1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Tips For Strong Password

Discussion in 'Other Discussions' started by Peter Kendrick, Feb 15, 2019.

  1. Peter Kendrick

    Peter Kendrick Occasional Visitor

    Joined:
    May 29, 2017
    Messages:
    12
  2. dropdown

    dropdown Occasional Visitor

    Joined:
    Apr 21, 2016
    Messages:
    15
    Location:
    UAE
    Used my mobile number as password! Also, 50% of whom I know using their phone number as their passwords. Common passwords also: 123456, qwerty, asdfghjk. One of my failed passwords was [email protected]#QWE! It was a disaster.

    The short and best way is to use a password manager.
    If you want to make your own and come up with a good password in my opinion you should 1- Make it very easy to remember (it's very important to use numbers and words that's very easy to you). 2- Combine/mix things up. Here is the idea:
    >Use three words that come to your mind, and you always remember them.
    >Choose a well-known number to you.
    >Choose one of the symbols that you like. Make sure that it's easy to reach on moboile keyboards (If you use smartphones a lot)
    >Mix them in a pattern you desire.
    Example:
    >"great", "madness", "roll"
    >1982
    >!
    > madrollthe19!!AndmakeItGreat1982!!! (repeat it like 100 times on keyboard to memorize it pretty well)
    MADrollthe19!! (this is a short one)
    FACEMADrollthe19!!BOOK (this is for Facebook)
    GMAILAndmakeItGreat1982!!! (For Gmail)
    madSNBrollthe19!!forums (for SNBForums)
    ... and so on.

    You can make your own combine/mix rules. I come up with this idea from:

     
  3. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    7,457
    A strong password contains upper/lower case letters with numbers (I don't like special characters as some logins don't allow them).

    Of course, my passwords relate to my past; the difference is that its the parts of my past that nobody knows about and I don't talk about. And its what helps me remember them too.

    When you get to about 20 characters for a password; you're safe.

    Btw, password managers are the worst ideas I have ever seen.
     
  4. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,753
    Test your password at this site to see how long it will take to crack it.

    Not every device will take 20 characters. Asus routers are limited to 15 or 16 chracters.

    https://www.grc.com/haystack.htm
     
    L&LD likes this.
  5. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    7,457
    (NOTHING you do here ever leaves your browser. What happens here, stays here.)
    [​IMG] 2 Uppercase
    [​IMG] 5 Lowercase
    [​IMG] 8 Digits
    [​IMG] No Symbols
    15 Characters

    Time Required to Exhaustively Search this Password's Space:
    Online Attack Scenario:
    (Assuming one thousand guesses per second) 2.48 hundred trillion centuries
    Offline Fast Attack Scenario:
    (Assuming one hundred billion guesses per second) 2.48 million centuries
    Massive Cracking Array Scenario:
    (Assuming one hundred trillion guesses per second) 2.48 thousand centuries


    Yup! Safe. With only 15 characters. :D
     
    Dave Parker likes this.
  6. umarmung

    umarmung Senior Member

    Joined:
    Apr 21, 2018
    Messages:
    230
    Humans suck at making passwords. Period.

    1. Use a password manager, especially if open source and not web-based. There are different options depending on features. The most well-known and reputable are Keepass and 1Password.
    2. Use a different password for every single site and different usage.
    3. Use as long a password as is permissible on a platform. Lengths of 20+ are great. Anything less than 13 alpha-numeric characters is not.

    One of the main benefits of password managers is that you never need to remember or type out anything other than how to access the password manager's database. On some platforms you can even do the latter with biometrics, e.g. a fingerprint (though that should not be the only means of access). You can just copy and paste passwords or have them auto-filled.

    For anything you actually need to remember, e.g. for the password manager itself or encryption keys, you can use a passphrase instead. The most widely accepted secure method is Diceware and minor variations such as that recommended by the Electronic Frontier Foundation (EFF). These choose words randomly from a list. Enough words and you have the security equivalent to a randomly generated password due to the sheer number of random word combinations, except its much more memorable.
     
  7. evh909

    evh909 Regular Contributor

    Joined:
    Sep 9, 2015
    Messages:
    62
  8. Klueless

    Klueless Very Senior Member

    Joined:
    Jan 1, 2016
    Messages:
    568
    Location:
    Rochester, NY
    I was ok with the link as a useful reminder until their closing line;

    “When your accounts are “Hacked” due to “short simple and pretty easy to crack Passwords”, only you are to blame.”

