The secret of a secure password

Ahh you beat me to it!

My main password is 93 million years.

My forums password is 12 years.

My [first] bank password is 106 years. Ironically my bank password is the shortest of them all.

My weakest password takes 32 seconds to crack. Haaaa that's an eye opener.

My wireless key is 717 quattuorvigintillion years.
My work password is 6 hours.

My work password email is 25 million years.

Ok that is enough information about me :D
 
If you subscribe to multiple forums it isn't too bad using the same or similar passwords, just make sure it's not the same as the one you use to log into anything with real personal info available.

One thing you can do is if you want to use a similar password for many things because you have memory problems, is to have a keyword then a site specific hash.

For example - you could have mypassy as your keyword then simply add the first 3 letters of the site name you are logging to.
ie mypassyavf

you could choose the first and last letter of the site address, up shift them and then insert them into your password after the 3rd and 5th characters.
a>b and s>t from avforums
mypbastsy

As long as you always follow the same function you can have different but totally functional passwords that people can't spot the pattern of.

Some other examples:

avforums

a=01 v=22 f=06

bbc forums

b=02 c=03

rudepronsite

r=18 u=21 d=04

keyword = lacigol (logical backwards)

3rd number first followed by a . if it's even and a > if it's odd.
If it's even insert the first 2 letters of your keyword before putting in the second number followed by a ( if it's even and a ? if it's odd.
If it's odd insert the first 3 letters of your keyword before putting in the second number followed by a ( if it's even and a ? if it's odd.
Enter the rest of your keyword and add the first number on the end with a ~ if it's even and a + if it's odd.

for avforums => 06.la22(cigol01+

for bbc forums => 03>lac02(igol02~

for rudepronsite => 04.la21?cigol18~

that gives you a very secure password that you can work out but doesn't look like a sequence - just make a set of rules that you can rememeber and always operate them.
You can use the characters on the number keys in a particular sequence like 1(!) and 9((), 2(") and 8(*), 3(£) and 7(&) to make what appear complex changes simple sequences that are not obvious.
 
Last edited:
^ Ah you've read the same article as me. It was published a while ago, and it pretty much said the same thing.
 
I was going to say something similar - but then every now and again you come across a really stupid site that enforces a maximum password length or disallows certain special characters or something else which generally indicates the site owners don't know how to code properly.
 
Please could you point out a system where the facility to decrypt a password exists :confused:

Any system where the identity information (including the password) needs to be distributed across multiple directory services - e.g. Novell Identity Manager, Microsoft ILM.

Most RADIUS server implementations and http digest implementations (those that aren't already tightly integrated with the directory service) will need you to store passwords with reversible encryption. I'd even go as far as to say that it's a good idea in many scenarios when admin are aware of the dangers and the admin accounts are capable of being locked down - if you store passwords with one way hashes you're in the poo if you need to migrate your identities from one service to another (this assumes you have upwards of tens of thousands of them globally). It's certainly not a security issue if it's properly managed.

See blog.teusink.net: Passwords stored using reversible encryption: how it works (part 1) and Universal Password - CoolSolutionsWiki for example.
 
quattuorvigintillion



I learned a new word.



Christ, I need to get out more!:D
 
^ Ah you've read the same article as me. It was published a while ago, and it pretty much said the same thing.

If that was in response to my post, no, I wrote that off the top of my head heh, but it's not an uncommon way of approaching a the problem :)

There are only so many ways to encode things, the trick here is to do so in a way that doesn't look like what it is.

The introduction of variance into the patterns helps a great deal in smoke screening pattern shifts.
ie if you simply shift letters up and down a set number of times, looking for occurances of popular letter patterns helps break it. If you use variance, those patterns don't appear as readily yet it still can make the cypher reasonably simple.

I always approached the idea of cryptography from the angle that it is all mathematical patterns and logic ..... so avoid logical patterns :)
 
Last edited:
I was going to say something similar - but then every now and again you come across a really stupid site that enforces a maximum password length or disallows certain special characters or something else which generally indicates the site owners don't know how to code properly.

I hate that. It ruins my internal password management process when I have to create passwords which don't conform to my "rules". :nerd:
 
And worse still you have to remember them - they don't state the rules when you log in - so you have to go 'oh yes, TFL is crippled to only accept 9 characters, or doesn't accept squirrel noises so therefore I go to fall-back password bravo'.
 
The one above is offline if you take out your network cable before putting your passwords in :)
 
Just thought I would res this thread as I have been doing some investigation into password/encryption hacking and it is so easy if you have a password of 12 characters of less all lower case.

However the thing we have on our side is that passwords we have are usually used on remote sites..which you would hope restrict the number of attempts per second and time you out after X amount of seconds.

However if an attacker ever gets access to your password hash then you are pretty much done for unless it is a really secure password...


As others have said the most secure type of password would be something like:
Apoi58>$
And a very insecure password would be:
1234567890
another insecure password would be:
nsueoiwndups

Also to IMBW's point:
This assumes 10,000,000 password tries per second - I can't help but think that's not very possible, even for a local file. If each password is 4-bytes, that's 40MB of passwords per second - good-luck getting that up a broadband connection :)
this site/tool is interesting:
GPU Password Cracking

My GPU can average around 2.5billion password attempts a second with a local file...And it isn't even the fastest GPU you can get, also you could bundle several GPUs together to produce faster results.

Just thought that would be an interesting though for you all :)
 
However if an attacker ever gets access to your password hash then you are pretty much done for unless it is a really secure password...
But this is why sites should hash and salt the password.
 
My GPU can average around 2.5billion password attempts a second with a local file...And it isn't even the fastest GPU you can get, also you could bundle several GPUs together to produce faster results.

Interesting, but you are going to struggle to find a system that will accept 2.5 billion attempts a second ;)

Unless as you say, they get the 'secure' hash.
 
Interesting, but you are going to struggle to find a system that will accept 2.5 billion attempts a second ;)
However the thing we have on our side is that passwords we have are usually used on remote sites..which you would hope restrict the number of attempts per second and time you out after X amount of seconds.
;)
 
Just thought I would res this thread as I have been doing some investigation into password/encryption hacking and it is so easy if you have a password of 12 characters of less all lower case.

No system worthy of its name would allow a single-case password - throwing in upper case and numbers bumps up the complexity significantly.
 
No system worthy of its name would allow a single-case password - throwing in upper case and numbers bumps up the complexity significantly.

AVF does :D

Just trying to get people to think about their passwords a bit more as it is so easy to "hack" a password these days if you have a bit of know how..although I guess it will never stop those people writing down their password and sticking it on a post-it note on their PC...my mother was a repeat offender of this!:facepalm:
 

The latest video from AVForums

Is 4K Blu-ray Worth It?
Subscribe to our YouTube channel
Back
Top Bottom