Hacker shows a simple way to make a strong password that’s easy to remember

Eric

Honorary Master
Joined
Jul 18, 2008
Messages
47,012
Heh... unfortunately the example given:
Ibmhf$1
Can probably be brute forced in little time simply because of the number of digits. 3-4 more characters and you're good.
At least according to this
https://howsecureismypassword.net/
 

waylander

Expert Member
Joined
May 15, 2013
Messages
3,831
How do either of those make your password less hackable? You're going to have to be more specific for that info to be useful ;)
...
....
.....

KeePass is a password manager, which has very strong default password generation (21 char, mix of everything) with strong crypto.

Google Chrome has a built in password manager, with decent defaults and auto login to everything you could want.
 

ThatOtherGuy

Well-Known Member
Joined
Jul 26, 2005
Messages
427
How do either of those make your password less hackable? You're going to have to be more specific for that info to be useful ;)
Probably because you can make all your passwords extremely complex and just have to remember 1 password in keepass?
 

Eric

Honorary Master
Joined
Jul 18, 2008
Messages
47,012
Probably because you can make all your passwords extremely complex and just have to remember 1 password in keepass?
Right, that's one way - but bsb's comment doesn't specify that. It's no more secure using those apps if your passwords aren't more complex. On the other hand, the loss compounded if that one password is compromised (keylogger).

Also, you then have to use those apps on all your devices and if you use shared computers, it's not really going to work well.

...
....
.....

KeePass is a password manager, which has very strong default password generation (21 char, mix of everything) with strong crypto.

Google Chrome has a built in password manager, with decent defaults and auto login to everything you could want.
Right, though that's not how everyone uses them, hence my suggestion to include that specific info.
 
Last edited:

waylander

Expert Member
Joined
May 15, 2013
Messages
3,831
Right, that's one way - but bsb's comment doesn't specify that. It's no use having short simple passwords if you're storing them in those apps. On the other hand, the loss compounded if that one password is compromised (keylogger).
Password uniqueness > password strength.

Keep the master password long, unique and secret and you're golden.

With a keylogger you're ****ed anyway, so having the password manager is just protection against direct attacks on the credentials of that particular site/service, not the password manager or content itself. Also; most keyloggers don't log the program being used, and since with the password manager you will only ever copy/paste the credentials, the only password being compromised is the master password, and unless the attacker knows you're using a particular password manager, knows the account key, bypasses two step auth, bypasses email verification, you're fine.
 

Batista

Executive Member
Joined
Sep 2, 2011
Messages
7,900
I have one password I use everywhere but 5 different combinations of it.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
19,250
How do either of those make your password less hackable? You're going to have to be more specific for that info to be useful ;)
Probably because you can make all your passwords extremely complex and just have to remember 1 password in keepass?
This.

Right, that's one way - but bsb's comment doesn't specify that. It's no more secure using those apps if your passwords aren't more complex. On the other hand, the loss compounded if that one password is compromised (keylogger).

Also, you then have to use those apps on all your devices and if you use shared computers, it's not really going to work well.
Not true. Your google passwords can be accessed by simply going to passwords.google.com. Works automagically on Android without any software.
 

waylander

Expert Member
Joined
May 15, 2013
Messages
3,831
This.



Not true. Your google passwords can be accessed by simply going to passwords.google.com. Works automagically on Android without any software.
Google lets you encrypt them too, using a unique password just for the sync data, for additional peace of mind.
 

waylander

Expert Member
Joined
May 15, 2013
Messages
3,831
I have one password I use everywhere but 5 different combinations of it.
I read a study about this very thing, and how brute force tools are able to adapt themselves dynamically to guess the variations of your password. Does it start with an uppercase letter, contain a single name or word, and end with 1 or 3 letters and a special character?
 

waylander

Expert Member
Joined
May 15, 2013
Messages
3,831
Right, that's one way - but bsb's comment doesn't specify that. It's no more secure using those apps if your passwords aren't more complex. On the other hand, the loss compounded if that one password is compromised (keylogger).

Also, you then have to use those apps on all your devices and if you use shared computers, it's not really going to work well.



Right, though that's not how everyone uses them, hence my suggestion to include that specific info.
I included it for clarity for anyone reading :)
 

Eric

Honorary Master
Joined
Jul 18, 2008
Messages
47,012
Not true. Your google passwords can be accessed by simply going to passwords.google.com. Works automagically on Android without any software.
So every password is as secure as your google password... and who has time to visit passwords.google.com and enter a password every time you want a password?


...please don't tell me you save it on your phone to make your life easier :)
 
Last edited:

Quey_Quick

Expert Member
Joined
Dec 4, 2007
Messages
2,945
My password has 1 uppercase letter, 4 lowercase letters, 1 special character and 5 numbers .According to howsecureismypassword.net, it would take a computer about 34 THOUSAND YEARS to crack my password.

I am good, only thing that changes is the numbers and that happens at least once a month.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
37,925
Password uniqueness > password strength.
It astounds me how many people don't get this.

They have a 18 character password but use the exact same one everywhere which makes it utterly meaningless.
 
Top