1. We have added a Gift Upgrades feature that allows you to gift an account upgrade to another member, just in time for the holiday season. You can see the gift option when going to the Account Upgrades screen, or on any user profile screen.
    Dismiss Notice

Creating a strong password - 10 characters or less

Discussion in 'Computer Talk' started by deanej, Sep 14, 2010.

  1. deanej

    deanej Deity

    Joined:
    Apr 8, 2006
    Messages:
    4,859
    Location:
    New York State
    Recently I've been trying to replace my important passwords with stronger passwords. The trouble is, my credit card site doesn't allow passwords longer than 10 characters; I think non-alphanumeric characters might also be banned. Is there a way to create a strong password in these conditions?
     
  2. Zelig

    Zelig Beep Boop

    Joined:
    Jul 8, 2002
    Messages:
    15,847
    Location:
    Canada
    If it were me, I would probably cancel that credit card.
     
  3. PeteAtoms

    PeteAtoms FormulaRandom

    Joined:
    Aug 13, 2002
    Messages:
    3,722
    Location:
    Land of Ooo
    Use KeePass
     
  4. uppi

    uppi Deity

    Joined:
    Feb 2, 2007
    Messages:
    4,450
    10 random characters, with capital letters and numbers thrown in is be enough to stop any reasonable brute-force attack. So the real problem is not how to create safe passwords, but how to remember them. One trick is to remember a sentence and use the first letters of the words as password.

    But the real danger is malware on your computer: The strongest password doesn't help you, if someone installed a keylogger on your machine.
     
  5. ParadigmShifter

    ParadigmShifter Random Nonsense Generator

    Joined:
    Apr 4, 2007
    Messages:
    21,810
    Location:
    Liverpool, home of Everton FC
  6. nc-1701

    nc-1701 bombombedum

    Joined:
    Oct 28, 2005
    Messages:
    4,025
    Location:
    America
    With case specific plus numbers you get 62^10 combinations which is about 8.4 x 10^17... I don't think you need to worry about brute force, just use randomized non dictionary breakable words.
     
  7. bhsup

    bhsup Deity

    Joined:
    Jan 1, 2004
    Messages:
    30,387
    I memorized a set of random alphanumerics, 8 digits long. I use them for all situations and know I only have to cycle through a handful if I've forgotten one.

    Example, one I have retired because it got compromised due to my stupidity: m53R70dY

    Just memorize a few like that.
     
  8. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    There are plenty of passgen freeware programs out there that can make them as random as you like.
     
  9. Mise

    Mise isle of lucy

    Joined:
    Apr 13, 2004
    Messages:
    28,601
    Location:
    London, UK
    Mnemonics might be helpful in memorising them, e.g. m53R70dY = Ms Ertody in leet. Or maybe, "miss E.R. today" (because it sucks).
     
  10. west india man

    west india man Immortal

    Joined:
    Aug 29, 2008
    Messages:
    9,118
    Location:
    Brazil
    Do a foreign word with alternate capitals and a few numbers at the end.
     
  11. PeteAtoms

    PeteAtoms FormulaRandom

    Joined:
    Aug 13, 2002
    Messages:
    3,722
    Location:
    Land of Ooo
    I have a question about passwords as long as there is an active thread on page 1...

    would it be a good idea to simply remember a 4 digit number and a 4 letter word and arrange them so:

    ex: word=dogs, number=1234

    d1o2g3s4
    dog1234s
    d12ogs34
    etc.

    ?
     
  12. warpus

    warpus In pork I trust

    Joined:
    Aug 28, 2005
    Messages:
    49,438
    Location:
    Stamford Bridge
    For some reason my bank doesn't allow alphanumeric characters either.

    As someone who has had to build secure online systems before, and knows a bit about how people go about hacking passwords, the best thing you can do is create a password that does not contain any common words in it.

    Bad password: tacoburrito
    Good Password: 4th5y67uk

    edit: actually, don't include any words you might find in a dictionary.
     
  13. J-man

    J-man Deity

    Joined:
    Oct 12, 2007
    Messages:
    2,088
    Gender:
    Male
    Location:
    Nijmegen, the Netherlands
    i use keepass. It can generate passwords and help you manage your passwords.
     
  14. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    That would probably be pretty effective.
     
  15. PeteAtoms

    PeteAtoms FormulaRandom

    Joined:
    Aug 13, 2002
    Messages:
    3,722
    Location:
    Land of Ooo
    another formulaic idea would be to pick a word you would remember and turn that word into a number by using the numbers found on a phone's keys:

    2 - abc
    3 - def
    4 - ghi
    5 - jkl
    6 - mno
    7 - pqrs
    8 - tuv
    9 - wxyz

    Or also spell out that number.

    EXAMPLE:

    I pick the word "dog"
    if I were to txt that or something, the # is 364 (see above)
    spelled out, the # is threehundredsixtyfour or threesixfour

    so you could make a password like:
    "threehundredsixtyfour364dog" or "dog364threesixfour"

    of course why even do that when you could just remember a single number...

    three3six6four4
     
  16. Till

    Till Adventurer

    Joined:
    Aug 20, 2005
    Messages:
    4,170
    Location:
    Background Noise
    This would be bad, i think. The dictionary of 4 letter words is not that big (at least according to scrabble ;)), and the shuffling mechanism does not add huge multiplier (is it 5! ?). If someone were to guess your method, you'd be quite vulnerable to brute force.
    This may be worse than just picking a word of less than 8 characters and fill up the remainder with random numbers.
     
  17. aimeeandbeatles

    aimeeandbeatles uolǝɯɹǝʇɐʍ

    Joined:
    Apr 5, 2007
    Messages:
    15,733
    Gender:
    Female
    Location:
    ɐpɐuɐƆ 'ɐᴉʇoɔS ɐʌoN
    I use a combination of two unusual words and add numbers and punctuations somewhere. I would post one of my retired ones but it would trip the autocensor :mischief:
     
  18. Zelig

    Zelig Beep Boop

    Joined:
    Jul 8, 2002
    Messages:
    15,847
    Location:
    Canada
    Curse words are in fact very common in passwords.
     
  19. Samez

    Samez ION GUNNER

    Joined:
    Jan 31, 2005
    Messages:
    1,526
    Location:
    center of nowhere
    Use acronyms combined with 1337 and writing one or more letters/words of the password as capital.. short example: 0mFgi1rC should be quite secure and still be memorable...
     
  20. fromeast2west

    fromeast2west Warlord

    Joined:
    Mar 16, 2010
    Messages:
    111
    Passwords are one of the few places I've ever used 1337 on a regular basis (bad jokes being the other).

    Just using the basic vowel conversion should generate 'words' that are easy to remember, but that won't show up in a dictionary attack.

    tree = Tr33, teak = T34k, tick = T1ck ....

    Any system using passwords these days should have some sort of lock out / delay feature that would prevent a brute force attack online. The areas where users face a risk because of password strength are where hardware security is compromised and a cracking tool can be run directly against the password file. .. in other words, it's a pretty small risk, and passwords beyond a certain strength are really only there to make us feel better.

    The real risks are unsecured / poorly encrypted wireless, malware, and social hacks.
     

Share This Page