remembering long passwords

[hedgerowpete]

i have never had a pass word that was any good, the wifes name or the childrens names with the number one added to the end is about it untill recently

now i want to go long, but i need your help to explain how to remember it and to think of it. how they work and what to look out for

since i cant spell let alone remember any 14 letter words and then add 12 on the end let alone adding numbers randomly, in the middle i was thinking the way to go is to think of a passage of words or four, four letter words.

making the first letter a capital letter and the last letter a symbol that matches its number in the alphabet

to recap say we use the word

"compact," that turns to

"Compact" and then
Compact with the T being the 20th letter so i use either ) or i can use "
making one quarter of the password " Compac)"

whilst better than before still not enough.

so please can someone explain how to remember 16 leters,numbers and symbols, and then of course we are then going to be talking several of them as well,

so what is the basic method i can use to formulate long complex passwords

[psychobilly]

pick a favorite quote or a line from a movie. Run the words together. Change the letter "o" to a zero, or the letter "e" to a three, or letter "I" to a number one. Capitalize a letter or 2.
If you don't have any of those vowels in your quote, pick another.

[jelloman]

My present password, which is reaching the end of it's usable life, is a sting of 8 letters and numbers, some cap and some not, but no symbols...it is meaningful to me, and somewhat vulgar, which MAKES it memorable...you need to comeup with a phrase that can use all of the variables in substitution that means something...a frien of mine used his wifes favorite nag with caps on cerytain syllables and numbers used as reverse letters...3 for E etc...

[hedgerowpete]

cool ideas peeps, thanks

what is the usefull life of a password as well please, 3month or 6 months, i realised today one of mine is 10 years old has no numbers in it and is 6 letters long, oopps

[tcpip95]

I make up an expression, then use the first letter of each word. I'll also substitute symbols and numbers for some of the characters. For example:

"I will be buying a new car sometime this year"

password: 1wBbanc$TY

The expression should be simple and easy to remember and the password becomes very strong.

[Bobcat59]

Spell your own name backwards and add your zip code if that's not enough.

[Macrosill]

In a single word "Roboform". It is a small piece of software that you can run on any windows computer. They also make a portable version that can run off a usb thumb drive. It is a password bank. You only need to remember a single password, the one for Roboform. I use it and have used it for years. There is a free version that holds a limited amount of passwords. It can also save bookmarks and auto fill forms. You can set it to generate passwords as long as you like utilizing numbers, upper and lowercase letters as well as special characters.

I am not affiliated with them and have no vested interest other than I am a happy user of it as are some of my more techie friends.

[SharpDog]

I use formulas. Basically I do this:

1. Divide your websites into 4-8 categories like email, banking, Credit cards, family, work, shopping and blogs (email is most secure, then banking, down to blogs least secure. If a shopping site stores the credit card info it moves up to the credit card list, the actual credit card accounts go in the banking list).

2. Pick a different root word for each. The most secure list (e.g. email) gets all of the rules below, the least secure list gets none:

3. L33t some letters (e.g. 3 = e, o = 0, i = 1, etc) E.G. syll4bl3 (syllable)

4. Capitalize some letters of your root word (e.g. each SylL4Bl3)

5. add special characters (e.g. $ = S) $ylL4bl3

6. add suffix characters to denote the subset of the list ($ylL4bl3-z for Amazon, $ylL4bl3-w for Midway, $ylL4bl3-B for Brownells, etc)

[SharpDog]

Oh and change all the root words for the top categories at least once a year. shopping and blogs can stay, work will usually prompt you to change anyways.

[SharpDog]

If you share passwords between sites they can be vulnerable to theft. This can occur without them being cracked and without any wrongdoing or mistake on your part. Basically over the last several years we have been under constant attack by the chinese and iranians. what they have done to successfully break into government and gov't contractor sites is this:

1. send phishing emails to thousands of individuals at a particular company. The counterfeiting of these emails is very good and inevitably fool at least one person at the targeted company even with frequent warnings about this type of attack.

2. once a person is tricked into clicking on the emails, the attacker uses one of many means of grabbing the encrypted password (called a hash). This is if the site has semi-decent security, if not, they can just grab the plain text password at this point.

3. Whether they have the hash or plain text password the attacker then looks for another site where the user has used the same password. For a corporate or government attack this will be other computers within the company / agency that the user has access to. For banking scams will will be banks / institutions that the user has used the same password with.

4. If the attacker cannot find a financial institution to hack with the hash and he can hack the email then he can get a password or a password reset by using a forgot password link.

5. do not think you will be safe with two-factor authentication, RSA keys at gov't and corporate agencies have been already hacked. There are also apps that intercept and defeat the banking sms process the banks use to send a key pin to your phone.

6. once "inside" the security zone the attacker can then grab the hashes of all other users (this is the source of all the reported stories in the news about user information compromised (e.g. credit card data)). For every reported hack there are many that go unreported and many more that go undetected. This is how you can lose your information when some one else is the one that screwed up.

[SharpDog]

Oh, and be very careful clicking on email links, even if you think it's from a trusted source.

