Question How to make a strong password ?

[Tom cruise432]

While in the past we believed a secure password was one that included random capitalization and letter substitution, times have changed! With today's processing power, it's trivial for hackers to quickly break password variations like these. so how to make my password strong. can anyone help me?

 

[Deleted member 14196]

Use GUIDS

Basically, it’s what Apple does. When you use the iPhone to create a password. It looks like a guid with separators in it. Use a good password manager too.

ALWAYS use TWO FACTOR AUTHENTICATION

 

[SkyNetRising]

The longer is your password, the harder it is to break it.
Problem is - you won't be able to remember it either.

https://delinea.com/resources/password-generator-it-tool

 

[Deleted member 14196]

The longer is your password, the harder it is to break it.
Problem is - you won't be able to remember it either.

https://delinea.com/resources/password-generator-it-tool

That’s why you use a password manager

 

[NerdyComputerGuy]

You can use this tool here to generate the password: https://www.lastpass.com/features/password-generator-a
Majority of Browsers now, Chrome, Firefox, Brave all have sync functionality so when you input the password into a website it will ask you if you want to save it, then you can sync it in the cloud with your account so your passwords are always there to use.

Additionally, after setting up some passwords you can download the .csv file for the passwords and keep it somewhere however it's not very private as anyone who has that can see all your passwords so a password manager could work but I have never had to use one, I just have all my passwords saved on my browser and have had no issues.

 

[PEnns]

Use a password manager. They have a password generator that can generate very powerful passwords based on a criteria you decide (Length, Capital words, symbols, special characters, etc). Almost all have a browser extension, and many also encrypt your stored passwords (very important!).

You just need to remember a SINGLE master password to unlock the password manager. Use a sentence made up of random words plus numbers, for example (see below)

Bitwarden is extremely powerful, fits all the criteria and is FREE!

Example of a good password, easy to remember: Na$ty.Mang0.0rbital.Grumpy.Mou$e78ooo{*}

I ran this through a website that tests password strength Test your password

Result: It would take a computer 62 novemdecillion years to crack this password

Let them hack that!!
PS: Of course, don't test your real password anywhere, like in the example!!

 

[Exploding PSU]

If I were you I'd start using a password manager right away. I wasn't a believer of password managers, until something very catastrophic happened that drained over $17K from my bank account in one night (kindly don't ask, it was on me and nothing I could do). Now I use a password manager, 2FA everywhere, and all security stuff under the sun. Just let it generate random characters and knew that you'll (within reason) be safe, as long as you don't do... well... stupid things.

I personally use Bitwarden, but there are plenty of choices on the market, just pick whatever suits you. I'm not exactly tech-savvy, but a 24-character randomly generated string is probably still un-bruteforce-able...

Also, for the love of heaven and all that is holy, don't use the name of your favourite singer as a password. Just don't..

 

[The Paladin]

use https://www.random.org/passwords/ then set it to 20 passwords, 24 characters long and pick a portion of the said password you chose. copy and paste and use a password safe to recall what it is, and use a different one per site you need to use a password.

 

[ODuffer]

2FA all the way

 

[Lafong]

;oscysbtdelwspwhattlg6

Do you recognize the above?

I don't use it, but between the semi-colon and the 6 is the first letter in the first 20 words of a well known phrase that anyone can train their fingers to type easily enough by reciting it as you type each character.

Pick your own well-known phrase that you are highly familiar with. Keep it to yourself.

Secondly....minimize the number of passwords/sites you really have a serious interest in protecting. I've got probably 30 sites bookmarked that require a password....but I don't much care about perhaps 27 of them.

 

[ex_bubblehead]

;oscysbtdelwspwhattlg6

Do you recognize the above?

That's actually not secure at all. I had it in only 4 or 5 seconds without hints. Commonly used phrases and such are already encoded into dictionaries. If you can't use 2fa for some reason then concatinating 3 completely unrelated words, with random numerals and Upcase/Lowercase sprinkled in is going to be relatively impervious to dictionary attacks (ex. Extr@giraFf3mU$hr00ms%)

 

[Lafong]

That's actually not secure at all. I had it in only 4 or 5 seconds without hints. Commonly used phrases and such are already encoded into dictionaries. If you can't use 2fa for some reason then concatinating 3 completely unrelated words, with random numerals and Upcase/Lowercase sprinkled in is going to be relatively impervious to dictionary attacks (ex. Extr@giraFf3mU$hr00ms%)

Why use a "common" phrase?

Use one known to you....a favorite phrase, but not "common".

+waflbtfa,whhhj,whjhsoht,whagah/9

 

[hotaru.hino]

While peppering words with leetspeak is often a common recommended method of "salting" the password, password crackers already know this too. It's easy for a computer to do all of the leetspeak substitution, but harder for a human to do it, especially if you arbitrarily chose which letters to substitute. Make it long enough, but don't make it hard.

