The Password Pandemic II: How to Create Awesome Passphrases

Stronghold Cyber Security ^ | December 5, 2017 | Jason McNew

[Gennie]

In part I of “The Password Pandemic”, I advised (in the same vein as NIST SP 800-63b) the use of passphrases, instead of passwords. This is because hackers have built massive databases of stolen passwords and tables full of password “hashes” (known as rainbow tables.) Also, those of us in the InfoSec community know that when we force the use of complicated passwords on people, they will write them on Post IT notes under their keyboards. I have even seen this happen in very high security environments — this is bad.

[M Kehoe]

OU812.

5.56mm

[PapaBear3625]

You can create a password containing only things you would know, like “first person I kissed + last 4 digits of phone# of friend who gave me sword for Christmas”. That way, you can write it down somewhere without it being easy for somebody to figure out your password if he comes upon your cheat sheet.

[Disambiguator]

[tenger]

Maybe some of you math geniuses can help with this one. Password Strength. Is it accurate?

[21twelve]

“Fine, as long as I DON’T HAVE TO CHANGE THE DAMNED thing all the time.”

I don’t mind changing it so often, but boy is my dog confused!

[Rainbow Rising]

I used to play the horses, and for a long time I would use the names of horses as passwords. It made choosing a password less of a chore. I don’t gamble anymore, so I don’t use horse names these days. Now I just use names of bands. Not as much fun.

[sargon]

Select a short sentence from an obscure book you know.

No. Use a series of several (7 or more) English language words, selected at random, and then memorize it. Most people can do this in a few minutes, but for hackers to "guess" it would take longer than the age of the universe to this point in history.

But using sentences from any book, obscure or not, is not optimal, even though it could be somewhat effective.

Obviously, using anything common or popular would be right out.

The multiple word technique I mentioned is devastatingly effective in terms of sheer combinatorial mathematics...

[gunsequalfreedom]

Uv39$126V@41577*

[gunsequalfreedom]

https://www.grc.com/passwords.htm

Password generator

[gunsequalfreedom]

E’V.!RsXa{%{*IZ3u{<p7kD[=ZC*0,~KM’”(C]Jjl6e~WHbzo”u5Ejn~A6Ko(LK

This one is pretty secure.

[wally_bert]

I remember too many oddball movie lines and references to stuff nobody cares about.

It’s easy enough to make pass phrases.

[blueunicorn6]

Thanks.

Now I have to change my password.

[SkyDancer]

What is the alphabet factorial? Just six letters equal 165,765,600. So 26! equals: 4.0329 x 10^26.

[SkyDancer]

One person I know used: coughupalung

[wally_bert]

That’s better than most of the ones I know of.

[VastRWCon]

Just use a title from any freeper thread.

DC has highest percentage of heavy drinkers

Scientist says he's created the perfect Christmas song

Video of car-eating dog in Dalton, Ga. goes viral

[Albion Wilde]

bump

[AppyPappy]

Places you have lived ex. 1313_Mockingbird!Lane
Old phone numbers ex. HighPoint!3362821134
Albums and the year they came out ex. Yes!Fragile#1972
Things having to do with the interface 1998!Fr00Republ2c
Places you lived and when you lived there ex. 1978!GodwinHall#223

[outofsalt]

As long as you stay away from ex lovers!
yeah...

[BBB333]

Some ideas (taken from a few buttons I have had):

Tight butts drive me nuts! (are you reading this George Takei?)

We cheat tourists and drunks! (perfect for swamp dwellers!)