Creating strong password. - page 3. | Bitcointalksearch.org

erikoy

full member

Activity: 686

Merit: 125

Quote from: Korkorjkk on October 20, 2018, 06:01:23 AM

This is a great information, thanks for sharing. I think I want to add something small to it, that do not use one password for different accounts, and you can have a small notebook in which you can write the passwords in them.

Yes, we have all initiative and it is also a common sense when it comes to keeping safe of the password we use for an account. I have different way of keeping my password too. I wrote it in the word and save as a document and zip it in a folder. I have also to copy the document in a removable storage device for a back up of my password. Thus, I have to keep it discrete for it has a lot of password that includes private key for all of my digital wallets.

Quote from: cleygaux on October 18, 2018, 10:55:09 AM

Does it mean "LooksStrong" password can be cracked for 59 years? really? I used some really good password generator before and it can actually generate thousands of passwords in an hour but unfortunately Im not successful using it because I only test it in a very strong password characters with special characters and numbers.

No, not really it is just a reference for you on how to create a password and how many years it could be cracked. But, it doesn't mean that the password could only be cracked on 59 years for there could be chances that it will be cracked less than 59 years. My post only specified how difficult password could be cracked using special characters and uppercase letters password.

Korkorjkk

member

Activity: 546

Merit: 11

This is a great information, thanks for sharing. I think I want to add something small to it, that do not use one password for different accounts, and you can have a small notebook in which you can write the passwords in them.

VolkoB

member

Activity: 298

Merit: 11

Be happy =)

And so if we use a password with 12 characters (including case, numbers, and 1-2 special characters) such a password cannot be decoded, at least brute. There are many more intelligent ways to steal a password from a victim. Therefore, be safe and do not use the same password everywhere

guybrushthreepwood

legendary

Activity: 1232

Merit: 1195

Quote from: cleygaux on October 18, 2018, 10:55:09 AM

Does it mean "LooksStrong" password can be cracked for 59 years? really? I used some really good password generator before and it can actually generate thousands of passwords in an hour but unfortunately Im not successful using it because I only test it in a very strong password characters with special characters and numbers.

A password generator is not a cracking tool. I wouldn't rely on that image and using something as simple as LooksStrong as a password either and it's better to be safe than sorry. Passwords should be much stronger and longer than that but they don't need to be ridiculously so, especially if you run the risk of forgetting it which is another security risk arguably even a bigger one than hackers.

Quote from: pooya87 on October 19, 2018, 01:27:06 AM

Quote from: hugeblack on October 18, 2018, 03:27:06 AM

One of the most critical problems, in my opinion, is the difficulty of generating those words from the ordinary user where it is difficult for the user to remember passwords such as "fw5J||59TanCRys."

it will come down to the purpose of that password in my opinion. for example password of an Email account is not of the same importance as password for the encryption of a key printed on a paper wallet. the first one can simply be "myHard@MailPass69:)" but the second one should be harder since you would need to enter the first one multiple times and losing an Email is not important most of the times but you only want the second password once so it can be "s2ujkCb27$6hdb@7bn5+Dpc3*9dm"!

Nobody is going to be able to bruteforce a gmail password so that doesn't need to be ridiculously strong, but obviously don't use something simple. Email providers normally usually have 2fa options as well so make sure you utilize them for an extra layer.

pooya87

legendary

Activity: 3444

Merit: 10558

Quote from: hugeblack on October 18, 2018, 03:27:06 AM

One of the most critical problems, in my opinion, is the difficulty of generating those words from the ordinary user where it is difficult for the user to remember passwords such as "fw5J||59TanCRys."

it will come down to the purpose of that password in my opinion. for example password of an Email account is not of the same importance as password for the encryption of a key printed on a paper wallet. the first one can simply be "myHard@MailPass69:)" but the second one should be harder since you would need to enter the first one multiple times and losing an Email is not important most of the times but you only want the second password once so it can be "s2ujkCb27$6hdb@7bn5+Dpc3*9dm"!

there is also password managers that are safe to use, and some open source, that can handle generation and storage of strong passwords which you can use in a safe manner.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: TryNinja on October 18, 2018, 11:51:33 AM

Damn. I thought the mainstream browsers (at least Chrome and Firefox) had fixed this issue already. The best solution at this point is bookmark each website and use an extension with an anti-phishing system like EAL or Metamask to make sure you’re in the right website.

