How to create a password not even a supercomputer could break

Jamie McKane

MyBroadband Journalist
Super Moderator
Joined
Mar 2, 2016
Messages
4,601
How to create a password not even a supercomputer could break

Here’s the not-so-secret recipe for strong passphrases: a random element like dice, a long list of words, and math.

And as long as you have the first two, the third takes care of itself. All together, this adds up to diceware, a simple but powerful method to create a passphrase that even the most sophisticated computer could take at least thousands of years to guess.

[EFF]
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
2,806
Length of password/passphrase more important than complexity
 

Lupus

Honorary Master
Joined
Apr 25, 2006
Messages
16,144
It's easier to remember a really long phrase or something over some really stupid complex password with special characters etc.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
14,651
It's far more likely you'll be hacked because you use the same login details across multiple sites and one of them has its user logins stolen whilst maintaining poor encryption.

The real benefit of using a password manager isn't in the automatically generated 25+ character passwords, but in having a unique one for every single site. To take things much further, buy a physical two-factor authentication device like a YubiKey 4 and tether it to your password manager and any sites that both support them and are important to you. Just like that, you're a hacker's worst nightmare without needing to inconvenience yourself much.
 

Gimli

Well-Known Member
Joined
Feb 8, 2005
Messages
355
To make passphrases more difficult to crack, insert a foreign language word {afrikaans; xhosa; french} into your phrase. Now ADD (don't replace a character with) a special character in the middel of one word. 4 word passphrase should then be enough. Use that for your password manager's master password. Use unique, random generared +16 character passwords for each site and let the password manager handle your logins. Lastpass or Bitwarden recommended. (+1 for U2F security token)
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,425
To make passphrases more difficult to crack, insert a foreign language word {afrikaans; xhosa; french} into your phrase. Now ADD (don't replace a character with) a special character in the middel of one word. 4 word passphrase should then be enough. Use that for your password manager's master password. Use unique, random generared +16 character passwords for each site and let the password manager handle your logins. Lastpass or Bitwarden recommended. (+1 for U2F security token)
...and hope the latest release is not modified in an unauthorized way by a disgruntled or rogue employee.
 

Gimli

Well-Known Member
Joined
Feb 8, 2005
Messages
355
LOL website to help generate a password, except...., now you need to trust the website, right?
http://correcthorsebatterystaple.net

rather, as I said:

cor&recthorsebatterypolisiekar

This will stand up against any dictionary or brute force attack, and easy to remember.

+1 Bitwarden is open source as mentioned and you can host the server yourself. It plays nicely with linux as it has native app as well. I am seriously considering moving to it.
+1 for Yubikey Neo for U2F
 

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,353
Creating a 14+ passwords will be good enough if you got complexity on. The issue is how your password is stored at the backend.
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
Creating a 14+ passwords will be good enough if you got complexity on. The issue is how your password is stored at the backend.
or people using qwerty / saved password to open up their password manager.
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
20,941
Us usually use something like this:

Mila$Chomp7$9micro$em4$Virus
 
Top