Pages:
Author

Topic: [GUIDE] How to Create a Strong/Secure Password - page 2. (Read 2920 times)

hero member
Activity: 1064
Merit: 639
Someone hacked my common password and stolen my all BTC about 0.5 BTC. Now I am using google's suggestion for creating a strong password.  I do not save the password on my computer or mobile,  Google saves it and provides me whenever I need. I also use 2FA to keep myself tension free. But all times I feel the pain for my losses for a weak password. After all, your suggestions also helpfull for all like me. Thank you.  

This is the reason why I have told mobile users. Do not use the same password everywhere.
I am sad to hear that your BTC has been stolen
legendary
Activity: 2338
Merit: 1354
Someone hacked my common password and stolen my all BTC about 0.5 BTC.
(...)
How come the hacker able to transfer your BTC from your wallet? What kind of Bitcoin wallet do you use?
It's kinda impossible a hacker can hack your Bitcoin wallet for using a password, unless you are using some centralized Bitcoin wallet that you are not the only one who knows your private keys or you don't have any the private keys of your Bitcoin wallet.

Just beware, don't really trust google for holding your passwords. I think what you mean is their built-in password manager in their browser.
Much better to use some password managers that are open-sourced, just like in the first post; KeePass.
member
Activity: 328
Merit: 20
Someone hacked my common password and stolen my all BTC about 0.5 BTC. Now I am using google's suggestion for creating a strong password.  I do not save the password on my computer or mobile,  Google saves it and provides me whenever I need. I also use 2FA to keep myself tension free. But all times I feel the pain for my losses for a weak password. After all, your suggestions also helpfull for all like me. Thank you.  
hero member
Activity: 1064
Merit: 639
When you want to generate a secure password on Android using Google Chrome

1. Turn sync on in your Chrome
2. Go to a website and sign up for an account.
3. Tap on the password text box.
4. Tap Suggest strong password.

If you don't see this option, tap Password Save your password and then Suggest strong password.
You'll see a preview of the password. To confirm, tap Use password.
Finish signing up for your account. Your password is automatically saved to Chrome.

When you want to generate a secure password on iPhone & iPad

1. Turn on sync in your Chrome.
2. Go to a website and sign up for an account.
3. Tap on the password text box.
4. Tap Suggest password.

You'll see a preview of the password. To confirm, tap Use suggested password.
Finish signing up for your account. And Your password is automatically saved to Chrome.

Source:
https://support.google.com/chrome/answer/7570435?co=GENIE.Platform%3DiOS&hl=en&oco=1#

Turn sync on and off in Chrome:
https://support.google.com/chrome/answer/185277

legendary
Activity: 2604
Merit: 2353
  • Using Passphrase
    Passphrase is consist of multiple words, the randomness of every word for creating a passphrase makes it strong.
    Example:
    "Dog in the dark" -  Word make sense and it is grammatically ordered.
    "hulk touch adjourn omega" - Don't make sense phrase, not in grammatically order.
    You can use this password by capitalized every second character of every word, adding a special character between the words.
    Like hUlk&tOuch$aDjourn@oMega -
    You can use the Sentence Method here, for example, taking every first two characters of every word, capitalized every 2nd character of the word and adding random special characters.
    "hUlk tOuch aDjourn oMega".
    Result :  hU#tO!aD*oM$
Be very careful about these complex methods, it's not as safe as you think, because :

For decades, the advice from information security experts was to change your passwords frequently and use numbers, capitals, and special characters. But we humans are bad at creating randomness, and we’re bad at remembering things. So inevitably people used simple words, names, birthdates, and sayings, swapping out letters with similar-looking special characters. Hackers can crack these kinds of passwords in a matter of seconds.