Yes, it is the best solution. My firefox browser had lots of bookmarked websites wether old topics or new ones that is helpful even until now.

Quote from: ?? on ??

For me , a strong password is enough long with number, and special characters that hacker can not access to our account

Refer to Ognasty's suggestion or refer to op's infographic, however it's up to you on what password you would like for example:
1P4a3S5sW1o4r3D5* looks hard enough to where I got that sample password but it's a word Password and numbers 1 4 3 5 and special characters just like Ognasty's suggestion or the Op's infographic. I think you only read the title which is all about creating a strong password, good luck with that mate.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: mk4 on October 18, 2018, 11:29:05 AM

At this point I wouldn't even trust looking at the address bar. It's a lot safer to type it in yourself(or via a browser bookmark). There was this Binance phishing site in the past with the url: biṇaṇce.com. Yes. Take a look at it a bit closer. biṇaṇce.com. There's a dot under both n's. That's tricky as hell.

Damn. I thought the mainstream browsers (at least Chrome and Firefox) had fixed this issue already. The best solution at this point is bookmark each website and use an extension with an anti-phishing system like EAL or Metamask to make sure you’re in the right website.

mk4

legendary

Activity: 2716

Merit: 3817

Paldo.io 🤖

Quote from: TryNinja on October 18, 2018, 10:36:06 AM

Quote from: erikoy on October 18, 2018, 10:08:36 AM

Take note that legit and secure website read like this (https:) and not secured website has only like read like this (http:) without letter s. This is the only thing I know about secured or legit website and not secured website. I guess there are many good members here that could explain further on your posts. You may create also a thread for this for the newbies. This is very important for the awareness of the new comers here. This will let them avoid scam and phishing activities.

This has nothing to do with a "legit" website. Anyone can get a free SSL certificate in 2 minutes (literally) and then have HTTPS in their website.

You shouldn't be looking at the text before the domain but at the domain itself. E.g: If you are on Binance, double check if it's binance.com and not binaence.com or binance.tk; Most phishing websites try to take advantage of the user who type the wrong domain or click at the unknown email with the fake website.

At this point I wouldn't even trust looking at the address bar. It's a lot safer to type it in yourself(or via a browser bookmark). There was this Binance phishing site in the past with the url: biṇaṇce.com. Yes. Take a look at it a bit closer. biṇaṇce.com. There's a dot under both n's. That's tricky as hell.

GDragon

full member

Activity: 658

Merit: 126

I think some of us aware of this thing today because as you see in every application, they required a strong password to pass the registration of accounts. In fact, there are only few application didn't care on what combination you will put.

cleygaux

sr. member

Activity: 656

Merit: 250

Does it mean "LooksStrong" password can be cracked for 59 years? really? I used some really good password generator before and it can actually generate thousands of passwords in an hour but unfortunately Im not successful using it because I only test it in a very strong password characters with special characters and numbers.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: erikoy on October 18, 2018, 10:08:36 AM

Take note that legit and secure website read like this (https:) and not secured website has only like read like this (http:) without letter s. This is the only thing I know about secured or legit website and not secured website. I guess there are many good members here that could explain further on your posts. You may create also a thread for this for the newbies. This is very important for the awareness of the new comers here. This will let them avoid scam and phishing activities.

This has nothing to do with a "legit" website. Anyone can get a free SSL certificate in 2 minutes (literally) and then have HTTPS in their website.

You shouldn't be looking at the text before the domain but at the domain itself. E.g: If you are on Binance, double check if it's binance.com and not binaence.com or binance.tk; Most phishing websites try to take advantage of the user who type the wrong domain or click at the unknown email with the fake website.

erikoy

full member

Activity: 686

Merit: 125

Quote from: Yadstiker on October 18, 2018, 09:18:09 AM

A great idea of yours sharing this kind of information for all to get aware and have an idea by choosing a good password but we should also consider it's still possible to get scammed when you open too many sites which has too many adds and maybe if you don't know it's a fishing site until you can't open your account.

Definitely but that is a different story, I agree that those hacking sites could phished one out just by letting you logging in a fake website or application that looks like real.

