Strong passwords

[xyeovillian]

I have just watched 4 Documentary TV programmes about scammers, and its quite frightening how easy the scammers can hack your accounts etc.
So what are strong passwords to use as we all get a bit to relaxed about our existing set up until some thing goes wrong. Are master password managers any good or can these be hacked as well. Most of my passwords will be remembered in Firefox except bank details etc.

 

[EndlessWaves]

Strong passwords are most useful when dealing with offline password protection. When every password check involves a second party such as a website it's not viable to brute force a password because of the delay between each attempt. And most will lock down after just a few attempts anyway.

Generally though a strong password is something that nobody else is going to use. A completely random set of letters and numbers is best but as long as you throw in enough unconnected letters and numbers in there that it's unlikely anyone else among a million other people will have the same password then that's typically an acceptably strong password.

I would definitely put master password on if you're using your browser's remember password function.

 

[finbaar]

The easiest way to make a strong password is to make it longer. And the easiest way to make it longer is to double up your crap password. So Monkey1234 becomes Monkey1234Monkey1234.

 

[Steve_B]

Scammers and scams work because of weaknesses in human nature as in providing a little too much information to a question - aka social engineering or they have collected/bought data pertaining to you already and are filling in the blanks. Don't believe everything you see or read in the mainstream press, much of it is simplified to the nth degree. I work as an information security consultant and there are still people who have password123 or their child's first name or football team as their password. There are simple and what seem quite innocent questions which can be used to start to build a profile and possible initial passwords to try.

A strong password is one which can't be easily guessed or computed easily/brute forced. by a computer. In some ways longer is better but adding randomness and complexity is better.

Best is not to use a dictionary words - such as monkey... or repeating a pattern (though this would be preferable to using something simple like monkey1234) create as much complexity as you dare remember by mixing upper and lower characters and transposing characters helps ie m0nK3Y and add say a #$!?_ within it creating something such as !m0n#K3Y_26A$

Or alternatively use a phrase known to yourself or lyrics from a song and take the first letter from each word... it will create a random and be near impossible to guess sequence.

Of course some systems and websites have limits on length and complexity.

Personally I would not let any web browser keep hold of any passwords, use a password safe tools which you can securely store passwords with strong encryption and a master password... one such is an open source project called passwordsafe.


-Steve

 

[John Simon]

Years ago used to use 12bms34k@td as a quite strong password.

Easiest way to remember it?

 

[John Simon]

...One Two Buckle My Shoe, Three Four Knock At The Door

 

[Trollslayer]

I use phrases, much easier to remember.

 

[maddy]

 

[Greg Hook]

So Monkey1234 becomes Monkey1234Monkey1234.

Cheers, I've just transferred your money into my account.

 

[Trollslayer]

I find short pass phrases easy to remember.
For example, I just thought up "greenhorses". Something that is simply, plain English and would take a brute force attack to break.