Jump to content


Some Strong Password Creation Techniques


  • Please log in to reply
5 replies to this topic

Poll: Length of Your Passwords

How Many Characters

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#1 OFFLINE   RandomBox

RandomBox

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 641 posts

Posted 04 February 2007 - 08:42 PM

The old days of creating passwords that were around eight characters have become antiquated and very easy to crack by brute force.How to Create Strong PasswordsPhonetic Language-based Password TechniqueMaybe even ebonics type words maybe used for creating passwords.The idea is to prevent any type of dictionary-based attacks which may resolve your passwords.Egzamplz:* Ay luv fonetiks (or iz dat fonetix?).  * U si how it worx? * Itz qwyte ah smpl teknik yet efektiv enuf.The only problem maybe the fact that if you don't know any type of phonetic languages, you can end up outsmarting yourself with this ploy.Multi-Word TechniqueAnother effectice technique for increasing the strength of your passwords is to simply create passwords based on concatenated words. This technique may also be referred to as a "Pass Phrase"with a slight variation. The idea is to select coming up with more than two words that have no grammatical relationship to one another, but the selected words have something other in common. The concept stems around chosing more than 2 words that are related/similar enough enough that only you can figure out the relationship but others cannot.  Even if your best friend who knows you well enough can establish one of the words; it would still be impossible for them to deduce the remaining words.The association of these words you pick is to provide randomness but enough to be predictable.  It would also help if you put in some numbers and capital (and maybe even some punctuation marks or other variants (if allowed)) to make the password very strong.  Cheezy way to do so would be to pick more than two synonyms/homonyms/antonyms, or more than 2 words that rhyme, or more than 2 words that have the same prefix. The concept of the Multi-Word technique is to provide enough randomness that it becomes (nearly) impossible to predict. Here are some cheezy examples of the Multi-Word technique: * 11 raven heaven * Making, Wedding, Ring* Stupid-Void-Humanoid* 1Dessert2Desert3Obsurd * ShoeSheenShingle

Quote

...Our minds remember bits, or chunks of information. This pattern lets you easily create passwords of 20 or more characters. Despite that, all your brain has to do is remember a few bits of information—the three words you selected. The key to this particular technique is to have one common element in each word to help you remember the password and to assist you in thinking of unique words beyond things personal or in your environment. By choosing words related to each other in different ways, it forces you to be more creative. There are many ways to connect words beyond meaning alone...
Technique Based on {fake) E-Mail AddressesWhen you get good enough with this technique; others maybe surprised when they notice that you just banged on the keyboard with too many key strokes.  They may even want to know how it is that you remember such passwords. It’s quite simple (yet effective): Our daily lives have trained our brains to readily learn certain patterns matching techniques, so that we construct special passwords to mimic those patterns. Such constructs make for some very strong passwords. Thus, we can create techniques such as the fake e-mail address ploy. Especially since this method contains so many of the elements of a strong password.Here is the inner workings of this technique: Initially, think of a name of anything, fake or real. Then think of a symbolic, meaningful, funny, or ironic phrase related to that name you thought of.Finally, put those together, add a dot-com (or other extension), and you have a fake e-mail address password. Here is the procedure:1.  * Pick a name: ScotFinney* Choose a related phrase: Newsletter* Result: ScotFinney@newsletter.com2. *Pick a name: Chavez* Choose a related phrase: Tyrant* Result: Chavez@tyrant.gov3. * Pick a name: Holly* Choose related phrase: Wood MoviesResult: 23holly@wood-movies.tvSuch passwords constructs are very effective because by adding a few punctuation marks and you can increase the length of your passwords without making them any harder to remember.Such patterns are particularly flexible and the combinations are almost infinite.Here are some additional examples that illustrate variants of this pattern creation technique:* Chocolate-Lovers@fatcity.com* DixieChicks@uglysticks.com* super-bowl@Colts-Bears.net* readme@textfile.orgPassword Technique Based on hyperlinksSimilar to the e-mail address password construct, but using an url password.All of us are required to remember many website addresses (if we did not know the existence ob Favorites/Bookmarks)>> So, why not take advantage of your memory map of url patterns and model your passwords accordingly? Here are some examples:* www.givemecontributions.org* www.whatisthatsmell.net* ftp.gonefishing.edu* www.punk.make.my.day.com---------------------------------------------------------Originally, I borrowed these ideas (wink.gif) from a book by Mark Burnett (and Dave Kleiman)"Perfect Passwords: Selection, Protection, Authentication" (Syngress Publishing) ISBN-13:9781597490412 (ISBN-10:1597490415)About a month ago, I attempted to contact the authors for permission to extract some of the Chapter8 discussions for this board.  I never received a reply from them (Yay or Nay)!  Thus I was forced to flavor this post with some of my own ideas for the benefit of other forum members.Oh yes!  Don 't try to figure out how I devise my own passwords; as none of mine are based on such simple techniques... they are a combinational techniqe and you don't have a need to know!I urge you to please feel free to provide other password creation techniques, which may benefit all of us for their generation.You may also wish to view this post for encrypting passwords (*from November 2004). :hysterical:

#2 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,872 posts

Posted 26 February 2007 - 11:14 PM

hi, randombox!  couldn't let all this work go un-noticed :thumbsup: :thumbsup:i once told some of my users that with the advent of windows 2000, they could now create 256 character passwords... i think one of them fainted! B)
Posted Image

#3 OFFLINE   dryhumor

dryhumor

    Contributor

  • Members
  • PipPip
  • 29 posts

Posted 17 March 2007 - 11:46 PM

These sites have helped me create, and learn about, passwords.Password Generators - Online: Perfect Passwords - Gibson Research https://www.grc.com/passwords.htmPC Tools Password Generator http://www.pctools.c...uides/password/ Password Creation Information: Langa Letter: How To Build Better Passwords http://www.informati...cleID=164303537 Password Cracking - McMaster University http://www.mcmaster....ordcracking.htm Password Recovery Speeds - Lockdown http://www.lockdown....ombi&s=articles

Edited by dryhumor, 18 March 2007 - 12:34 AM.


#4 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,872 posts

Posted 19 March 2007 - 06:18 PM

also a nice list!
Posted Image

#5 OFFLINE   Gary

Gary

    Forum Fiend

  • No Longer a Member
  • PipPipPipPipPipPipPipPipPip
  • 1,831 posts

Posted 19 March 2007 - 09:24 PM

Firefox has a pretty good password extension called Password Hasher.https://addons.mozil...g/firefox/3282/

#6 OFFLINE   redmaledeer

redmaledeer

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 356 posts

Posted 20 March 2007 - 01:21 AM

There is a password generation technique I like.   I suspect that much better passwords can be generated by other methods.   But the simplicity of this technique means that it is likely to be used,  where a more arduous method might not be.    Instead of remembering one complex password,  the technique uses one easily-remembered password plus one easily-remembered algorithm for transforming that password.    For example,  if your name is John,  that would not be a good password.   But if the algorithm is to advance each letter by one,  the password would become Kpio.     Another easy algorithm (which is left as an exercise for the reader) would transform John into Kqkr.    You want to change your password every month?   The first month's password would be Kpio,  as above;   second month (advance by two) Lqjp;  third month (advance by three) Mrkq;  and so on.    The above examples would not provide much security,  but I have only scratched the surface of easily-remembered passwords and algorithms.    The technique is  not original with me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users