Take note that legit and secure website read like this (https:) and not secured website has only like read like this (http:) without letter s. This is the only thing I know about secured or legit website and not secured website. I guess there are many good members here that could explain further on your posts. You may create also a thread for this for the newbies. This is very important for the awareness of the new comers here. This will let them avoid scam and phishing activities.

Yadstiker

full member

Activity: 373

Merit: 100

A great idea of yours sharing this kind of information for all to get aware and have an idea by choosing a good password but we should also consider it's still possible to get scammed when you open too many sites which has too many adds and maybe if you don't know it's a fishing site until you can't open your account.

guybrushthreepwood

legendary

Activity: 1232

Merit: 1195

Quote from: erikoy on October 17, 2018, 10:56:31 AM

Take a look on this sample password and the time that the password could be crack!

Quote

Note: CTTO (Credit to the Owner of that Picture)

I don't think this is wholly accurate. The second one would take less than a day to crack according to https://howsecureismypassword.net/

"looks5strong" would be four years.

Regardless, sometimes it doesn't matter how strong your password is if your security is lax in other areas and that's where people often slip up. If you get a keylogger or some other virus that can grab your passwords from your browser then you're screwed either way. I've seen people boast online that their passwords are 30 random characters but yet they keep them in a notepad or in their email. Sometimes all attackers need is access to your email and then they can reset your accounts at will.

sud

sr. member

Activity: 826

Merit: 301

@gorkem

You mean screen keybaord? This is good idea, I'm doing it whenever I have to log in somewhere using unknown computer, so the potential keylogger won't hijack my password. Another thing is to always turn on 2 factor authenticator (application one, not SMS), it greatly reduce the risk of hacking your account.

gorkem

hero member

Activity: 868

Merit: 502

Good recommendation) but if Your computer is infected with a virus any password can be hacked.To minimize the risk it is worth paying attention to browser extensions.If possible, do not install anything.I also use a touch keyboard when entering passwords.

sud

sr. member

Activity: 826

Merit: 301

Very interesting topic. I think everyone using online services should take to heart, especially in crypto space when your money is at stake. I really started thinking about strong passwords as a safety measure, when I was making my first account on coinbase (which was the first crypto related service I used). So I made a pattern that helps me remember all my passwords on different sites without always checking - I'm using my core word and add another part which depends on the service name, of course everything includes lower and upper case letters, numbers and special characters. Same goes for passphrases to all my crypto wallets.

hugeblack

legendary

Activity: 2506

Merit: 3645

Buy/Sell crypto at BestChange

Quote from: erikoy on October 17, 2018, 10:56:31 AM

We could use this in cryptocurrency for we know that password is a vital part in creating accounts to store crypto in wallets, accounts for trading crypto and etc.

Strong passwords are a part of protecting your account but not only your account security. There are better ways to protect your account from using a unique password though it is the basis for protecting your account.

One of the most critical problems, in my opinion, is the difficulty of generating those words from the ordinary user where it is difficult for the user to remember passwords such as "fw5J||59TanCRys."
So the best solution is to save those words "notepad, paper," copy and paste it every time. Which will be dangerous if there are viruses on your computer.
One of the best sites that offer that service is[1]

[1] https://strongpasswordgenerator.com/ "offline"

pooya87

legendary

Activity: 3444

Merit: 10558

that picture is a little misleading in my opinion, which i believe is because you are posting it out of context and without that explanation of the author. these words are probably examples but only by looking at the picture you won't get that.
for example the second one "looksstrong" shouldn't take 10 days to crack since it is words that are found in a dictionary. of course the "s" in "looks" makes it a little harder but it is still pretty simple to crack. same with "LooksStrong" although capitalization makes it a lot safer but it is not yet "safe".
part of the misleading part that i mentioned is because it is using words, you may look at "LooksStrong" and think a 2 word password with capitalization is strong and takes 59 years to crack so you use a 2 word password with capitalization like "MyPassword" and it cracks in 3 seconds!

generally speaking you want all conditions together not just some: length + hi/lo chars + symbols + numbers
here is an interesting website: http://www.passwordmeter.com/

joniboini

legendary

Activity: 2170

Merit: 1789

A strong password has a big entropy. Try to use an entropy calculator to see the entropy of your password. Using something like https://apps.cygnius.net/passtest/ is good (use it offline).

Topic: Creating strong password. - page 3. (Read 1254 times)