Creating Strong, and Secure Passwords.

[slaveofconvention]

A new story entry has been added:

[drupal=384]Creating Strong, and Secure Passwords. [/drupal]

By Slaveofconvention

More and more websites and systems require a password for access - forums, auction sites, social networking, FTP servers, online storage, email, OS logins, the list is almost endless. The thing is, a password is only effective if it is actually unique to you personally. Easy to guess passwords are almost useless. The following is a short guide to help you create passwords which are:

[x88x]

Another very useful technique is the use of passphrases.

Basically, make your password a phrase, like:
I never get bored on TBCS.

Hey, looky there, I just made a 26 character password that is REALLY easy for me to remember. Now let's throw some of the obfuscation techniques that you suggested:
I nvr get board on TBCS.

Throw in some '733t5p34|<'
1 nvr get b04rd on TBCS.

On thing I'd suggest in the application of character replacement, is to only replace it on some words (notice how I replaced 'o' with '0' in 'board' but not in 'on'). This helps keep people from guessing it.

Now, let's try some capitalization:
! NVR get b04rd on TBCS>

Now you've got a 26 character password, with lowercase, uppercase, numbers, and special characters, and all fairly easy to remember.

[Datech]

I'm finding this guide strikingly useful right now. Check out the new rules for the new company I'm a part of:

Corporate Intranet Login allowed. No
Required characters. ?~!@#$&*()_+-={}|[]\:;`<>,./
Minimum number of alphabetic characters. 1
Words present in User Name allowed. No
User Name allowed. No
Minimum length. 8
Minimum number of digits. 1
Number of password changes before a password can be re-used. 10
Invalid characters. ^ ^
Words present in Corporate Intranet Login allowed. No

I'm having a hard time coming up with something new to remember...

[gntlkilr]

LOL
I have an old Unisys mainframe at work that I maintain. 18 characters, 4 capital, 4 lowercase, 4 number, 4 special character (%&^), and 2 of your choice. LOL

for my home WPA2 key, I let my 2 yr old daughter pound on the keyboard, i held shift a couple times, then counted out 63 characters of it. Thats my password.

as for examples, most passwords I see as a database manager are !QAZ1qaz, #E$R3e4r, etc. Alot of easy rhythms. Avoid that too.

[x88x]

for my home WPA2 key, I let my 2 yr old daughter pound on the keyboard, i held shift a couple times, then counted out 63 characters of it. Thats my password.

Interesting, but that actually is less secure on one facet, since you're definitely gonna have to write that one down.

[gntlkilr]

Interesting, but that actually is less secure on one facet, since you're definitely gonna have to write that one down.

Nah. I copied it onto a .txt file, copied/pasted into all the machines that needed it, shift deleted it. Its good. i leave a copy on my server in a hidden folder just in case I'll need it again.

[x88x]

Nah. I copied it onto a .txt file, copied/pasted into all the machines that needed it, shift deleted it. Its good. i leave a copy on my server in a hidden folder just in case I'll need it again.

Fair enough, but it's still written down somewhere.

To be honest though, I sometimes do similar things; I figure if someone has root access to my server at home, then I have bigger things to worry about than whether they can get on my wifi.