Password complexity

viper2110

viper2110

Well-Known Member
Joined
Apr 24, 2007
Messages
207
Reaction score
12
What is a good password?

I read that a good password needs to contain a variety of letters, numbers, special characters and not contain dictionary words.

As I understand it when you try to crack a password it will only tell you if the password is correct or not. Not like in the movies where it can tell you that the first and third letters are correct and it is still busy trying to get the other letters.

A good password for example be something like qWEr234^%$d - 11 characters

But wouldn’t a better password be something like a sentence. i.e. “Today is the 3rd day of the week” - 32 characters

Even thou the above password use words found in a dictionary it are still seen as a long password.
 
Alpha numeric plus take a sentence and use perhaps the first or last letters of every word in that sentence
 
There is something for having a very long password as each additional character increases the amount of processing power to crack. So a very long password in the form of a sentence would be 'stronger' than a shorter more complex password.
 
There's a few things that make up a secure password:

1) things that aren't silly, ie
12345 (or such sequences)
abcde (or such sequences)
querty (or such sequences)
Click to expand...

2) A variety of types of characters
1aW#%
Click to expand...

3) Using #2, length is important.
Now the trick is, if your password is 45 characters long, all you need is something like this:
!@#dE4f........................................................ (however many chars this is)
Click to expand...
because if you tell a hacker you're using uppercase, lowercase, numbers, special chars, and the length is 45, he's stuffed. Padding is an acceptable way of increasing password strength without sacrificing complexity, because only you know that you're padding the password, and with what. You can pad it with letters, numbers, etc etc etc.

Now something that is often recommended, especially for those having a hard time to remember passwords, is to do this:
1)
I love fluffy pink animals in silly blue suits
Click to expand...
You can either keep it as above, or you can take it further and add special characters that have some arbitrary meaning (but no relevance to you). Obviously this does not work with all the password requirements because of uppercase/number/specialchar requirements.

And finally, something also to be avoided, is character replacement:
i with 1
o with 0
a with @
Click to expand...
These are added into dictionary crackers so it's useless.
 
Last edited:
I use the same password for everything. I find it's secure and hard to guess: 12bucklemyshoes :")
 
Go look at this site, will give you a good idea of what a good password is. Length is key. Many select short ones in order to remember them but you need not do this. You can get a standard string of characters and just add them onto an easy password. Remember, when somebody tries to break it they have no idea on firstly the characters used and secondly on the length.

You can increase the strength of the password exponentially by just adding a single character...

https://www.grc.com/haystack.htm
 
Anonymous™ said:
I use the same password for everything. I find it's secure and hard to guess: 12bucklemyshoes :")
Click to expand...

A suggestion, add some kind of variable for example use the fist three characters of the site or place the password is for and then add your standard password onto that.

So for example: Say your password is 'MySecretPassword' then for MyBroadband site use MyB...MySecretPassword

In that way you still have your easy to remember standard part but with an additional 6 characters added on and its still easy to remember. Each password is thus unique in its own way.
 
Anonymous™ said:
I use the same password for everything.
Click to expand...
I have a 33 digit password that I use for just about everything. Some sites won't let you make a password longer than a certain length so for those I use the first and last parts of my password.
 
Here is a useful site: http://strongpasswordgenerator.com/

I would say anything 8 chars upwards with letters, numbers, uppercase, lowercase and special characters would be considered strong. In saying that nothing like 12345 or abcd or actual words.

Like what was mentioned here replacing an "a" with a "4" or "e" with a "3" etc.

Hope you got some clarity here.
 
I crack hashes for fun. Using my two Radeon 6970 GPU's and worlists of 75GB. Here is the truth.an md5 hash 10 Character password takes me 21 Days. This includes special, alfa and numeric. Make it 14 chars and we are talking months to years. The biggets problem is people tend to start passwords with alphabetical char 9/10 times. So -1 char for that.

Go have a look at hashcat or john the ripper. I am not even talking about the 2TB rainbow tables that has 99% success on 12 chars.

14 Chars. Up lower, numeric and special is where you need to start. Dont be stupid and use alfa up and lower with numeric only. Also 33 digit password i can crack with ease.
 
eCliPSe said:
I crack hashes for fun. Using my two Radeon 6970 GPU's and worlists of 75GB. Here is the truth.an md5 hash 10 Character password takes me 21 Days. This includes special, alfa and numeric. Make it 14 chars and we are talking months to years. The biggets problem is people tend to start passwords with alphabetical char 9/10 times. So -1 char for that.

Go have a look at hashcat or john the ripper. I am not even talking about the 2TB rainbow tables that has 99% success on 12 chars.

14 Chars. Up lower, numeric and special is where you need to start. Dont be stupid and use alfa up and lower with numeric only. Also 33 digit password i can crack with ease.
Click to expand...

Fun fact about md5 hashes.... they're not unique... close, but no cigar :D
 
An edit to my post:
md5 isn't used 24/7 either. sha, double md5's, etc etc...
 
The point is, if you have that much time to wait for some guys password to be hacked someone will have picked it up by then.
Try doing rainbow tables against a bank login and see what happens.

Aint nobody got time fo that!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X