Creating a strong password - 10 characters or less

deanej

Deity
Joined
Apr 8, 2006
Messages
4,859
Location
New York State
Recently I've been trying to replace my important passwords with stronger passwords. The trouble is, my credit card site doesn't allow passwords longer than 10 characters; I think non-alphanumeric characters might also be banned. Is there a way to create a strong password in these conditions?
 
Use KeePass
 
Recently I've been trying to replace my important passwords with stronger passwords. The trouble is, my credit card site doesn't allow passwords longer than 10 characters; I think non-alphanumeric characters might also be banned. Is there a way to create a strong password in these conditions?

10 random characters, with capital letters and numbers thrown in is be enough to stop any reasonable brute-force attack. So the real problem is not how to create safe passwords, but how to remember them. One trick is to remember a sentence and use the first letters of the words as password.

But the real danger is malware on your computer: The strongest password doesn't help you, if someone installed a keylogger on your machine.
 
With case specific plus numbers you get 62^10 combinations which is about 8.4 x 10^17... I don't think you need to worry about brute force, just use randomized non dictionary breakable words.
 
I memorized a set of random alphanumerics, 8 digits long. I use them for all situations and know I only have to cycle through a handful if I've forgotten one.

Example, one I have retired because it got compromised due to my stupidity: m53R70dY

Just memorize a few like that.
 
There are plenty of passgen freeware programs out there that can make them as random as you like.
 
Mnemonics might be helpful in memorising them, e.g. m53R70dY = Ms Ertody in leet. Or maybe, "miss E.R. today" (because it sucks).
 
I have a question about passwords as long as there is an active thread on page 1...

would it be a good idea to simply remember a 4 digit number and a 4 letter word and arrange them so:

ex: word=dogs, number=1234

d1o2g3s4
dog1234s
d12ogs34
etc.

?
 
Recently I've been trying to replace my important passwords with stronger passwords. The trouble is, my credit card site doesn't allow passwords longer than 10 characters; I think non-alphanumeric characters might also be banned. Is there a way to create a strong password in these conditions?

For some reason my bank doesn't allow alphanumeric characters either.

As someone who has had to build secure online systems before, and knows a bit about how people go about hacking passwords, the best thing you can do is create a password that does not contain any common words in it.

Bad password: tacoburrito
Good Password: 4th5y67uk

edit: actually, don't include any words you might find in a dictionary.
 
I have a question about passwords as long as there is an active thread on page 1...

would it be a good idea to simply remember a 4 digit number and a 4 letter word and arrange them so:

ex: word=dogs, number=1234

d1o2g3s4
dog1234s
d12ogs34
etc.

?

That would probably be pretty effective.
 
another formulaic idea would be to pick a word you would remember and turn that word into a number by using the numbers found on a phone's keys:

2 - abc
3 - def
4 - ghi
5 - jkl
6 - mno
7 - pqrs
8 - tuv
9 - wxyz

Or also spell out that number.

EXAMPLE:

I pick the word "dog"
if I were to txt that or something, the # is 364 (see above)
spelled out, the # is threehundredsixtyfour or threesixfour

so you could make a password like:
"threehundredsixtyfour364dog" or "dog364threesixfour"

of course why even do that when you could just remember a single number...

three3six6four4
 
I have a question about passwords as long as there is an active thread on page 1...

would it be a good idea to simply remember a 4 digit number and a 4 letter word and arrange them so:

ex: word=dogs, number=1234

d1o2g3s4
dog1234s
d12ogs34
etc.

?

This would be bad, i think. The dictionary of 4 letter words is not that big (at least according to scrabble ;)), and the shuffling mechanism does not add huge multiplier (is it 5! ?). If someone were to guess your method, you'd be quite vulnerable to brute force.
This may be worse than just picking a word of less than 8 characters and fill up the remainder with random numbers.
 
I use a combination of two unusual words and add numbers and punctuations somewhere. I would post one of my retired ones but it would trip the autocensor :mischief:
 
Use acronyms combined with 1337 and writing one or more letters/words of the password as capital.. short example: 0mFgi1rC should be quite secure and still be memorable...
 
Passwords are one of the few places I've ever used 1337 on a regular basis (bad jokes being the other).

Just using the basic vowel conversion should generate 'words' that are easy to remember, but that won't show up in a dictionary attack.

tree = Tr33, teak = T34k, tick = T1ck ....

Any system using passwords these days should have some sort of lock out / delay feature that would prevent a brute force attack online. The areas where users face a risk because of password strength are where hardware security is compromised and a cracking tool can be run directly against the password file. .. in other words, it's a pretty small risk, and passwords beyond a certain strength are really only there to make us feel better.

The real risks are unsecured / poorly encrypted wireless, malware, and social hacks.
 
Top Bottom