How to create a password not even a supercomputer could break

[Jamie McKane]

How to create a password not even a supercomputer could break

Here’s the not-so-secret recipe for strong passphrases: a random element like dice, a long list of words, and math.

And as long as you have the first two, the third takes care of itself. All together, this adds up to diceware, a simple but powerful method to create a passphrase that even the most sophisticated computer could take at least thousands of years to guess.

[EFF]

 

[system32]

Length of password/passphrase more important than complexity

 

[Lupus]

It's easier to remember a really long phrase or something over some really stupid complex password with special characters etc.

 

[Bryn]

It's far more likely you'll be hacked because you use the same login details across multiple sites and one of them has its user logins stolen whilst maintaining poor encryption.

The real benefit of using a password manager isn't in the automatically generated 25+ character passwords, but in having a unique one for every single site. To take things much further, buy a physical two-factor authentication device like a YubiKey 4 and tether it to your password manager and any sites that both support them and are important to you. Just like that, you're a hacker's worst nightmare without needing to inconvenience yourself much.

 

[Gimli_]

To make passphrases more difficult to crack, insert a foreign language word {afrikaans; xhosa; french} into your phrase. Now ADD (don't replace a character with) a special character in the middel of one word. 4 word passphrase should then be enough. Use that for your password manager's master password. Use unique, random generared +16 character passwords for each site and let the password manager handle your logins. Lastpass or Bitwarden recommended. (+1 for U2F security token)

 

[TheMightyQuin]

1Password

 

[Polymathic]

0n3Pa$$Wo3d

 

[Bryn]

1Password

A fine solution, but not worth the cost imo. Bitwarden is excellent and Premium costs $10 a year.

...and hope the latest release is not modified in an unauthorized way by a disgruntled or rogue employee.

Bitwarden is open source, so not too likely.

 

[Gimli_]

LOL website to help generate a password, except...., now you need to trust the website, right?
http://correcthorsebatterystaple.net

rather, as I said:

cor&recthorsebatterypolisiekar

This will stand up against any dictionary or brute force attack, and easy to remember.

+1 Bitwarden is open source as mentioned and you can host the server yourself. It plays nicely with linux as it has native app as well. I am seriously considering moving to it.
+1 for Yubikey Neo for U2F

 

[Gimli_]

Passphrase over convoluted/modified word.

https://xkcd.com/936/

 

[ActivateD]

Creating a 14+ passwords will be good enough if you got complexity on. The issue is how your password is stored at the backend.

 

[AirWolf]

cor&recthorsebatterypolisiekar

2 Nonillion years

1Password

4 days

0n3Pa$$Wo3d

4 hundred years

https://howsecureismypassword.net/

 

[ekske1]

How to create a password not even a supercomputer could break

oh god... Cracking is only matter of time and computation power.

Enter the Infinite Monkey

 

[ekske1]

Creating a 14+ passwords will be good enough if you got complexity on. The issue is how your password is stored at the backend.

or people using qwerty / saved password to open up their password manager.

 

[AirWolf]

Experiment:

 

[RedViking]

Us usually use something like this:

Mila$Chomp7$9micro$em4$Virus

 

[AirWolf]

Us usually use something like this:

Mila$Chomp7$9micro$em4$Virus

53 Decillion years

 

[RedViking]

53 Decillion years

 

[ekske1]

meh

 

[AirWolf]

Office wifi password are 60 character randoms - in the quattuordecillion years category.