>Take all the printable/allowable characters and create a random
>string with them. The longer the string the better your password.
That's the logic for a secure password. A good password is sufficiently secure while still being memorable. Logic for a good password would be a phrase that meets the requirements for a strong password but is easy to remember:
"My favorite number is 23728. How about that?"
Upper and lower case letters, numbers, and punctuation combined into 44 characters is definitely considered a strong password.
I often take my birthyear and center it with my favorite food. Something like "19kumquat84"
Thanks I was wondering how to hack you...
Seriously, I take a phrase that expresses a personal feeling about the thing I', signing up for, then I do something strange with it. Like pop the vowels and convert the whitespace to dots, or change all t to 7 or something totally retarded but retainable at the same time...
That said, the easy-to-remember is important and not a word is important. Another example I've seen is taking something like "4 score and 7 years" and turning it into 4s&7y, or using mixing in some 1337, so that awesomepassword becomes 4w3$0m3|>a5$w0rd.
There's also ongoing research into alternates to text-based passwords, such as using a sequence of images (e.g. given 9, select the correct one, and have a sequence of, say 4), or using inkblots to help users remember strong passwords.
"Admin" is a common one along with "Password" and i have seen "noob" as a password :D
To make a good password, make it out of things that only you would know, and make it out of at least the main letters, numbers and some punctuation. But the best passwords are scattered with random characters.
My biggest problem is that I have 12 accounts with different passwords. I keep forgetting which one goes with which account.
I think it would be better to have multiple short passwords, instead of a longer password. Of course, the software must not give clues by rejecting as soon as one password is bad. It should wait until the last one is entered.
First choice: absolutely random and lots of digits. Something that even you can't figure out or remember.
Second choice: the best combination of "tricks" you can acquire/create/steal that works; accessable to you, but not accessable nor guessable to anyone or anything else.
Something you have.
Something you know.
Something you are.
"Are" requires biometrics of some form. If you can, USE IT.
"Know" is far more predictable than you think (d.o.b., anniversary, mother's maiden, etc.)
My advice, incorporate something you have. I juggle many systems/licenses, so I include the middle 5 digits of my XP reg. key as PART of my admin password for a box. You might use; the first 4 digits of an ATM/Credit card you ALWAYS carry, or the SN on a pocket knife/USB drive/lock key, that you ALWAYS carry.
AND NO POST-ITs on your MONITOR!!! Though a post-it with the the middle 5 digits of my XP reg. key (a minor PART of my password), is relatively safe.
Use your imagination. The people trying to steal it are.
There are a couple tricks to use that could help:
color+noun+special char (replace one of the letters with a # like 6 for 'o' or 1 for 'i') and have a representation around your desk somewhere - you know all those ty collectables hanging off of geek computers were often password clues. I look over at my cork board now and I see:
a pink ribbon pin, silver skulls, a pic of me standing in the 'drive thru tree' when I visited the 'drive through the tree state park' <or whatever it's real name is> in California, a white snowflake and loads of old picture badges -- heck, there is my old passport from when I went to Australia and Fiji. If you have a cluttered life like me, you could have your password right out in the open and no one would see it.
When I was a system manager of VAX Cluster with forced p/w changes monthly, we kept a collection of those books of definitions that are not actual word but should be (I forget what they were called). There were 5 volumes in our library so when the password was changed, a message was sent to the team with a string like "4 15 2" which would translate as 4th volume 15th page, 2nd definition. That was back in the good old days when the 128 digit prime # would require 500,000 days to break (also the VAX/VMS system would stop accepting login attempts after 3 but not tell you that it stopped so you could hack all day and never get in)
Oh Gawd! does anyone out there even remember VAXes? How about Amigas?
Sigh! What a pain it is getting old ( but much better than the alternative)
Simply put leet-speek :) I generally use something I can remember and bastardise and leet it up... Upper and lower characters, numbers, symbols, punctuation. I generally have a minimum of 10 characters too.
Is there anyone here who still does not have DOZENS of PIN's, Passwords, Public/Private/Access/Encryption/etc. Keys?
I use every trick, tip, method, device and practice I hear of; including some that are not "best practice". But good enough depends on what is at risk.
For local encryption (my systems are physically, quite secure) I've been creating a meaningless file with a 50-75 character file name. If the file contains anything, it is a personal clue regarding what it goes to. With simple cut and paste I have absurd complexity AND it's keylogger proof.
The most interesting password I've come across was "secret". Especially translated into obscure languages it makes for interesting conversation.
Q: what's the password?
A: it's secret.
Q: I know, but I need it.
A: So why are you asking?
I use various codes html/php/c i found html code is best for yahoo because mots of the yahoo hacking tools sends passwords through IM so when you password will be sent to So called hackers your coded part will b hidden only text part will show !!
I Have a trick to beat any Brutforce attack(software)
why dont we start a thread .. POST YOUR ONE PASSWORD HERE