    Of course we should try to protect ourselves but, ultimately, all the blame goes to the crook/criminal/perpetrator!
     
    L&LD likes this.
  9. Dave Parker

    Dave Parker Regular Contributor

    Joined:
    Apr 22, 2015
    Messages:
    180
    Location:
    Marmaduke Ar.
    I know one password, the one that I log into my computer with. For everything else I use a random password generator and store these in a notepad file on a usb flash drive and then copy and paste when I log into any website that I visit whether it's Amazon, eBay, or any financial website. Also use two-factor Authentication where it's available. And change your important ones regularly. Every month would be good. And yes I do have more than one backup and they are up to date. I know it's a lot of trouble but so is someone draining your bank account.
     
  10. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    7,457
    All the methods discussed above (not picking on anyone here...), from password managers, USB drives with notepad files on them to random password generators have huge flaws in their design and implementation.

    The safest passwords are the longest you can remember yourself. Anything else is simply believing that a different system can do it better than us. And when a different system, person or entity is doing it for us; there is the biggest 'security' flaw right there. Even if today we feel safe using such snake-oil solutions.
     
  11. Dave Parker

    Dave Parker Regular Contributor

    Joined:
    Apr 22, 2015
    Messages:
    180
    Location:
    Marmaduke Ar.
    But L&LD, I'm 70 plus years old. I can't remember what I had for lunch yesterday and I gave up on Lastpass a long time ago. And no offense taken.
     
    sfx2000 and L&LD like this.
  12. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    7,457
    And I will be there too shortly!

    But the logic of password 'keepers' doesn't make much sense to me. Never used them. Never will. I too have my passwords written down and in a safety deposit box, but that isn't for me...
     
  13. Dave Parker

    Dave Parker Regular Contributor

    Joined:
    Apr 22, 2015
    Messages:
    180
    Location:
    Marmaduke Ar.
    Well at least we keep them in a safe place. My kids know how to access them for WHEN I get to the point I can't take care of my own business.
     
    L&LD likes this.
  14. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    29,276
    Location:
    Canada
    My password manager currently contains 714 entries. Memorizing is not an option.

    The only memorizable passwords are the older ones, and those I have to manually enter on a nearly daily basis - and these are highly randomized strings that I memorized following keyboard patterns (and other tricks). My SSH key passphrase for example is a long sentence that I memorized. Everything else is randomly generated.

    I also recommend that service: https://haveibeenpwned.com/ . It's run by a Microsoft engineer, and it helps you getting warned when your email address is making the rounds on a new stolen password list.

    Password managers are fine, as long you chose a good one, and you learn how to use it properly. The one I use allows me to sync passwords between multiple devices without relying on the cloud, and it has a feature that clears the clipboard once you exit it (in case you did a copy/paste of a password).
     
    CaptainSTX, Dave Parker and L&LD like this.
  15. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    Do you mind sharing what password manager do you use?


    Sent from my iPhone using Tapatalk
     
  16. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    29,276
    Location:
    Canada
    I use SplashID (with the cloud functionality disabled, so I sync over Wifi).

    Been using it since back in my Palm 3E days.
     
    L&LD likes this.
  17. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    Thank you!


    Sent from my iPhone using Tapatalk
     
  18. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    7,457
    I had a look at SplashID and while the layout seems great, the free version is very limited (to one device).

    Having a look around KeePass seems to be the best version of this software type for a long time now. Any thoughts or comments for or against?
     
  19. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,753
    Splash ID has always worked for me since I first installed it on a Palm device. I run it on multiple devices and I think I paid a one time life time license fee of $19.95.

    Some of the versions have worked better than others depending on the device but it gets the job done. Currently have about 350 passwords, combinations, serial numbers, etc. stored on the app.
     
    L&LD likes this.
  20. Dave Parker

    Dave Parker Regular Contributor

    Joined:
    Apr 22, 2015
    Messages:
    180
    Location:
    Marmaduke Ar.
    I checked the website and the Pro version is currently $19.99 a year for unlimited devices. I'm looking at this, 1Password, and KeePass.