Yeah passwords are one of the things that one should be very careful with. It is easy to make a good password but it is much easier to make a bad one and risk loooots of your money, work and god know what more if hackers really get into you. So take all the advices that were said up there and use them so you'll be safe..

Reply

I dont really have a use for things like that, because I try not to make enemies so no one really want's my passwords. I mean, I don't exactly have an easy password either, but still. I don't think that anyone should be all that worried unless they are a *BLEEP* of some sort.

Reply

One of the saddest things I've heard was alot of people use the word "password" as their password. Even for servers of corporations, the people who had setup their servers used the password "password", as the password for the servers. Which is stupid.

Reply

Sometimes when I register for boring "register to view it all" types of sites, I just use usernames and passwords like "jenny" or "googleaaa" because I'm lazy

Reply

It is the rule of the thumb not to use any word that is present in any dictionary as your password. Even if you combine them with numbers it will be easier to crack. The longer the word and the more complex it is it will become more secure.

Reply

My mom tells me that at her workplace, they use Unix root passwords (or something called that, I only remember the word "Unix".)

These passwords have to be exactly 8 characters long, and must contain one of each of the following:

1. an uppercase letter
2. a lowercase letter
3. a number
4. a special character

So a password like "E==m*c^2" (Einstein's forumla in C++) would be valid, but a password like "abcdefgh" wouldn't.

Here's a very simple rating system that KDE uses to determine password strength:

1. Count how many uppercase letters there are (up to 4 are counted)
2. Count how many lowercase letters there are (up to 4 are counted)
3. Count how many numbers there are (up to 3 are counted)
4. Count how many special characters there are (up to 5 are counted)

5. Add these numbers up, and take a score out of 16. A score of 7 or 8 would take about 7 days to guess if the program cracking it tried at 40MHz (40,000,000 attempts per second).

Here's my own:

0. The score for any category is calculated with the following formula:

(<priority>) - (<priority>) / (<number of characters in category> + 1)

1. Count how many uppercase letters there are. The priority for category 1 is 5. (26 chars total)
2. Count how many lowercase letters there are. The priority for category 2 is 5. (26 chars total)
3. Count how many numbers there are. The priority for category 3 is 3. (10 chars total)
4. Count how many keyboard-accessible special characters there are. The priority for category 4 is 7. (32 chars total)
5. Count how many other special characters there are. The priority for category 5 is 15. (129 chars total)

The password "E==m*c^2" would get a base score of 12.933333333.

EDIT (2008-02-12 21:53:30): After this, the score is converted into a score out of 100. (I decided to do this to incorporate length into the score.)

The formula looks like this:

100 - 100 * (0.90 ^ <length>) * (0.90 ^ <base score> - 0.025)

So the final score for "E==m*c^2" would be 90.057142284048211935767242789242.

 

 

 

Reply

I usually am very careful when I create passwords for logins.. It actually depends on the account that it is being assigned for...

Like for example, if it is for something personal like a personal email account or something.. I either randomly squash the keys or if at home, I get my cats to generate the password for me they do it by hitting the keys they like best ..

But if it is related to work or of high priority, I follow an algorithm that is usually used for generating passwords

Reply

Of course, when choosing a password, it is also a good idea to choose something that you can actually remember. Some password like sE9@&F1rt` is going to be hard to memorize.

BTW, I'm making a random password generator right now. I'll be putting it into my experiments folder.

Reply

Wow! I can't believe someone just brought up the exact thing I thought of when I saw this topic! Great ideas everyone. My passwords tend to be somewhat secure... never terrible, but never great. Alas, such is the result of laziness.

Reply

Since people are now tapping into the power of GPUs to run many millions of passwords through the system every second - I think they have a rate of roughly 200MHz, or 200,000,000 combinations per second.

However, a technique I quite like using to create a secure password is to use a line from a song. For example, Amarok is currently blasting out "Our House" by Madness I could take the following line:

And make it a very secure password:



Only lowercase letters! I hear you cry Well, it is actually incredibly secure:

26³⁰ possible combinations of letters in a 30 character password, if you know it is all in lowercase.

At 200,000,000 attempts per second, that is 26³⁰ divided by 200,000,000 = 1.41x10³⁴ seconds to go through all the possibilities. That is only 4.5x10²⁶ years to guess it.

If you look at the maths, length is far more important than the variation of characters that you use (although, obviously, that helps). Song lyrics are also a bit easier to remember than something like Tr4P17_RuL3Z! as a password.

Reply