How to create a strong password

Bradley Prior

Bradley Prior

MyBroadband Journalist
Staff member
Super Moderator
Joined
Oct 16, 2018
Messages
5,011
Reaction score
1,581
How to create a strong password

The National Cyber Security Centre (NCSC) in the United Kingdom said using three random words is a good way to create a strong, unique password that is easy to remember.
 
Now that everybody knows I have to go and change all my passwords.
 
My first ever password was “apple”. Then I changed it to “banana”.
 
Meh,

The “three random words” policy from the NCSC advises people not to use words that can be guessed, like your pet’s name.
Click to expand...

in today's time, weak passwords are a vulnerability, but what is being ignored is the vulnerabilities which exists within password/username recovery. I was breached this way, someone established my persona and hacked their way into my personal MS account, but they had help in doing so, not something I am going into now as I have mentioned it previously on these boards.

Anyway, things like 'security questions', tell lies which you will remember. What is your pet's name? Lie. What is your mother's maiden name? Lie. Make sure that your smartphone is in your possession, and when it is not, that it is secured. Email recovery is abused all the time.

Having a strong password, that is but the mere step into protecting your identity or in other cases your identities.

DON'T TRUST 2FA, but use it wherever possible.
 
Everyones-a-Wally said:
Another thing that annoys me are sites that require upper case, lower case, special character, number, blood transfusion and who knows what else... complexity is overrated. Entropy can be scaled without complexity. A simple sentence from your favourite chapter of a novel will suffice... or your favourite quotes... sites that ban spaces are also annoying. Space is a character and should be valid in passwords.
There is significantly more entropy in a single four word sentence from a Spike Milligan poem than in an 8 character password with upper, lower, numeric and special characters.
Click to expand...
 
Pick your favorite word : Banana in 3wa's case
Add your favorite special character : &
Add the first word after the www. for example microsoft
Add your favorite persons birth date together : 2008 + 10 + 01 = 2019
Add your second favorite special character : *
Add a numerator at the end : 01 When it expires increment this
Password for microsft.com Banana&microsoft2019*01

Kaspersky password checker
  • Your password is hack-resistant.
  • Your password does not appear in any databases of leaked passwords
Your password will be bruteforced with an average home computer in approximately...

10000+ centuries

The website name become the public part of the key and the rest is your private part of the key.
You only have to ever remember your private key and it stays the same forever. And you will have a unique password for everywhere you have to sign on.
Plus you will get some serious stares when someone sees you entering a 20 digit password without breaking a sweat.
 
Last edited:
Side note: As much as it’s convenient to use 2FA built into a vault.. I suggest keeping them separate.. all of which is for naught if you do not secure your phone,

One thing that does bother me is this.. doe many years I’ve used my phone as gps device mounted on windscreen..

But in an accident, the phone is in an unlock state.. something I realized lately albeit all important apps require auth again to open but yah. Something to think about.. if you do not use car/android play.
 
Bradley Prior said:
How to create a strong password

The National Cyber Security Centre (NCSC) in the United Kingdom said using three random words is a good way to create a strong, unique password that is easy to remember.
Click to expand...

I really had to check if this was a resurrected thread from a decade ago.

Anyway: three random words and one character replacement, JustInCcse
 
krycor said:
Side note: As much as it’s convenient to use 2FA built into a vault.. I suggest keeping them separate.. all of which is for naught if you do not secure your phone,

One thing that does bother me is this.. doe many years I’ve used my phone as gps device mounted on windscreen..

But in an accident, the phone is in an unlock state.. something I realized lately albeit all important apps require auth again to open but yah. Something to think about.. if you do not use car/android play.
Click to expand...
An OTP sent via SMS isn’t really considered a ‘true’ second factor.
 
krycor said:
One thing that does bother me is this.. doe many years I’ve used my phone as gps device mounted on windscreen..

But in an accident, the phone is in an unlock state.. something I realized lately albeit all important apps require auth again to open but yah. Something to think about.. if you do not use car/android play.
Click to expand...
Old phone, logged in with a secondary gmail account.
 
I got my password a gym membership and I have say password1234 is really seeing some gains
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X