Install a virus scanner (AVG is great for windows, Avast is great for macs, both are free).
http://download.cnet.com/AVG-AntiVir...-10320142.html

http://download.cnet.com/Avast-Free-...-10019223.html

Install a malware detection / cleaning tool (Malware Bytes for windows also free).

http://download.cnet.com/Malwarebyte...-10804572.html

(now, did you click on those links ?)

[maine-marine]

make it a sentence

IE

My12gaugeisashotgun

or

Pantssizeis38-32

or

Iliveat1456westStreet

or

My1stdaughtersbirthdayisjune4th

[psycosteve]

a=@ $=S Z=S O=0 I=! +=t 4=A If I was a fan of Jagermister and wanted my password to reflect that I would go with the English translation of Huntmaster and change it up to make it next to impossible to use brute force hacking my using numbers, symbols and letters both upper and lowercase . the password would look something like this Hun+m@$+er giving you a simple 10 letter password to remember.

[hedgerowpete]

sharpdog those posts are brilliant i love the idea of subsets and extensions. that simple rule solves about 200 problems with pass words for me.

you should change to "sharpdog techno demigod uber geek"

thanks for these great ideas, i shall sit down when back at work next week and work out a simple family tree and subsets for each one, i had never thought it was so simple

[Ricekila]

icantremembermypassword-crap

snivelinglittleratfacedgit

[SharpDog]

btw, you cn aslo add mispelluns to your bag of trix

[Systematic Mechanic]

All the advice here is great.
I personally don't try the memorize them all because
I simply have too many and change them.

This is a really good site for making passwords.
https://www.grc.com/passwords.htm
https://www.grc.com/haystack.htm

Another thing people do is get a flash drive, make a
word or text document and put all your pass words on
there as a back up.

Here is an example of what I would use.

$uR4V1^aL6?0oS}3

Not likely you're going to remember stuff like that.

But like suggested you could use something like

[5uRVi^a!_Bo4rDz.C0M]

I'm not sure if use can use ASCII characters but just so you guys know
all you have to do is press and hold the ALT key and type in 4 numbers
like for example ALT + 0169
that will give you a © copyright symbol.
some more examples. ¼ ½ ¾ ® ° ¹

Hope you find that useful.

[Rvnquest]

I take a line from my favorite song, first letter of every word and add a few characters and numbers.

[strokes762]

Long password? I just use a sentence or phrase that's easy to remember and I capitalize the first letter and I use a familiar number at the end.

Example (I don't use this at all BTW):
"Myfavoriteicecreamisrockyroad123"

This length I typically use for hard drive encryption since most encryption software doesn't put a limit on the length of the password. The typical limit is 32 characters of there is a limit.

[technoprepper]

Quote:

Originally Posted by hedgerowpete

since i cant spell let alone remember any 14 letter words and then add 12 on the end let alone adding numbers randomly, in the middle i was thinking the way to go is to think of a passage of words or four, four letter words.

14 letter words are still very susceptible to dictionary attacks - because they are words.
14 letters has 6.4E19 possibilities. A 14 letter word has about 100,000. Password crackers can test several billion possibilities per second. 14 truly random letters takes years to crack, a 14 letter word can be done in less than a thousandth of a second. Two words together takes 6 minutes. Three unrelated words takes years.

Quote:

making the first letter a capital letter and the last letter a symbol that matches its number in the alphabet

Capitalizing first letter or using l33t speak substitutions is very predictable and still very susceptible to dictionary attacks.

Quote:

so please can someone explain how to remember 16 leters,numbers and symbols, and then of course we are then going to be talking several of them as well,

Often you are allowed more than 16 and sometimes this is easier. If using a string of words, avoid using ones which are normally used together - such as anything in a repository of common quotes.

One poster suggested using a password vault that ran on any windows computer; any windows computer is a very serious limitation. No mac, no linux, no tablet or cellphone, etc. Turns out it runs on many cell phones but not on linux, freebsd, solaris, etc.
And password vault programs are no more secure than the insecure computer they run on. If your machine is hacked then the master password can be captured using a keyboard logger. A small tablet or un-activated cell phone (with all networking turned off) that you don't use for anything else can be less vulnerable.

Random password generators written by the clueless can be amazingly insecure. One time I had an ISP who gave out randomly generated passwords and something tipped me off that it wasn't done well. I then wrote a random password generator, deliberately making the same mistakes a clueless programmer would make. Sure enough, that generator cranked out all the passwords assigned by the ISP. And there were surprisingly few actual combinations. It used a 16bit random number generator, which right there meant that it could only generate 65536 unique passwords (worse than
choosing a truly random word from a dictionary) and because of the manner in which it was used, the actual number of unique passwords was far less. This illustrates the potential insecurity of using predictable rules to make a password.

Non-vanity license plates follow simple patterns. It takes less than a second to generate and test all combinations. There are even fewer birth dates of people currently alive. There aren even fewer commonly used first names (although some ghetto names are off the wall). First name plus birthdate can be checked in under a second. Firstname+birthdate+license plate could take weeks to crack or be very simple to someone who has access to personal data about your friends and family.

A known pattern of choosing passwords is generally more vulnerable than an unknown one.