Comments on: Why You Should Make Your Passwords Harder To Crack

By: katy93

katy93 — Fri, 17 Dec 2010 19:20:30 +0000

We were taught to use a sentence we’d remember (or a quotation, a book title, whatever) and do the following:

Convert any words to symbols:
“My kids like peanut butter and jelly sandwiches” –> “My kids like peanut butter & jelly sandwiches.”

Take the first (or second, or third) letters of the remaining words: “Mklpb&js”

Convert letters to numbers or symbols:
Mk1pb&j$

It works pretty well, and I find that movie and TV quotes produce nice long passwords with no English words and a sufficient number of numbers and symbols. Plus they’re memorable and promptable–I can write on a post-it inside some book on my desk “favorite quote from Spaceballs” and remember my password.

By: kayoyama

kayoyama — Wed, 15 Dec 2010 09:22:35 +0000

oh no.. i only use 1 password on every account..

By: jerrybloomfield

jerrybloomfield — Wed, 15 Dec 2010 00:20:12 +0000

You know, an authenticator like the one Blizzard sells for WoW would be great. Something different every time you log in.

By: gumOnShoe

gumOnShoe — Wed, 15 Dec 2010 00:00:58 +0000

Grid systems are pretty good ways of generating and remembering safe passwords. I don’t use them personally because I have my own methods that are safe, but they are easy to remember. This one recommends using a pattern:

http://www.vvsss.com/grid/

There are others that use a different grid with all the letters of the alphabet on on the edges and a random set of characters in the grid. You pick a word and use the letters as coordinates to pick a random password.

But yeah, things you should avoid:

1) Using English words. There are a limited number of words in the English dictionary. A dictionary attack is simple to execute.

2) Never use any part of your password in a typed conversation. It is possible that an attacker might scan blogs you frequent for words you use and construct their own dictionary. I’ve seen it done.

3) Pay attention to the address bar when you type in your password. The easiest way to lose your password is to be phished. Having a couple passwords for levels of trust you grant a website is always a good idea if you can’t come up with an original one for every site you visit. Some accounts can be compromised and you don’t have to care about it. Keep those passwords different from ones which actually represent who you are and which allow trusted communication with your contacts.

4) Use non-alphanumeric characters as suggested above.

5) Don’t write (or type) your password down in a legible or easy to understand fashion. People who want to steal your password probably know who you are and where you’d keep such a thing.

By: wrenthefaceless

wrenthefaceless — Tue, 14 Dec 2010 20:40:29 +0000

“1,2,3,4,5? Thats the kindof password an idiot puts on his luggage”

Ah Spaceballs and your infinite wisdom.

By: Barton Gellman

Barton Gellman — Tue, 14 Dec 2010 20:20:48 +0000

May I also recommend the Counterspy column: “Passwords: How To Stop Ignoring The Expert Advice”

http://techland.time.com/2010/09/16/passwords-how-to-stop-ignoring-the-expert-advice/