In an effort to make secure systems, the prevailing password advice actually made the systems less secure. Or, as the user AviD now-famously put it on Stack Exchange, responding to the XKCD comic: “Security at the expense of usability comes at the expense of security.” In other words, if your “secure system” isn’t easy to use, people won’t use it, negating the security benefit.
[...]
When you use passphrases, also keep the following in mind:

Four words should be sufficient. Five words is better.
Don’t choose from the most common words, and don’t choose quotes or sayings. The words should be as random as possible.
Use a unique passphrase for every account you own. That way, if one passphrase is ever exposed, the other accounts remain secure.
https://protonmail.com/blog/protonmail-com-blog-password-vs-passphrase/


legendary
Activity: 2338
Merit: 1354
BUMP
newbie
Activity: 33
Merit: 0
Plus don’t use logical when you build your pwd
jr. member
Activity: 603
Merit: 7
To me I believe the best password to use is number and alphanumeric with this nobody can easily catch your password expect it was disclose by you and the habit of people send password through any internet miss is very bad. So let try and keep your password save like we do to our money because losing your password is equivalent to losing of your investment on fire blaze...
legendary
Activity: 3024
Merit: 2148
I don't think password manager's could be trusted enough to generate a password for use, mostly when it has to be used for some thing very important or financial stuff.

Password managers are open source software used by millions of people. If you don't trust them, you might as well stop trusting all Bitcoin clients, all operating systems, all hardware, all algorithms.

People who misunderstand security tend to weaken themselves by focusing on the wrong things and trying to reinvent the wheel, while lacking the theoretical knowledge to do so.
legendary
Activity: 2268
Merit: 18711
I mean, you absolutely should be using the full character set allowed by whatever password or passphrase you are using, but my point was that your password isn't necessarily secure just because you are using the full character set. Many people who use numbers and symbols use them to change a single letter in an otherwise weak password (such as p4ssword or pa$$word), or just append them to the end.

If you want a strong password you need to use the full character set and have a program generate a long and random string for you.
legendary
Activity: 3472
Merit: 10611
That's why if we use% *: with numbers when giving strong passwords, it will take a long time for them to hack their passwords.
Not really. If someone is going to bruteforce your password, then they will likely already being using the full ASCII character set. There's a lot more to a truly secure password than just throwing in a percentage sign somewhere.

i don't think we can generalize this because it will come down to how the password is actually created. for example if it is simply a couple of obvious words with one or two symbols thrown in there then it could be broken rather easily. but technically adding symbols to the mix is increasing the search space.
if the password consists of only letters:
- no case sensitivity -> each position is only 26 possibilities
- with case sensitivity -> it goes up to 52
- with symbols -> it jumps to 90
legendary
Activity: 2268
Merit: 18711
That's why if we use% *: with numbers when giving strong passwords, it will take a long time for them to hack their passwords.
Not really. If someone is going to bruteforce your password, then they will likely already being using the full ASCII character set. There's a lot more to a truly secure password than just throwing in a percentage sign somewhere.

I think a manual randomly generated password could act in a more secure way than a generator.
That's incorrect. Human beings are very bad at being random, and when we think we are being random, we aren't. You shouldn't be relying on yourself to come up with random passwords, passphrases, seeds, entropy, or anything else. Password managers such as KeePass, which will generate real random passwords for you, are open source, so no trust is needed.
sr. member
Activity: 458
Merit: 265
I don't think password manager's could be trusted enough to generate a password for use, mostly when it has to be used for some thing very important or financial stuff.

Most of the people around tend to use same password on most of there user accounts online and they carry a risk of loosing all they have at a single cracking incidence so I would just advice not doing so, but its seems to be in human nature.

I think a manual randomly generated password could act in a more secure way than a generator.
sr. member
Activity: 1190
Merit: 268
Hire Bitcointalk Camp. Manager @ r7promotions.com
I think I won't use any simple numbers to create a strong secure password. Then hackers can easily hack passwords. That's why if we use% *: with numbers when giving strong passwords, it will take a long time for them to hack their passwords. Not easy to do.
legendary
Activity: 2268
Merit: 18711
At last keeps the password which is unique, easy to remember and hard to guess.
All your advice is good up to this last point, which is the wrong advice to give. A password which is easy to remember is easy to guess and easy to brute force.

