How to Pick a Genuinely Secure Password!!!!!!!!!!!!!!!post your ideas toooooooooo RRS feed

  • Question

  • When it comes to security, Bruce Schneier is a god among us mere mortals. He has written some of the most influential books on computer security and cryptography ever printed, and his blog is essential reading for anyone on the Internet.

    So when Bruce says here's how to create a secure password (and how he creates his own passwords), I listen. His post on the topic is extensive, so I'll try to boil it down to the essentials. If you have the time, I encourage you to read the whole thing, though.

    First question: How are passwords cracked, anyway? Primarily through brute force "dictionary" attacks, where software tries to guess a password by running through a series of common phrases or words in various combinations. Sure, we know that "password" and "qwerty" are easy to crack, but password crackers have gotten much more sophisticated these days. Now, they check hundreds of these common "root" passwords (here's a list)... in combination with various "appendages," including all two- and three-digit combinations, single symbols (like ! and ?), dates from 1900 on, and a few others. The crackers also sub in common characters like "3" for "E" and other typical hacker-speak substitutions.

    What's that mean? Basically, if you thought the safe-looking pigl3t9! was a secure password, you're sadly mistaken. Any modern password cracker will suss it out in a matter of minutes.

    Before you begin to despair, Schneier offers simple rules on how to create a password that cannot be easily cracked by such methods. (Mind you, given enough time, any password can be cracked, though. But this will make it much harder.)

    The trick is to use a "root" that is not in that list that I linked above, and to put your "appendage" (or two of them) in an unusual place: Either in the middle of the root or at both the beginning and the end.

    Schneier's example is to use a word that you can pronounce but which is spelled "wrong": armwar or pitchsure or baysball are all examples. Then attach your appendage(s): arm9!9war or 1066pitchsure6601 or bay1776sball. It shouldn't take much effort to commit any of these to memory.

    Friday, September 28, 2007 10:47 AM

All replies

  • Two other ways to make a password quite safe:
    1. Substitute similar looking characters instead of ordinary letters:
    If you want to have airtel as the password, use 4 instead of a, ! instead of i, etc. Thus, you'll have 4!r+e1
    Once you get into your heart what stands for what, it'll be very easy to remember this password, but quite difficult to crack.

    2. Use the first letters from a sentence you like very much (eg. a quote)
    For example, 'One must be the change one wishes to see in the world'  (by Mahatma Gandhi) gives Ombtcowtsitw
    Easy to remember, gives a hard time to the cracker...

    Saturday, September 29, 2007 5:22 AM

    PCMagazine says these are the most commonly used passwords, so if yours is on the list, I recommend you change it immediately.
    1. password
    2. 123456
    3. qwerty
    4. abc123
    5. letmein
    6. monkey
    7. myspace 1
    8. password 1
    9. blink182
    10. (your first name)
    Saturday, September 29, 2007 5:50 AM
  • Hi Pal,

    first of all dont use only alphabets, or numbers..

    use a combination of alphabets, numbers, & special characters..

    Eg...  student-rock-star-2


    use a lengthy password..

    it needs years to crack...



    Sunday, September 30, 2007 9:10 AM