How to create a 'super password'

CNN- The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology.

The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.

But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.

http://www.cnn.com/2010/TECH/innovation/08/20/super.passwords/index.html?iref=obnetwork

And that period at the end of your password makes it a tough nut to crack. :)

...an article on how to remember the passwords/pins we already have.

:eyes:

for my debit card. Dude at the bank told me I could go as high as 15 if I wanted.

I couldn't remember anything else. :(

it being real easy for someone to figure out.

OK, say you want to use just the last two numbers of your birth year...

let's use 56

look at the 5 on the keyboard, then go down one row and slightly to the right...next letter is "T". Below that, "G"...below that, "B", then go one full letter to the right after the "B", which is "N".

Then go over to the 6...do the same thing..."Y", "H", "N", and then one full letter to the right is the "M".

Your password would then be: 5TGBN6YHNM


If you do it this way, you only have to remember a two-digit number and then go one row down for each letter and then one more letter to the right. Or even to the left.

It might not be exactly impossible to crack, but it might be annoying enough to cause a thief to look elsewhere. :)

What am I doing wrong? :shrug:

It's like asterisks with the rough edges taken off.

:scared:

Think about it. It's the last one anybody would try.

you need to run a posix ox (linux, os X, other) if you computer has a system32 folder you are wasting your time. It CAN be done is MS but is is more complex and the system is a fatter target.

you should run RSA whole disk encryption. you can create a quick table of your passwords and encrypt it again with off the shelf stuff. Dont let browsers store your passwords.

Use different passwords. etc, there are thousands of things that you can do to make breaking or snooping more difficult but they are to much to list here.

like if you browse from an wireless AP you dont own, pay or find a ssl re director for all web traffic. so nothing leaves your system in clear text.

Passwords are a first line of defense.

Many people are stupid enough to use as their passwords something that they easily identify with, thus if you can learn a little about their personal history, you can make a good estimated guess what the password could be.

Birthday of family or friends or pets?

Name of pets?

Name of high school mascot?

Name of college mascot?

All bad ideas for passwords.



A password I used previously on another site, but not anymore was:

C0rv3773-5umm3r


"Corvette Summer" in leet speek. 15 characters, that is deemed strong, because it uses letters and numbers, capitalization, and nonalphanumeric characters.

Another one I used but not anymore is:

"F4r3w311-2-4rM5" --> "Farewell to Arms", 15 characters.

One that you'll remember like, Three Little Pigs: 3 Li77!3 Pig5

dupe.

The key is to try to combine lower and upper case letters, numbers, and other valid characters into a long password (10+ characters).

Something that can't be cracked by parsing a dictionary, and long enough to make brute force crackers take a sizable amount of time.

Let's say a password of about 10 characters can have 80 possibilities at each character (26 uppercase letters, 26 lowercase letters, 10 numbers, and 18 symbols).

Thus, there are 80 ^ 10 or about 10^19 possible combinations.

A gigantic cluster of 100,000 machines, each attempting 1,000,000 passwords per second, would still need over 3 years (running 24/7) to try every possible 10-character password in my example.

Much, much, more for longer passwords.

To make a good password, you need to know how they are broken.

When breaking a password, various sets of characters are used including:

Every word in the dictionary.
lowercase letters
upper case letters
numbers
special characters (such as !@#$%^)

The more of these you use the harder it gets. And not just a little harder, but much much harder.

The best password uses all of these. such as:

democratQ!1

Easy to remember, 11 characters and has something from every character set.

So take a word add a cap a number and a special character, and your golden.

Shouldn't a site limit the amount of bad attempts?

Like what happened several years ago.

Then they download that database, and try to crack as many passwords as they can on their cluster of machines, without logging into a site thousands of times.

Is that a good password? That one was so damn complicated and used as the password for an encrypted PGP key pair. I had to stop using it since I could never remember that password.