How To Create A Strong Password You Can Remember - DiscussWorldIssues - Socio-Economic Religion and Political Uncensored Debate

**zueqhbyhp** · 03-28-2009, 02:48 AM

Posted Friday March 20, 2009 at 8:45 pm by Scott DiNitto
One time I made a log in account for someone to use on my system. We'll call her Mary. She needed to login in to my system to do some work, and so I created the user name mary with a temporary password mary123. I asked Mary to change it when she got a moment. That moment never came.
A few weeks later I found a slew of un-accounted network activity my system. My system is directly attached to the internet, firewall fully configured, and this made me very concerned. Digging in to the mystery, I discovered a program running that I had not installed or started. It was a network scanner of some sort, and it was trying to log into a
list of systems referencing another list with thousands and thousands of user name/password combinations.
Someone had broke into my system, installed the scanner, at started to attack other systems! I examined the files of this program and found in the user name/password
list:
mary / mary123
The scanner was designed to break in to other machines and replicate itself, and start all over again. And because I had an easily guessed password assigned to Mary, I was compromised.
The example above demonstrates that even your
simple password could be compromised. Yeah, it seems like a big pain in the butt to use fancy strong passwords, but strong passwords don't have to equate to pain. To help avoid the need to pop a Percoset every time you enter a strong password, I have outlined a method to easily create
one you can remember.

Password Best Practices: How To Pick A Password

If you ask a security professional the best way to form a password, you're
going to get all sorts of different answers. But, there are few standard techniques you can use that I'm sure no expert would disagree with.
To demonstrate this effectively, let's start out by choosing a password. Let's use a typical simple weak password, city. Now, let's review a short list of general guidelines to test the strength of this password:

Make sure your password is at least 6 characters long
Make sure your password contains at least 2 non-alphabetical characters, such as 0-9, or two non-alphanumeric characters, such as #, % or &
Make sure your password contains at least one capital letter
Make sure your password is not a dictionary-based word
Make sure your password is not your name followed by 123, e.g. mary123
Don't use your husband's, wife's, or children's names for that matter

As you can see, the password city is not strong. It's under 6 characters long, there are no capital letters or numbers and it's a word found in the dictionary. It seems as though you'd have to start all over again when coming up with a new password. Don't cry yet, there are a few things you can do to strengthen this password.

Phrase The Word

One easy way to both lengthen your password and change it from one found in the dictionary is to phrase it. So, for our password city, we can expand it by adding "at night" to it, cityatnight. This now becomes eleven characters instead of four and is also not found in the dictionary. And, it's easy to remember.

Use l33t speak

Another problem with strengthening our password is how to add those non alphabetic characters and still make it memorable. One way to do this
is to use leet, or l33t speak. That is, to use numbers and other characters that are similar to the regular letters. For example:

A becomes @
C becomes (
E becomes 3
S becomes $
O becomes 0 (zero)
I or 1 becomes !
D becomes |)
And so on...

Basically, replace any character that closely matches the real counterpart. This makes it still readable to you, but not to password
crackers. So, for our password cityatnight, we can l33t it by adding some replacement characters, and perhaps a capital in there as well. This produces the following updated password:
(!ty@n!ghT

03-28-2009, 02:48 AM	#1
zueqhbyhp Join Date Oct 2005 Posts 453 Senior Member	How To Create A Strong Password You Can Remember Posted Friday March 20, 2009 at 8:45 pm by Scott DiNitto One time I made a log in account for someone to use on my system. We'll call her Mary. She needed to login in to my system to do some work, and so I created the user name mary with a temporary password mary123. I asked Mary to change it when she got a moment. That moment never came. A few weeks later I found a slew of un-accounted network activity my system. My system is directly attached to the internet, firewall fully configured, and this made me very concerned. Digging in to the mystery, I discovered a program running that I had not installed or started. It was a network scanner of some sort, and it was trying to log into a list of systems referencing another list with thousands and thousands of user name/password combinations. Someone had broke into my system, installed the scanner, at started to attack other systems! I examined the files of this program and found in the user name/password list: mary / mary123 The scanner was designed to break in to other machines and replicate itself, and start all over again. And because I had an easily guessed password assigned to Mary, I was compromised. The example above demonstrates that even your simple password could be compromised. Yeah, it seems like a big pain in the butt to use fancy strong passwords, but strong passwords don't have to equate to pain. To help avoid the need to pop a Percoset every time you enter a strong password, I have outlined a method to easily create one you can remember. Password Best Practices: How To Pick A Password If you ask a security professional the best way to form a password, you're going to get all sorts of different answers. But, there are few standard techniques you can use that I'm sure no expert would disagree with. To demonstrate this effectively, let's start out by choosing a password. Let's use a typical simple weak password, city. Now, let's review a short list of general guidelines to test the strength of this password: Make sure your password is at least 6 characters long Make sure your password contains at least 2 non-alphabetical characters, such as 0-9, or two non-alphanumeric characters, such as #, % or & Make sure your password contains at least one capital letter Make sure your password is not a dictionary-based word Make sure your password is not your name followed by 123, e.g. mary123 Don't use your husband's, wife's, or children's names for that matter As you can see, the password city is not strong. It's under 6 characters long, there are no capital letters or numbers and it's a word found in the dictionary. It seems as though you'd have to start all over again when coming up with a new password. Don't cry yet, there are a few things you can do to strengthen this password. Phrase The Word One easy way to both lengthen your password and change it from one found in the dictionary is to phrase it. So, for our password city, we can expand it by adding "at night" to it, cityatnight. This now becomes eleven characters instead of four and is also not found in the dictionary. And, it's easy to remember. Use l33t speak Another problem with strengthening our password is how to add those non alphabetic characters and still make it memorable. One way to do this is to use leet, or l33t speak. That is, to use numbers and other characters that are similar to the regular letters. For example: A becomes @ C becomes ( E becomes 3 S becomes $ O becomes 0 (zero) I or 1 becomes ! D becomes \|) And so on... Basically, replace any character that closely matches the real counterpart. This makes it still readable to you, but not to password crackers. So, for our password cityatnight, we can l33t it by adding some replacement characters, and perhaps a capital in there as well. This produces the following updated password: (!ty@n!ghT Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)