PSA: How to create a strong password

Discussion in 'General Mac Discussion' started by yellow, Sep 25, 2004.

  1. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #1
    I searched and didn't find a thread dedicated to passwords. So consider this a Public Service Announcement.

    How to create a strong password.


    A password is your final line of defense in computer security. I hear complaints a lot about how hard it is to remember passwords. Especially when you have to change them often. So typically people choose bad passwords because they are easy to remember. Here are the basics on making a memorable, strong password.

    As an example, it's nearly October, so Halloween is right around the corner for us in the U.S. Users will be tempted (if forced to change their passwords around this time of year) to use something like "Halloween", which is a very bad password. "halloween31" is also a bad password. "H@110w33n" is a slightly less-bad password.

    Any words that appear in a dictionary make cracking a password that much easier. This includes "foreign" dictionaries. These dictionaries are all readily accessible and can be used as proofs in cracking programs at applied against your password. Adding numbers to dictionary words doesn't increase the password's strength worth a wit. Even with trivial character replacements like capital letters and non-alphanumeric symbols, you're not getting a strong password.

    Trust me, if you've thought of it, so have "they".


    A true strong password should consist of 8 or more characters and be part of a "passphrase". A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For this example, I will choose:

    Homer Simpson for President. I am serious!
    One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you:

    hsfpias

    That looks seemingly random, and it's a fairly hard password to crack, but it's too short. Only 7 characters. Why not make it harder by using the punctuation from the sentence?

    hsfp.ias!

    Now that is a much harder password to crack. Why stop there? But let's step it up a bit more by capitalizing some letters and adding some numbers, say, the year we need to vote Homer in:

    HSfp.ias!04

    Voila, a truly difficult password to crack, but is pretty still easy to remember. Feel free to liberally salt it with non-alphanumeric character replacements for greater difficulty (but a bit of "unwieldiness"). For example, replacing an "a" with a "@", and/or a "s" with a "$", leaving us with:

    HSfp.i@$!04

    A password cracker will give up and move onto greener pastures (read: more easily broken passwords) long before this one is cracked.



    I hope this helps you choose a better password for yourself.
     
  2. ScotRobson macrumors 6502

    Joined:
    Feb 3, 2004
    Location:
    Torquay UK
    #2
    Great advise. I would never have thought of that!

    Now, to think of a quote :)

    Thanks
    Scot
     
  3. iSuck macrumors member

    iSuck

    Joined:
    Jul 28, 2004
    #3
    My password system is very simple.
    Places....
    I know, yeah, a capitol city is really easy to crack.
    But my password is a place that hardly anyone knows and even when you say it to them, they can't understand what I'm saying. When people watch me as i type in my password, they still cant get it!

    Hint: Asian countries are great passwords....even deserts or beaches...

    example: If you are young like me and have no interest in places, your friends will think your password is somethin like, simpsons, apple, matrix, tv or something along the lines of that.

    Would they ever suspect your password to be something like...
    "Stockholm"
    Doubt it, when you type it, and they try to watch, they will not get it, they will reckons it's something like..
    "story"
    "simpsons" - Related with the S's in each word
    "Sockhead"

    Stupid stuff like that...

    If your an adult, use childish things or places!
     
  4. yellow thread starter Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    That's not a very strong password. Many of those places appear in dictionaries and wordlists. And the purpose isn't to fool your buddies, that's easy. The purpose is to make a password difficult enough to break that "professional" password crackers will move on to easier targets. I guarantee that your "Stockholm" password could be broken in less then a day.
     
  5. 2A Batterie macrumors 6502a

    2A Batterie

    Joined:
    Jun 9, 2004
    Location:
    Out of a Suitcase, USA
    #5
    My password and I usually get up at 6am and hit the gym. I find powersquats and the preacher curl really beef up my password.
     
  6. yellow thread starter Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
  7. Vector macrumors 6502a

    Vector

    Joined:
    Feb 13, 2002
    #7
    A better way to tell if your passwords are strong is to PM me with them and i will tell you if they are strong or not. :D
     
  8. pdpfilms macrumors 68020

    pdpfilms

    Joined:
    Jun 29, 2004
    Location:
    Vermontana
    #8
    ...not so funny.
     
  9. Brother Michael macrumors 6502a

    Brother Michael

    Joined:
    Apr 14, 2004
    #9
    Hey Yellow- Thanks. These are things that I have never really considered. I am remaking a lot of my passwords now.

    Mike
     
  10. Vector macrumors 6502a

    Vector

    Joined:
    Feb 13, 2002
    #10
    Well, i thought about telling people to post them, but i figured someone might actually do it.

    Anyway, back to the topic. All of my PWs use letters and numbers mixed together. I would use punctuation, but most of the time you cannot use punctuation in PWs. I say just use a combination of letters and numbers, and throw in some capital letters for good measure. The main thing to remember is just don't use real words even if they are proper nouns like names or places.
     
  11. yellow thread starter Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #11
    On what platform? There are many non-alphanumeric characters that are supported by UNIX platforms.
     
  12. Vector macrumors 6502a

    Vector

    Joined:
    Feb 13, 2002
    #12
    I don't really mean OS login passwords as much as i mean network login passwords. At my university, you have to use either letters or numbers, but cannot use punctuation. The university does require PWs to be at least 8 characters, a combination of both numbers and letters, and not contain words.

    Many online subscriptions that i have do not allow punctuation either.
     
  13. yellow thread starter Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #13
    Ah yes, you're right of course, a lot of online sources don't do a great job with passwords. Heck, more then half of them are passed in cleartext anyway.
     
  14. stubeeef macrumors 68030

    stubeeef

    Joined:
    Aug 10, 2004
    #14
    Was searching for a thread like this, thanks yellow. It has me thinking, I have used the same password for so long that I am now uncomfortable with it. Didn't really think about using a phrase, and some of those characters so thanks for the thread!
     

Share This Page