Comments on: How To Create A Good Password That You Will Not Forget

By: OklyDokly

OklyDokly — Mon, 15 Mar 2010 15:10:40 +0000

So, I’m curious as to why more companies aren’t going the route of OTP + password for authorization…game companies are doing it, some banks are, but not all…

Sure, you have the risk of losing your OTP generator, but without your password, that OTP generator is useless, and vice versa.

The fact of the matter is this: Try and try as hard as you might, you will never be able to completely prevent/thwart social engineering. Yes, you can brute force or dictionary hack passwords in some cases, but the vast majority of security compromises occur through social engineering.

By: RAJ KIAN

RAJ KIAN — Tue, 02 Mar 2010 06:05:52 +0000

earlier i used to use pw as 123456 or even 123456789.
my frnd use qwertyuiop or zxcvbnm.
but currently i hv 2 ytp of pw.or 3.
for myspace its 7letters tgen 3 nos.
fb,twitter etc. its 7+7=14 letters thats very big. Well its combo of 2 words. n i bliv dat its next 2 impossible to crack it.
oh n the 3rd one is 7letters dats 2nd part of my earlier pw.

another thing which every1 shud keep in mind. Always make it a point to hv ur pw in CAPITAL LETTERS if u find it difficult 2 rember mix of upper n lower case.
i use caps. n dey say “hey ur caps lock is on”.

By: Montana

Montana — Sun, 28 Feb 2010 13:59:36 +0000

You know what, these banks & email hosts would be almost completely hacker-proof if they maybe did something where the password was encrypted with two layers of security — one, SSL, the other, an encryption algorithm that uses IP addresses. With so many different IP addresses, and the ability to change them every now and then, it would be hard for hackers to decipher the password.

By: jay

jay — Sat, 27 Feb 2010 17:20:16 +0000

i use my dob as my pasword,easy to remember

By: Michael

Michael — Sat, 27 Feb 2010 17:06:13 +0000

Hi Buffet
â€œTestâ€ your password? â€“ like Iâ€™m gonna fall for that! Please
Other people seem to have missed this point.
I love your comment of only 10 words.
Like love ,it changes everything.

By: Versatile

Versatile — Fri, 26 Feb 2010 22:02:05 +0000

I currently use a great website called mashedlife.com. I use a yubikey to login for secure authentication, and all my passwords for all my online accounts are housed here.

I use the random system to generate random and complex passwords for each and every single online account I have.

When people ask me if I know my passwords, I literally say no I do not. In fact, if you asked me what my gmail password is off the top of my head, I honestly could not tell you because I have literally 0 passwords memorized except the main password I use to login to mashedlife.com with yubikey as the second form of online protection.

The mashedlife.com website is never down based on my usage, and the passwords are encrypted. Sure, lastpass.com is similar site, but in general I think these are good solutions.

By: David

David — Fri, 26 Feb 2010 19:41:42 +0000

A comment on passwordmeter.com. I am currently working on a website for a large government agency. As part of the registration process, it is necessary to choose a password. The decision was made to incorporate the password meter into the sign-on page. In the process of doing this, I discovered an enormous bug in the password strength algorithm – which is the root cause for

“However, if your password is too long, i.e. too safe, this test will actually fail.”

It has to do with the way it calculates the number of repeated characters – which is a major deduction in the algorithm. Consider a password like “EIDIDIFY” from the beginning of the article.

There are 2 Ds and 3 Is in the password, for a total of 5 repeated characters. Deduction for 5 repeated characters is n*n-1 or 5*4 or 20. However, because the algorithm bug to count this determines the number by looking through the string starting at the first character and looks at each character in turn to find matches. Then looks at the next character in the string and parses again til the end, whenever there is more than 2 of any character, you get characters counted more than once. In this case the first I matches two other Is in the string. Then when you get to the second I (in pass 4), it matches the last I also. The result is the algorithm thinks there are 3 I’s, 2 D’s, and then another 2 I’s, for a total of 7 repeated characters. 7*6=42 which is a huge deduction. If there was a third D as well, the algorithm would find 10 repeated characters for a deduction of 90. That explains why a STRONG password can turn into a WEAK password by making it longer.

By: JoÃ£o Brito

JoÃ£o Brito — Wed, 24 Feb 2010 17:57:16 +0000

My system for passwords works like this: I created ONE huge password with TWENTY characters, and I remember this one easily. For things that aren’t that important, I use the first six chars. For things that are somewhat important, I use the first ten chars. And for things that are really really important I use the whole 20 chars password. So far, so good.
But I liked the suggestion of using the three first letters of each service after the password, it will make my six chars password a little stronger.

By: Buffet

Buffet — Tue, 23 Feb 2010 09:45:36 +0000

“Test” your password? – like I’m gonna fall for that! Please.

By: Parand

Parand — Tue, 23 Feb 2010 04:45:37 +0000

It’s easy to create strong passwords that you can also remember:

http://parand.com/say/index.php/2006/03/09/choosing-a-good-password/

In short:

Think of a sentence you wonâ€™t forget. Hereâ€™s one:

I hate thinking of passwords, itâ€™s such a hassle.

If you really canâ€™t think of one, pick up the closest book to you, turn to a random page, and select a random sentence.

Now, create the password as the first letter of each word in the sentence:

Ihtop,isah

There you go. That is a password that is hard to crack, but easy to remember. Because you just remember the sentence.