Barring that I've also taken a liking to the Password Card approach. You only need to remember three things that aren't related to a password: a start point, an end point, and a direction (which doesn't necessarily have to be left to right)

EDIT: Also some other reading material if you want to balk at the xkcd approach
https://www.explainxkcd.com/wiki/in...7t_understand_information_theory_and_security
https://web.archive.org/web/2015031...swords/analyzing-the-xkcd-comic/#.VQtII0zP0Q8

Also if you need to add numbers, capitals, and punctuation, add it where it actually makes sense.

 

[Math Geek]

i use lastpass. use the random password generator, then it saves it and you don't have to remember it at all. i use it for every site and know only one which is the master password. the rest are random gibberish made with the generator.

throw in 2fa and you pretty much can't get better with normal site login type stuff.

i use pki and a random password to secure personal stuff accessible from the web. but that's not possible with a normal site login which only has a password and possibly 2fa

 

[neojack]

Personnaly i use Keepass on windows, with various pluggins to synchronise the crypted database to my Google drive and an addon on the browser that links to it.

Then i have a client on each on my devices that synchronises to the database on Gdrive. (on Android i use the app "keepass2Android")

Benefits :
always free
open source
will never go bankrupt or sold to a new company (hello passwordbox)
will never drop support/updates for some devices or change pricing (hello dashlane)
not a honeypot potentially attracting hackers like a website containing millions of accounts (even encrypted)
you own your data


Drawbacks
I wish i could use alternative ways to encrypt the database besides the standard AES256. (or like can do VeraCrypt, use several algorithms at the same time)
a bit more work is needed than the typical app install

 

[Nighthawk117]

I would just use something like LastPass to generate a strong password:
https://www.lastpass.com/features/password-generator
A long password should be sufficiently secure if it's been randomly generated.

 

[PsychoPsyops]

2FA is no longer deemed enough, without a strong password as well. Both are necessary. A seemingly random combination of letters, numbers, symbols and caps are needed with a quantity of at least 8 characters. No dictionary words should be used either. That's really all there is to it, until Apple, Google and Microsoft all do away with passwords in favor of the more secure PIN code, as they are currently working on doing.

 

[neojack]

until Apple, Google and Microsoft all do away with passwords in favor of the more secure PIN code, as they are currently working on doing.

How a 4 digit PIN is more secure than a randomly generated 8+ chars password ? i am genuinelly interrested.

 

[Nighthawk117]

How a 4 digit PIN is more secure than a randomly generated 8+ chars password ? i am genuinelly interrested.

I'm interested also

 

[Math Geek]

the only thing that makes the pin slightly safer is the fact they don't code the password with the same restrictions as pins.

this is that most pins are only allowed a few tries before locking out the account/device. hard to brute force it when you only get a few tries. many many websites don't code such protections in, which is how folks can brute force things like that.

of course the crap security employed by most data hoarders makes it easy to get thousands of hashes through simple hacking and then brute force them offline until they have a working usrname/password combo

 

[neojack]

understood thanks

so PIN is more secure, until crooks get their hand on the encrypted database, then they can test the 9999 combinaisons within 2 seconds.

Also worth mentioning that most people would use the same PIN as for their credit card, voicemail, phone lock, so the potential of a breach could be big.


yeah ok well i will stick with keepass and the random 20 character passwords. I have about 300 entries in my password database lol it adds up fast.

 

[Math Geek]

oh yah so many passwords but that's what the manager is for. i have tons as well and a bunch of secure notes saved in lastpass.

it keeps tabs for me and makes it easy to change it whenever needed. highly recommend some kind of manager but keep in mind if you lose your master password, there is no getting into that account. so a random enough yet memorable password is needed there. mine is very random but i managed to memorize it over time.

12453!@$%#

see what i did there. no one will ever guess that!!!

 

[hotaru.hino]

so PIN is more secure, until crooks get their hand on the encrypted database, then they can test the 9999 combinaisons within 2 seconds.

Also worth mentioning that most people would use the same PIN as for their credit card, voicemail, phone lock, so the potential of a breach could be big.

A lot of PIN applications are implemented as 2FA by default. If you're wondering what the other factor is, it's possession. For example, a person can't get to your bank account if they only know the PIN or only have the debit card, they need both. If a PIN is used as 1FA, then it's usually limited to local devices. I have a PIN set up on Windows, but that doesn't mean someone can use it to access my Microsoft account. Or at least, can use it to change anything sensitive.

 

[USAFRet]

How a 4 digit PIN is more secure than a randomly generated 8+ chars password ? i am genuinelly interrested.

Something you have, and something you know.

Need both the physical card and the PIN.


Now, if a 4 digit PIN is the ONLY form of access...well...that sux, and should not be done like that.

 

[Karadjgne]

A lock only stops the innocent. The guilty will always find a way around, over, under or through the lock given enough time. It's all a matter of intent. If someone really wants your stuff, there isn't a password made that can stop them. The only thing a strong password prevents is those without intent, the ones just trying to get lucky.

The CIA, NSA, FBI, Homeland Security don't chase the best hackers to prosecute or rehabilitate. They chase them to employ them. It takes a rat to catch a rat and if you can't think like a rat, you can't stop them doing what they do.

So make your passwords as strong as you feel you reasonably need to, you won't stop those who are determined to bypass it and have the education to do so, you'll only stop the fishers.