Pages:
Author

Topic: [GUIDE] How to Create a Strong/Secure Password - page 4. (Read 2930 times)

mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
~would be a hassle to update my password db on a flash drive every time I change a password. ~
how about a deterministic password manager?
i don't really know if such thing exists but the basic idea of it is similar to BIP32. you have an entropy that you back up and then each time you need a new password, you derive that password from that entropy by incrementing your step.
it would be very easy to write an app for it too.

Hmm. It can work. Though I don't see majority of the people doing this unless such a feature is implemented on an open-source password manager like KeePass. I'm definitely going to spend a good amount of time thinking of how I can apply this to my current system without adding too much hassle.
hero member
Activity: 2366
Merit: 838
I stored my keys or passwords as a mixture between online and offline methods. However, I always choose the most reliable cloud storage providers or softwares to store my keys or passwords. For offline storage, I usually store them in as safest places as I can, that are water-, fire-resistant.
In my opinion, I don't think we should choose only one method, online or offline, because as you wrote, each of them has its pros  and cons.
legendary
Activity: 2506
Merit: 1394
The best option is to use some sites like this site -----> https://passwordsgenerator.net/.
Still much safer to use offline password generator, like KeePass.
I never use any password generator, my brain is best generator and paper is for now keep all them safe.
There's still some pros and cons for storing our password online or offline. Yes, it's okay to use paper to keep them safe. Even in storing our private keys in different crypto-currencies wallets, they are suggesting it write in paper and never store it online.
Alternatively, we could use a full bible verse ......
Yes, you can also use this. It could help you to easily memorize the password, as long as you know the bible verse.
legendary
Activity: 3472
Merit: 10611
A general rule regarding password security is:
Length beats complexity.

when  you are writing a guide like this you should not think about how YOU can make a strong password, instead you should think about all the people who are going to use that method. in this case (using a sentence with actual words instead of using symbols,...) the example here may be strong but most people are not going to create strong passwords like that. next thing you know they are using passwords that while looking unique are easy to guess even without a dictionary attack. and that is the point of that extra complexity added to the passwords. humans are not capable of making truly random/complex passwords in general.

~would be a hassle to update my password db on a flash drive every time I change a password. ~
how about a deterministic password manager?
i don't really know if such thing exists but the basic idea of it is similar to BIP32. you have an entropy that you back up and then each time you need a new password, you derive that password from that entropy by incrementing your step.
it would be very easy to write an app for it too.
copper member
Activity: 2324
Merit: 2142
Slots Enthusiast & Expert
How about using hash for example: SHA256("not-too-complicated-password"). We could use SHA256 x times, then x also part of the password. Alternatively, we could use a full bible verse since we also only need to know the book name and number, for example, Mark 15:9.
legendary
Activity: 2268
Merit: 18711
For example, I Ate A Thousand Donuts In 1 Day. The scenario shouldn't be related to you just like my example and you will get the first letter of the words in the phrase. So that would be. IAATDI1D.
You can see bob123's post above for a great explanation of why it would be better just to use the whole phrase, rather than just using the first letter of each word. It doesn't make sense to remove so many extra bits of entropy when you have to remember them all anyway.

Still, even with all the advice in this thread about how to come up with good passwords, the best option remains to use an open source, encrypted, password manager such as KeePass which will generate truly random and very secure passwords.
full member
Activity: 504
Merit: 127
Match365> be a part of 150BTC inviting bonus
I went to a seminar and they told us how to create a strong password. The person that gave the seminar said that you should create a password by making a phrase . For example, I Ate A Thousand Donuts In 1 Day. The scenario shouldn't be related to you just like my example and you will get the first letter of the words in the phrase. So that would be. IAATDI1D. Or you can try iaatdi1d. Or a combination of it, IaAtDi1d. But I think the best password includes special characters since password hackers will find a hard time hacking it.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
  • Never upload your passwords to the cloud.

