly find easier to remember? ;)

Password: S7u|>1d!
Passphrase: I can never remember those stupid, complex passwords!

it's a nice theory to use passwords that way, but you are only going on the assumption that hackers are using programs to hack. if someone was worried about a program attack to hack a password, then this would be a good way to protect ones self. unfortunately, in the real world, hackers can be people you know. now these aren't your typical hackers, but these are people that can get your passwords easily none the less and it happens more frequent than people realize or are willing to admit because they thought they can trust the ones they know.


In the situation where the person trying to hack your password has physical access to either you or the machine storing the data then the battle has already been lost. There are plenty of ways to get at the data by either resetting the password or getting the original password out of you. Either way, a password is no more or less secure than a passphrase - they're both useless.

i'm not saying it would be easy to hack a password like that even if it's someone you know, but there really are better methods that use randomness to the equation. i don't suggest people to be lazy. all you are really suggesting is upgrading a pasword to include more words that your pets name or your girlfriends name. also, with the method of a passphrase gotten from the lyrics from a song can easily be figured out if someone you know knows your m.o. because obviously most likely it will be important lyrics to that person most likely.


How are the words not random? Generally there are around 72 characters you can type on the keyboard that you can use in a password. There are over 600,000 words you can use in a passphrase, each one a jumble of letters. So, if an attacker knows you use a passphrase, there are over 600,000 words they can put in each position. If they know you use a password, there are only 72 characters they can put in each position, making the job far far easier. Using lyrics from a song isn't the only method for getting a passphrase, which severely limits the usefulness of knowledge people have about you.

it's important to hide your power cord so people can't even use the computer at all.


Because kettle leads are so hard to get hold of :P Or a universal laptop power supply. Or a screwdriver and just remove the hard drive. I can't see what use hiding the power cord is if I'm honest.

if there are websites out there to guide people in choosing pass phrases, that is a red flag to me. and i wouldn't use those techniques. if you ARE going to impliment a pass phrase, use the one letter from each word technique with the capitol letters and the comma symbols but i don't recomend that either as there is no randomness to it. get used to not being lazy in choosing your passwords. the internet and computers are ever changing and growing and you don't just want to protect yourself from the current technology and techniques hackers use, but future technology and techniques.


Reducing the string to only the first letters with punctuation makes the password much much much easier to hack. I can't stree enough how bad an idea that is - to go from a highly secure passphrase to an effectively useless password. The most advanced technique I can see in the future is to use Markov chains to predict words commonly seen together. However, on small sections of text such as passphrases, I doubt they would be that effective.

lyrics to a song? first thing i would do is to see if they have a myspace or similar account that has songs posted. then save all the lyrics of all the songs and then create a program that can check every possible combination of what was already posted in song format on their website. it's not that hard and people posting public suggestions in choosing pass phrases like that is making it easier for hackers because people will actually do this! that's just one technique i would use if i was a hacker and there are many more....


Possible options for passphrases are not limited to song lyrics. Anything will do. Some workable examples:
  • I hate this vile green login box...
  • One day I'll own that Ferarri!
  • I never could get the hang of Thursdays
  • In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move.

That last one is easy to remember (if you're a fan of the Hitchhiker's Guide) yet is virtually impossible to crack with current technology. The others are fine too, and even include symbols for those people/password-strength-checkers who still think they have a noticeable effect on security.

anyway, i suggest again. use RANDOM letters and symbols. it's the absolute BEST way to protect yourselves! and don't use the same password for multiple accounts!


Never using the same password for multiple accounts is a given, and excellent advice. Encouraging the use of short passwords comprising random symbols is just foolishness and leads to reduced security.
  • 0

#13 truefusion

truefusion

    Coincidence is non-sequitur, therefore everything has a reason for its existence (except if they are eternal).

  • [MODERATOR]
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 3,216 posts
  • Gender:Male
  • Location:No, not there. Not there either. Yes, you'll never figure it out.
  • Interests:God, Christianity.
  • myCENT:86.16

Posted 18 April 2010 - 08:11 PM

The security of a password may depend more on the encryption used to encode the password than the password itself. For example, some are claiming that MD5 hashes have become less secure (do to rainbow tables).

Concerning "passphrases," i only use them when i am testing out my scripts, never for serious use. However, for those questionnaire systems that have you answer three or more questions of your choice, i may use a "passphrase" there (basically that is what they are asking from you anyway).
  • 0

#14 BCD

BCD

    Premium Member

  • Kontributors
  • PipPipPipPipPipPipPipPip
  • 168 posts
  • Gender:Male
  • myCENT:27.66

Posted 20 April 2010 - 04:21 AM

To make passwords almost uncrackable we can also use characters which fall above the ascii code 255. There are all sorts of characters and symbols like ┘┼║ and so on. There are around more than thousand symbols like these. To type these characters press hold the "Alt" key on the keyboard and type the number, say "Alt 486" for the character ''. This increase in the range of base value for crackers to use in their cracking programs, which makes it almost impossible with todays computing power.
  • 0

#15 Rigaudon

Rigaudon

    Advanced Member

  • Kontributors
  • PipPipPipPipPipPipPip
  • 101 posts
  • Gender:Male
  • Location:<?php echo __FILE__; ?> in other words, right behind you.
  • myCENT:50.57

Posted 20 April 2010 - 04:41 AM

To make passwords almost uncrackable we can also use characters which fall above the ascii code 255. There are all sorts of characters and symbols like ┘┼║ and so on. There are around more than thousand symbols like these. To type these characters press hold the "Alt" key on the keyboard and type the number, say "Alt 486" for the character ''. This increase in the range of base value for crackers to use in their cracking programs, which makes it almost impossible with todays computing power.


If a password field accepts ascii, then the chances for someone getting your password is slim to none- not to mention that if someone did know your password, if they weren't familiar with ascii, they wouldn't be able to type it at all.

With ascii, a standard 8-character password has (256^8) permutations, which is about 1.84467441 10^19, versus a standard 8-character password with letters and numbers (34^8), which is only 1.785793904896 x 10^12.

Seven zeros in places. To put this in perspective, if everyone in america, including children, came up with 5816 unique passwords, then the total amount would be how much MORE ascii would be than normal passwords.

It would take every ONE PERSON in the WORLD to contribute 2.7565243 10^9, or 27.5 billion, individual unique passwords to get all of the possible permutations.

AND! That's only for 8 characters. Do you think you could come up with 27.5 billion unique passwords?
  • 0



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users