Once you are on the internet, you have to come up with passwords. After a while it will be difficult to remember those passwords. You could write them down somewhere, but the wrong person could find them. Why not have Python help you to come up with a logical password whose logic of creation might help you to recall it.

''' password_create101.py
a simple program to create a password you can remember

# use something you can remember
# like your first and last name and year of birth
first = "David"
last = "Herzig"
year = 1993

# first 3 letters of first name, last name and last 3 numbers of year
password = first[:3] + last[:3] + str(year)[-3:]
print(password)  # DavHer993

# or reverse order of the name
password = last[:3] + first[:3] + str(year)[-3:]
print(password)  # HerDav993

# throw in your special character and shorten the year
c = "*"
password = first[:3] + last[:3] + str(year)[-2:] + c
print(password)  # DavHer93*

# change position of c for different password
password = first[:3] + last[:3] + c + str(year)[-2:]
print(password)  # DavHer*93

If you have other coding ideas, please post them in this thread.

Using personal data is never secure - note that the use of a pet name + number broke the encryption of the laptop for a major Lulzsec hacker. I use obscure data related to stuff only I could possibly know. Your idea about a python script to help you generate keys may not be a bad one, but NEVER use anything that can be related back to you! Those are easy for professionals to break. Myself, for my more secure passwords, I use as a base words in a long-dead language that only I would relate to, combined with numbers and non-alphanumeric characters. I can easily remember them, but the chances of them being hacked is seriously unlikely.

you are right, in reality I would use my best childhood friend's name and birth year. The point is that it needs to be something you can remember.

There are couple of nice vids out there saying that long passwords are more secure than something you could remember such as "monkey". Well that is the case simply because it is expected that a long string is less likely to be part of a "dictionary" and it is infeasible to brute force it either. Of course unless chosen randomly and as @rubben said, something that cannot be related to you is definitely the best scenario. I myself, would mainly use words in different language and place special characters on random posititons as well and reach at least 15 characters for my passwords. 15 is not bad I would say mainly because the brute force attack(exhaustive attack which attempts every single permutation of letters) is practically "impossible" to run for characters over length of 10. Hackers would use dictonary attacks instead however the successrate is very unlikely. Something that we could do to reduce the effectiveness of a brute for attack is implementing the so called "slowing" functions, which are made on purpose using XOR or something similiar to compare an existing Hash and a newly generated one when connecting to a web service, for example. This will significantly reduce the chance of having passwords on your service being compromised. Actually, a reason why you should think of methods like this one is because users tend to use the same password over different platforms, usually the case is they'd use it for viral information such as banking web pages as well. In this case, web servers owners' are becoming responsible not only for accounts not to get compromised on their own server but likely on different ones as well.

@slavi Using a password manager, you can easily have unique random uncrackable passwords with more than 20 characters. The only password you need to remember is the password manager's password. I don't know any of my passwords but one or two, and I have many accounts, each with an impossible password. I can also very easily change them when the news say that 1.2 billion passwords have been stolen.

Correctly typing in a 20 character jumbled password every time you turn on your computer, or want to access an account would be a royal pain. Most accounts kick you out after three tries, an essential security feature.

It works in 2 clicks, with a temporary copy and paste.

@Grib, yep, if you trust your OS its a good solution, high protection etc
I usually store my passwords on an external device which is encrypted, and the file containing the passwords encrypted as well :D But anyway, this topic was a suggestion by @Vega and an example of python code, so let's keep it that way :)

I think I will write a password manager in Python, seems like a good idea. Copy and paste avoids the keyboard use that can be malware monitored. There is also a way to enter a password without the use of the keyboard using GUI dropdown comboboxes. Keep talking friends!

My bank has an interesting approach. You give them an 8 to 15 letter word of your choice as a keyword. When you log in they pick 3 letters out of your keyword at random and ask you at what index each of these letters are. You answer via 3 spinwheels with index numbers from 1 to 15. No keyboard entry is used.

At my bank they use a small keyboard on the screen, with keys in a random position.

I use one password for all my internet accounts , it is a sentence consisting of 6 words ( english + persian ) which reminds me of my college girlfriend .

I use one password for all my internet accounts , it is a sentence consisting of 6 words ( english + persian ) which reminds me of my college girlfriend .

Reusing a password is unsafe. Suppose you have an account in an online store with a primitive and unsafe website, your password can easily be stolen together with your email address or other personal data, then tried in more critical sites.

It happens. In my town, a pizza place had all its user data stolen. Fortunately I had a different password for my wuala account.

thanks gribouillis , good point , I never thought about it , I was basically concerned how hard the password should be . I will make different passwords for different accounts . thanks again

Advice from Microsoft:
Strong passwords are phrases (or sentences) at least eight characters long, longer is better, that include at least three of the following:
uppercase and lowercase letters, numerals, punctuation marks, and symbols.

Give passwords the thought they deserve, and make them memorable. One way is to base them on the title of a favorite song or book, or a familiar slogan or other phrase.

It looks like a culinary advice from Mac Donalds :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.