I really don't know about this point. While having your password database on the cloud like on your Dropbox account is definitely a security attack vector, I think it should be fine if your master password is also secure enough(as it should be in the first place). I mean, I don't trust my hard drive to not break in the future; and it would be a hassle to update my password db on a flash drive every time I change a password. So using the cloud to store my password db is fine for me. Just my 2 satoshis.
hero member
Activity: 2366
Merit: 838
I heard about Keepass around two months ago, but still not use it to secure my account. Today, the guide makes me feel more easily to secure my accounts with Keepass. The random apssword genersting feature is amazing.
All those steps presented are very detailed, and tips from whomtookmycrypto makes sense. I appreciated contributions both GreatArkansas and whomtookmycrypto for the topic and for the forum.
legendary
Activity: 1624
Merit: 2481
You know, what would be an even stronger password ? If you'd take the whole sentence: I Was Born At 2:35pm In The Country Of Germany
You have to memorize the same, but you increase strength by a lot.
But this still safety for some scenarios? Like for example, you are on the public and then you type this password and someone is watching you then they can read what you are typing in the keyboard as they can read on what you are typing in the keyboard.

Usually password fields do not show what you enter in plain text.

Regarding watching the keyboard.. that applies to anything you enter. I'd even say that it is harder to recognize what you type if you type a sentence fast, than typing a complex password slowly.

But in the end.. we were talking about technical security.
Someone can always just watch what you type or blackmail you to give the password out. No password is protected against that.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Really paper? RL opsec isn’t your strong point.

What is wrong with paper? With proper storage paper can last a few hundreds years, quite enough for me. I was never hacked or lost any password in 15 + years of using internet.

Quote
Generally speaking, good quality paper stored in good conditions (cooler temperatures; 30-40% relative humidity) are able to last a long time -- even hundreds of years.

https://www.loc.gov/preservation/care/deterioratebrochure.html
legendary
Activity: 1414
Merit: 1808
Exchange Bitcoin quickly-https://blockchain.com.do
I never use any password generator, my brain is best generator and paper is for now keep all them safe. It's quite logical to not use common / simple passwords (which most people do), but to make relatively strong passwords. Take for example a 12-character password, it is not easy for the average person to remember such password, but if we divide it in 3 parts (3x4 character) it is very easy to remember such password.

Even if I always create unique passwords and write them down on paper, with time I manage to learn them by memorize part of the password at the time. If I estimate that password need extra strength, I just add 4 character more by password change option. In this way you can very easy memorize even 20-character password, and in same time keep backup on paper.

Really paper? RL opsec isn’t your strong point.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I never use any password generator, my brain is best generator and paper is for now keep all them safe. It's quite logical to not use common / simple passwords (which most people do), but to make relatively strong passwords. Take for example a 12-character password, it is not easy for the average person to remember such password, but if we divide it in 3 parts (3x4 character) it is very easy to remember such password.

Even if I always create unique passwords and write them down on paper, with time I manage to learn them by memorize part of the password at the time. If I estimate that password need extra strength, I just add 4 character more by password change option. In this way you can very easy memorize even 20-character password, and in same time keep backup on paper.
legendary
Activity: 2688
Merit: 3983
The problem is that if you choose an easy password it is easy to hacks, otherwise it is difficult to remember or people will copy/paste those words "You will be exposed to many risks such as clipboard viruses, impossible to remember without copying/pasting."

The best option is to use some sites like this site -----> https://passwordsgenerator.net/[/b]]https://passwordsgenerator.net/.

you can generate new password:  [ raQyd*UF!E3+PGZkz2kBrp+ ]  and you can save this to remember:  [  rope apple QUEEN yelp drip * USA FRUIT ! EGG 3 + PARK GOLF ZIP korean zip 2 korean BESTBUY rope park +  ]
legendary
Activity: 2506
Merit: 1394
Also, wouldn't feel comfortable using an online tool like Avast to generate passwords. Much more comfortable using an offline tool to generate passwords like a password manager eg. https://keepass.info/ With KeyPass, you can generate strong passwords in 2 simple steps.
Thanks for this, I added this on the OP, before the Avast random password generator since I found this KeePass is much safe since you can generate password offline and it is open-source.

Good stuff. Personally feel that no password guide would be complete without a section on how to store and use them eg. with a password manager.
Done creating a simple guide on how to use a password manager, I used the KeePass since OmegaStarScream also found this much safer than Avast.

