How To Create A Strong Password You Can Remember

[SIZE=3]Posted Friday March 20, 2009 at 8:45 pm by [/SIZE][SIZE=3]Scott DiNitto[/SIZE]
[SIZE=3]One time I made a log in account for someone to use on my system. We’ll call her Mary. She needed to login in to my system to do some work, and so I created the user name mary with a temporary password mary123. I asked Mary to change it when she got a moment. That moment never came.[/SIZE]
[SIZE=3]A few weeks later I found a slew of un-accounted network activity my system. My system is directly attached to the internet, firewall fully configured, and this made me very concerned. Digging in to the mystery, I discovered a program running that I had not installed or started. It was a network scanner of some sort, and it was trying to log into a
list of systems referencing another list with thousands and thousands of user name/password combinations.[/SIZE]
[SIZE=3]Someone had broke into my system, installed the scanner, at started to attack other systems! I examined the files of this program and found in the user name/password
[SIZE=3] mary / mary123[/SIZE]
[SIZE=3]The scanner was designed to break in to other machines and replicate itself, and start all over again. And because I had an easily guessed password assigned to Mary, I was compromised.[/SIZE]
[SIZE=3]The example above demonstrates that even your
simple password could be compromised. Yeah, it seems like a big pain in the butt to use fancy strong passwords, but strong passwords don’t have to equate to pain. To help avoid the need to pop a Percoset every time you enter a strong password, I have outlined a method to easily create
one you can remember.[/SIZE]
[SIZE=3]Password Best Practices: How To Pick A Password[/SIZE]

[SIZE=3]If you ask a security professional the best way to form a password, you’re
going to get all sorts of different answers. But, there are few standard techniques you can use that I’m sure no expert would disagree with.[/SIZE]
[SIZE=3]To demonstrate this effectively, let’s start out by choosing a password. Let’s use a typical simple weak password, city. Now, let’s review a short list of general guidelines to test the strength of this password:[/SIZE]
[][SIZE=3]Make sure your password is at least 6 characters long[/SIZE]
][SIZE=3]Make sure your password contains at least 2 non-alphabetical characters, such as 0-9, or two non-alphanumeric characters, such as #, % or &[/SIZE]
[][SIZE=3]Make sure your password contains at least one capital letter[/SIZE]
][SIZE=3]Make sure your password is not a dictionary-based word[/SIZE]
[][SIZE=3]Make sure your password is not your name followed by 123, e.g. mary123[/SIZE]
][SIZE=3]Don’t use your husband’s, wife’s, or children’s names for that matter[/SIZE][SIZE=3][/SIZE]
[/LIST][SIZE=3]As you can see, the password city is not strong. It’s under 6 characters long, there are no capital letters or numbers and it’s a word found in the dictionary. It seems as though you’d have to start all over again when coming up with a new password. Don’t cry yet, there are a few things you can do to strengthen this password.[/SIZE]
[SIZE=3]Phrase The Word[/SIZE]

[SIZE=3]One easy way to both lengthen your password and change it from one found in the dictionary is to phrase it. So, for our password city, we can expand it by adding “at night” to it, cityatnight. This now becomes eleven characters instead of four and is also not found in the dictionary. And, it’s easy to remember.[/SIZE]
[SIZE=3]Use l33t speak[/SIZE]

[SIZE=3]Another problem with strengthening our password is how to add those non alphabetic characters and still make it memorable. One way to do this
is to use leet, or l33t speak. That is, to use numbers and other characters that are similar to the regular letters. For example:[/SIZE]
[][SIZE=3]A becomes @[/SIZE]
][SIZE=3]C becomes ([/SIZE]
[][SIZE=3]E becomes 3[/SIZE]
][SIZE=3]S becomes $[/SIZE]
[][SIZE=3]O becomes 0 (zero)[/SIZE]
][SIZE=3]I or 1 becomes ![/SIZE]
[][SIZE=3]D becomes |)[/SIZE]
][SIZE=3]And so on…[/SIZE][SIZE=3][/SIZE]
[/LIST][SIZE=3]Basically, replace any character that closely matches the real counterpart. This makes it still readable to you, but not to password
crackers. So, for our password cityatnight, we can l33t it by adding some replacement characters, and perhaps a capital in there as well. This produces the following updated password:[/SIZE]

Good ideas :thumbup

One of your better cut and craps :smiley:


or was I :eek :ninja :smiley:

Wont deny the cut and craps cuz need the tokenz for the arcade

So that is the reason :cool

I wonder if you loose them for negative reps. :24:

You that addicted to the games eh? :smiley:

[quote=“Alien Allen, post: 1077105”]So that is the reason :cool

I wonder if you loose them for negative reps. :24:

You that addicted to the games eh? :D[/quote]
Not really addicted, most of the games involves some thinking and some element of luck - so it kinda exercises your brains

sometimes, do create new password, I take a sentence, and I take the first letter of words to do the password

Hello, my name is Edouard => Hmni3

it’s jsute a litte example :wink:

my password are at least 10 characters long (but some websites want password at most 6characters :confused: …)

PS : my name isn’t edouard, it’s just to have a ‘E’

Thats good idea