Thread: How to make a strong easily remembered password.

First things first, you need to understand how the mind works. We remember words and significant dates easily. Therefore a strong password can be done this way

A symbol to start it off like ! or $ then a word like Ice or fishcakes or something you will remember. Then you want a number something you will always remember could be the last four digits of some childhood phone number or a birth date in numerical form. Normally this would be a bad idea to use these for passwords but we are not just using them we are incorporating others as well.

So for example a possible strong password could be: $fishcake091367 A symbol, followed by a word , followed by a date. completely unhackable via brute force methods. and very easy to remember. as long as you use words and dates that are significant to you. Why the symbol? that's to throw off brute force attacks. Brute force attacks use a wordlist. or a dictionary file to hack your password. So making a password in this format is best. Like always though this does not protect you from keyloggers so be sure to keep your anti virus up to date.

Stay Safe, Browse Safe.



I hope I have helped you make easy to remember passwords that are very strong on all your trackers.

Useful info, but I think the best way to make a password easily remembered is to think visually.
For example using smileys and birthdate, since smileys are made of symbols, bruteforce on them is very hard.
A password like the following 07:)05;)67 is made of 10 digits and symbols, more than enough to avoid direct attack.

Another way is to think of the password as a picture. For example _--_ is a bench, you can mix it with your birthdate or words or even something else.

Third and last way to make an safe password is a simple. The point this time is making a long password, using repetition.
Example : 090807060504030201010203040506070809
Obviously you can see the pattern, but still, it's completely safe to cracking because of it's length and very easy to remember !

Originally Posted by Eleriaqueen

Useful info, but I think the best way to make a password easily remembered is to think visually.
For example using smileys and birthdate, since smileys are made of symbols, bruteforce on them is very hard.
A password like the following 07:)05;)67 is made of 10 digits and symbols, more than enough to avoid direct attack.

Another way is to think of the password as a picture. For example _--_ is a bench, you can mix it with your birthdate or words or even something else.

Third and last way to make an safe password is a simple. The point this time is making a long password, using repetition.
Example : 090807060504030201010203040506070809
Obviously you can see the pattern, but still, it's completely safe to cracking because of it's length and very easy to remember !

I think if I had to type 090807060504030201010203040506070809 every time I logged in, I'd end up killing myself.

this is the best password tutorial :
password_strength.png

lol, i was just about to post that comic...here's the direct link for those who want to read the alt text: xkcd: Password Strength
it brings up an important point as well...at a certain point length outweighs "complexity"

Nowadays, brute force log-in attacks are generally a non-issue, since most websites restrict the frequency and continuation of failed log-in attempts.

The modern security threat is in the form of database compromise - where hackers may obtain some or all of the password hashes from a web service's user database. When a password hash is obtained, the hacker simply needs to look it up in another database, known as a rainbow table. Rainbow tables hold pairs of passwords with the hashes that they compute to. Available rainbow tables reduce hash cracking to a matter of seconds, hours, or days where brute force cracking may take years, decades, or longer. Long story short, passwords of any complexity (ASCII) should be longer than 9 characters, alphanumeric passwords should be at least 11 characters, and alpha-only passwords need be at least 13 characters.

Additionally, where hashes cannot be cracked with available rainbow tables, (i.e. too long,) heuristic methods will be employed on top of traditional brute force/dictionary cracking. Highly comprehensive dictionaries (or algorithms) may be used which include common misspellings, substitutions, combined words, abbreviations, words without vowels, and other common-sense variations that an average person might expect to obfuscate their password. A properly planned attack can crack a password in a minute fraction of the logical estimated time to completion. The best way to avoid compromise then is to apply a combination of variations to a longer password. So perhaps, "cor.rect-horse-batt-$taple111" - much in the way which Schrodinger suggested, but also in the way that XKCD looks at it.

One last thing to consider - which really throws a wrench into the predictability of a password's security - is the fact that MD5 (the most commonly used password hashing algorithm) is vulnerable to collisions. This means that in theory, the longer and more complex your password is, the more likely it is to compute to the same hash as a shorter, more easily cracked one. In case of a collision, a hacker who looks up your hash in a rainbow table may find a password to match it, even though it is not your actual password. Regardless, the website he enters the match into will accept it as valid, since it will compute to your password's hash. On this note, I recommend not overdoing it on password complexity or length, although in practice the point of "overdoing it" is practically immeasurable.

(P.S. Not all websites are responsible enough to store passwords as hashes, making a database compromise instantly catastrophic to their users. If the website you visit seems questionable from a security standpoint, be sure to use a UNIQUE password for your account.)

Originally Posted by kevliketorrent

this is the best password tutorial :
password_strength.png

amazing... I did not know that's the way that softwares crack the passwords... I will change my passwords into easy to remember phrases... damn that was eye-opening...

thanks a lot guys ...

Most security breaches stem from human stupidity:

Using names of family members, lovers or pets, bith dates or the like.
Using passwords based on hobbies or other passions that everybody knows you fancy.
Leaving post-it notes stuck to the monitor or jotting them down in other places where people can find them.
Falling for phishing attempts, Nigerian lotteries and similar attacks based on human nature.
Using insecure systems, such as not marking [SSL] when logging in.
Saving on anti-virus and firewall software or not updating it for other reasons.

Then there are server-side risks like hacked data bases or the sell-off of private data to third parties and new owners. There are also hard drive crashes or worse, dropping off a computer at the repair shop with free access to everything.

Finally, there is the risk of overdoing it: any security mechnism in any aspect of life will be circumvented or ignored as soon as it becomes too complicated, inconvenient or time-consuming. Roamer hit the nail on its head, because a code that a human being cannot remember or enter with minimal effort (given the masses of user names and passwords we need these days) is useless.

The best way to do it? That depends on how good a memory you have and what the passwords are for, i.e. how important it is that nobody finds out your codes. For online fora and BT trackers, it does not really matter, for online banking and PayPal it does. So you might want to have different e-mail addresses and passwords for your real identity, organizing them in layers, and different, easier user/passwords for unimportant activities like web fora. If you have too many and too complicated user/password combinations for everything, there's a higher probability of confusion and memory loss than if you only have two or three secure ones for the things that are really important.

Just my humble two cents -- the more individual and varied in terms of different strokes for different blokes, the better.

You can always try LastPass; LastPass - Password Manager, Form Filler, Password Management
It's free, generates up to 16 character passwords, encrypted on computer before uploaded to server, etc.......
Works great :)