It has been discussed here in the forum on how to create strong password so I'll just add the thread link in here and also you can read other people's tips on what to do if something happens or if there is a virus/malware in your computer. Here's the link of the thread: Creating strong password..
Oh, Thanks for noticing this thread, no worries, I will also add this on the OP.

A general rule regarding password security is:
Length beats complexity.
Rather make your password a few characters longer, than using special characters which makes it hard to memorize.
Exactly. The more characters on your password will be more secure and make your password stronger.

And dictionary attacks aren't effective against this either, even though this is against your rule B:
This rule B is risky if some hacker is the only target is you, they can use some of your personal info to bruteforce your passwords, and yes dictionary attacks for this is really aren't effective.

You know, what would be an even stronger password ? If you'd take the whole sentence: I Was Born At 2:35pm In The Country Of Germany
You have to memorize the same, but you increase strength by a lot.
But this still safety for some scenarios? Like for example, you are on the public and then you type this password and someone is watching you then they can read what you are typing in the keyboard as they can read on what you are typing in the keyboard.
legendary
Activity: 1624
Merit: 2481
A general rule regarding password security is:

Length beats complexity.


Rather make your password a few characters longer, than using special characters which makes it hard to memorize.

This quote is from a post i made less than 2 weeks ago:
Example:
You will take every first 2 characters on each word from the sentence "I Was Born At 2:35pm In The Country Of Germany"
Result:  IWaBoAt2:InThCoOfGe

You know, what would be an even stronger password ? If you'd take the whole sentence: I Was Born At 2:35pm In The Country Of Germany
You have to memorize the same, but you increase strength by a lot.

Another example for a stronger (and easier to type) password would be: Germany is where i have been born.
Even though it might seem less secure because it is a whole logic sentence, the bit strength considering bruteforce is way better.

And dictionary attacks aren't effective against this either, even though this is against your rule B:
B. Never use passwords that include your personal information


To completely mitigate dictionary attacks which are targeted at you, use random words.

The classical password correct battery horse staple is about 1012 (= 1.000.000.000.000) times stronger than IWaBoAt2:InThCoOfGe:


correct battery horse staple
:
- lowercase + special chars (even tho its just 1 it has to be considered) = charset of 58
- 28 Characters

=> 5828 possibilities => ~ 2.37x 1049


IWaBoAt2:InThCoOfGe:
- Lower- + Uppercase + special chars (even tho its just one it has to be considered) + numbers = charset of 94
- 19 Characters

=> 9419 possibilities => ~ 3.08 x 1037



So, to summarize:

Length beats complexity!
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Yes, saw that and wanted to link to that too. But having read both threads don't you think OP's post is much more comprehensive than the other thread?
Well, it's not about which thread is much more comprehensive but one thing in common both of them provide an Image where there is an example of strong password on a board. The reason I link that thread is that there are replies there like an app you can use to have a strong password like having a password manager.

What do you think about this the same threads?

Date Created: November 20, 2018, 08:25:11 AM
https://bitcointalksearch.org/topic/how-to-prevent-telegram-users-from-adding-you-to-telegram-groups-5072351
The image is not that good but still clear anyway.

Date Created: April 04, 2019, 05:16:41 AM
https://bitcointalksearch.org/topic/do-this-if-you-dont-want-to-be-dragged-to-different-telegram-icos-5127958
staff
Activity: 3500
Merit: 6152
A video to give people a deeper understanding of how hackers crack passwords: https://www.youtube.com/watch?v=YiRPt4vrSSw

As for your suggestion to use Avast, I think it's safer and more secure to use something open source like KeePass to both generate and store passwords.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
It has been discussed here in the forum on how to create strong password so I'll just add the thread link in here and also you can read other people's tips on what to do if something happens or if there is a virus/malware in your computer. Here's the link of the thread: Creating strong password..

Yes, saw that and wanted to link to that too. But having read both threads don't you think OP's post is much more comprehensive than the other thread?
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
It has been discussed here in the forum on how to create strong password so I'll just add the thread link in here and also you can read other people's tips on what to do if something happens or if there is a virus/malware in your computer. Here's the link of the thread: Creating strong password..
Pages:
Jump to: