Password Strength

[Ennis]

Just some help concerning password strength.

Example Password= johndoe
Weaknesses- Single case letters, No spaces, No numerals, weak
against simple shifting algorythmic force.

Example Password= Johndoe
Weaknesses- No spaces, No numerals, slightly stronger against
simple shifting algorythmic force.
Example Password= Johndoe198
Weaknesses- No spaces, much stronger against
algorythmic force.

Example Password= John Doe 292373
Strengths- Multiple casing, Multiple spaces, Many numerals,
Long character length, very strong against brute force.

Example Password= Jodoe Hn 3443john
Strengths- Multiple Casing, Multiple spaces, Many numerals,
Very long character length, ultimately strong against
brute forcing.

Example Password= 23nknoOJNih23ni2
Strengths- Multiple everything, strange combinations, Best password
combination I can find to fight against

[MrLinus]

If I may add a little more to that. Just for random trivia-ness, a password of 4 digits equals 10,000 combinations. A password of 6 characters (mix of digits, alphabetical and special) results in 16 million plus combinations.

So you can see where Ennis' post, if you created a password similar to the last one the potential combinations are truly huge.

The question remains: how to remember your password without using the magic sticky note.


One way to help is what I call a phrase password. For example:

2Br!=2bEt@Z?

(aka "To be or not to be, that is the question")

That can be one way to remember your password(s).

Just my 0.0033 cents worth (damn exchanges rate!)

[Terr]

Originally posted by Ennis
algorythmic force

How musical!

I would also add that if you use a password on an NT box, due to LanMan hashes, etc. (See L0phtcrack for more info) you should not use a password that has similar parts between the first 7 digits and the last 7, because they can break these sections individually, so if one of those two sections is really easy to break, it can provide a clue to what the other section is. Here are some not-quite-right-but-close examples. Pretend you are the attacker and you have found half of it independently of the other part. Guess the missing part.

Iamso----
NeverGuess----
---SucksAsAnISP

Answers:
Cool
This
AOL

Those weren't great examples, and don't fulfill the right numbers of digits, etc, but I thought it was worth mentioning.

[dfgt5]

alright..this is the best way i figured to create passwords that are "unpossible" to crack. basically, you use a keyboard pattern, (not like "qwerty") but more along the lines of 0p9ol8ik. do you see the pattern? no? i thought so. here's the secret:

1234567(8)(9)(0)
qwertyui(o)(p)
asdfghjk(l)
zxcvbnm

now look at it on your keyboard. isn't it kewl? easy to remember, yet impossibly hard to decipher.

if you found this post helpful, please send some positive antipoints my way. thank you.

[Dugganm]

Never mind!

[K-Line]

dfgt5, that is a truly excellent way to create a decent password. However, it is not too good if you've got someone "shoulder surfing", watching what you type.

I found this out, because even my girlfriend could see what my password was after a few hours.

Just turn the lights off!

K-Line

[UberC0der]

I would just add to this that:

Some OS's / applications truncate all characters after char=x, example, in some versions of SAP all characters after 6 are ignored.
So be sure and know this as a password such as jOh N d_03 15 133t ,is rendered much less effective as jOh N (there is a space after N) by any OS/application that truncates passwords to 6 characters in this example.

Special characters are sometimes not an option which rules out #,$,@,*,&,^, you get the idea. But by all means use them when available.

Similar to my example above, (and those given by others) an easy way to remember a complex and strong password is to make it a badly spelled phrase:


4 T 93rz r_tHE B0 mb

,may not be the absolute coolest password ever, but is satisfies many of the strong password characteristics mentioned above.

Change passwords relatively often (90 days?), and don't use any of the same 3 characters together in your next password. In fact try to use no characters from your first password in your next one.

Great post!!