It's simple: Humans are bad at being random. This means we are bad at choosing passwords, passphrases, brain wallets, or anything similar. Don't even try. There's a reason that wallets generate a random seed for you and don't let you input your own (or at least, you have to use advanced configurations if you want to input your own, since it is very high risk). Use a proper password manager such as KeePass or Bitwarden to create truly random passwords and store them for you.
member
Activity: 128
Merit: 13
Try to make the password longer which is better. For example- Mix of letters > lowecase/uppercase > symbols > numbers > don't give any personal information or any words of the dictionary.
  • Don't use the same password for every platform.
  • Don't write your password anywhere keep it with you securely and there are some apps that are there where you can keep your password safely.
  • Also, you can use some security tools which you will get it on google.
  • Don't share your password with anyone
  • At last keeps the password which is unique, easy to remember and hard to guess.
full member
Activity: 1176
Merit: 162
Great Guide mate, I  generate my password by smashing my keyboard with random Small and Capital letters, numbers, symbols and paste it on a notepad. I'm doing the traditional way. I don't trust password managers even if is it an opensource, What if it got hacked my all password will be exposed but I'm not against it, but it is a software maybe someone in the future will discover how to exploit it.
member
Activity: 672
Merit: 29
My advice is that, don't create password all because you want it to be hard for hackers to hack. Create password that will be easy for you to memorize. Always try and create a unique password you can store up in your brain  and be able to login with it anytime of the day
hero member
Activity: 966
Merit: 535
I've never had any accounts "hacked" what I have done though is lock myself out with these security options, how ironic right? I have however had people try to get into my accounts. Some is trying to get into my epic games account. My cointiply account has nothing in it even and someone keeps trying to get in. Noone got into either of these though. The password just kept resetting and sending to my email. No attempt has been made to get into my gmail account which I have owned for over 10 years now I think.

I basically just read a guide and used my common sense by thinking from a hackers perspective. So no personal links to anything like birthdays or hobbies just like the OP has said.
I never use the same password over even use partly the same password. Each are unique I use bout 16 characters and use upper and lower case, numbers, symbols. I mix these up so I don't have two numbers together and I I try not to repeat a character.

Here are some examples of a password I would make.

J6f&E1p3%8*G2L*F#7

I also can't understand when I see bounty hunters asking managers to change their address because it was hacked. I think it must be phishing. Always verify any website you want to enter login info on using a whois website. Make sure the websites match up. If they don't then you will lose your account due to phishing. My eth account passwords are very long like a private key and I encrypt the place where I copy-paste the password from. I use nod32 antivirus. I always check and match the clipboard too. I do this at least 3x I also keep 3x backups of my personal info. 1 an usb the other 2 on external hdds. The folder in ecrypted and password protected using 7zip. I keep the password to the 7zip file written down in 3 different places 1 being my safe.

I am not saying I will never be hacked. What I am saying is that it would be very very difficult even with the best social engineering. Since everything is completely random not even I know my passwords or even part of them.

I am also pretty sure that being careful will take care of 99% potential hack attempts.

One last thing I do is I link my accounts with F2A and I link my accounts to my phone number or to IP address.

The IP address works very well. No other IP but mine can login to my website for example. They can try use a vpn it won't work since the need the exact IP.

Very nice guide.

Btw I looked through the posts here and there quite a few nice ones so I gave 3 of you some merits since you deserve them. I try to give them to nice posts I see and help people out.
legendary
Activity: 2730
Merit: 7065
It is the safest option.
It is A safer option but not the safest since hackers are targeting password managers just like any other software.

Quote
According to new information published by Independent Security Evaluators (ISE), at least five popular password managers, including 1Password, Dashlane, KeePass and LastPass, could potentially leak unencrypted credentials and passwords while they're running in the background.

Read this:
https://www.komando.com/happening-now/547660/hackers-find-security-flaws-in-5-popular-password-managers-are-you-safe

If you have bad online practices, no software or password manager can help you. They can minimize the treat but most of it is down to the way the individual user is using the Internet. 
Pages:
Jump to: