What's /g/'s method for selecting a strong master password?
>>53530427
Make it longer than 20 characters.
>>53530444
Well duh
throw in a few easy to remember numbers and make it an easy to remember short sentence.
Mine ended up being about ~40 characters long
>>53530427
d;ough234t6~!*
theres mine
>having a master password
hahahahaha
>having something manage your passwords
HAHAHAHAHAHAAHAH
>>53530427
I use correct horse battery staple as a passphrase. They say it's the strongest so I copied and pasted it.
>>53530427
a mix of irrelevant words that makes sense to you personally and you wont fucking forget
https://www.youtube.com/watch?v=yzGzB-yYKcc
>>53530427
I usually use phrases. Sometimes even a sentence or two.
>>53530427
I just use hunter2
I don't. I have a reasonably simple heuristic that generates very strong passwords. I can actually share it with you without much fear in people guessing it:
Make up a sentence that involves the mention of the name of the service you're logging into. So if you're logging in to Proton Mail, then your sentence might be
>I'm logging in to Proton Mail with this password.
Do "something" with the sentence. Take the first and last characters of each word, for instance. So you end up with
>I'mlgintoPnMlwhtspd.
and that's your password for Proton Mail. And your Gmail password is different, and your Facebook password is different. And if you change your phrase, you can correspondingly change all of them. And you don't need a reminder of either the rule or the sentence, because they're easy to remember.
The idea of letting software maintain all of my passwords just feels incredibly dangerous. I understand that there are users out there who'll use "password" or think they're being clever by using "PassWord" or something, but between
1) the risks of locking myself out,
2) the low benefits of generating them (I've never seen a password manager that handled automatically cycling passwords for me),
3) the pain in the ass that logging in on another machine for temporary use would be, and
4) the still-present risk of having all of that data someplace on my computer
I just can't imagine myself justifying it.
>>53530427
mental illness
Memorize a nonsense phrase with at least 10 words, and use the first letter.
Manpw@l10w&utfl.
>>53530849
It doesn't need to be a nonsense phrase. It just has to form a nonsensical string. If your output string reveals the phrase (e.g. taking all the vowels, which would probably reveal the input phrase), then your "algorithm" for generating the output phrase is too revealing.
>>53530525
with so many passwords with different rules, how else can you keep up?
>>53530888
I used the term "nonsense" because you have to avoid famous phrases. You can't use something like "Four score and seven years ago..."
>>53530928
See >>53530815
The risk you take by putting all of your passwords in some place - even encrypted - is bonkers. We've *just* had revelations about weaknesses in cryptography, both accidental and engineered, that makes it surreal that people on /g/ (not just everyday folks, but people who claim to be tech savvy) trust password management regimes with the keys to everything.
>>53530941
Ahh yeah, that's true. Thanks for clarifying.
Passwordmaker.org
>>53530427curl -s https://0x0.st/8Ix.bin | shuf | head -n 8
>>53530427
my password is usually the world password in my native language
Mine is
>6NiggersTongueMyAnus7DaysAWeekFor24HoursADayUntilIBlow©
>>53531059
>the world password
there's a password that unlocks the entire world?
>>53530815
>>53530958
The way I see it, we don't exactly have a better alternative.
First of all, NOBODY generates a new, fully fresh and fully secure password for every single website and throwaway account they sign up to.
It just doesn't happen, and anybody who claims they do this is lying. So right off the bat, we can assume that the alternative to password managers is password re-use.
Password re-use presents a *much* more realistic and much more dangerous threat than vague attacks on the underlying cryptography that also require additional access vectors even if they were exploitable.
(The cryptography is not the key here: You could store your password database in plaintext on your home PC and unless somebody breaks in via other means, it wouldn't make a difference. If they do break in, they could just install a keylogger and your encryption doesn't save you either way)
Second of all, mitigating broken crypto is easy with password managers because you can just regenerate all your passwords with no effort required other than what's required to click through the website's change password dialog.
>>53530928
I have a book. A popular one.
Depending on requirements, I use sentences from the book, including punctuation and everything else, plus a salt element that's always the same for all passwords from that book.
So if my master PGP private key requires an outrageous password, all I write down is 120 4. Page 120, sentence 4, plus my 5 symbols.
It's pretty effective. You find all the words in a word list, but will you try a sentence with 15 words, including punctuation?
>>53531046
>natural heart took place of meat piece children
already memorized
>>53530427
64 characters
Upper and lowercase letters
Numbers
Special Characters
>>53531150
>NOBODY generates
meant memorizes
I use:
http://rumkin.com/tools/password/diceware.php
It's probably better to not trust it and use a true random number generator + diceware, but meh.
>>53530815
There is an inherent risk in using a password manager, but your method is dangerous in its own way. Once someone (hint hint, he might be named Markov) figures your little scheme, all your passwords are forfeit. Sentences are predictable, and people (and machines) who crack passwords do utilize methods like yours. Your sentence better be non-sensical or random, or it will get cracked IN SECONDS. Granted, this would require a targeted attack and is less likely. With leaked databases, they always go for the low hanging fruit.
I use a password "safe", but I'm not going to argue it's safer than a technique similar to what you've posted. In any case, it is MUCH safer to memorize a sequence of words randomly (truly randomly) selected from , say, a diceware dictionary, or to form a sentence with them. You'd need at least 5 words though, with diceware.
>>53531177
That is pretty easy to remember. My problem is that when I generate diceware passwords, I sometimes switch weird words/numbers with another random one that makes more sense or has some sort of relationship with the other words. This effectively whittles down your dictionary, but is probably still more secure than other methods.
The thing nobody seems to understand about passwords:
The actual format of the password is virtually irrelevant. The strength of a password comes from how unpredictable the contents are.
Example:
“64 characters, upper and lower case letters, numbers, special characters” is not a description of a secure password rule.
“64 characters, upper and lower case letters, numbers, special character *generated randomly*“ is a description of a secure password rule.
“6 words in your native language” is not a description of a secure password rule.
“6 *randomly picked* words in your native language” is a description of a secure password rule.
etc.
It doesn't really matter what format you choose, what's important is how you're generating your randomness (especially how many possible permutations you're choosing from).
https://ssl.masterpasswordapp.com
>>53531140
>not knowing about the world password
pleb
>>53531254
There's nothing to be feared in doing so. In fact, I do so for all of my passwords. The reason is quite simple:
If you take 7 random words from a dictionary of 1000 words you get 1000^7 ≈ 2^79 = 70 bits of entropy.
If you take 8 random words and shuffle them into the unique order that makes the most sense, you still get 1000^8 / 8! ≈ 2^80 / 2^15 ≈ 64 bits of entropy.
Adding a word and then picking the order makes it easier to remember the password while not impacting the strength much.
Also, 1000-size word list is being generous. You can easily use a word list that has 10,000 entries - especially if you speak multiple languages. That gives you the same effective security with far fewer words.
The advantage of a small word list is that it allows you to pick very short words, which will be easier to type than longer and more complex ones.
(Choosing randomly from a word list of the 1,000 shortest words in the english language doesn't make your password weaker than choosing randomly from a word list of the 1,000 more obscure words - but it makes it a whole lot easier to type quickly.)
I use a random sentence from my copy of Mein Kampf. It's over 50 characters long.
Nobody will ever break it.
>>53531329
Also, for this reason, when I settle on a new master password, I don't immediately set it - I just memorize the password.
Then, a few days later or so, I write down what I remember and use that as my new master password. This way I've already filtered it through my memory's automatic process of mutating it into something that makes more sense.
I have 3 scene release filenames memorized from http://www.srrdb.com/.
I put them in a certain order as one word.
Easy.
I use computer code for my passwords. Last one I made was almost 300bits and the only real part I had to really "remember" was the shit it wrote in the call to System.println xDDD
>>53531374
I use a random sentence from my copy of Mein Kampf. It's over 50 characters long.
>Nobody will ever break it.
The NSA sends its regards.
>>53531513
>implying a random passage from a foreign book isn't a great password.
>>53530427
I write a quick life goal and then fill certain letters with numbers/symbols that fit. e = 3 or s = $ and so on
>>53531436
>I use computer code for my passwords. Last one I made was almost 300bits and the only real part I had to really "remember" was the shit it wrote in the call to System.println xDDD
I just made what you typed my master password.
>>53531329
Your calculations are only correct if each of those 8! combinations is equally probable; they're not. Some words and word orders are a lot more likely, you have to take into account the probability distribution of sentences/etc. It is still very safe though, granted that you selected most of the words randomly.
>>53531375
That makes sense, but remember, that password is a subset of that 1000^7 element phase space. I don't know how much smaller it is, it's probably still fucking huge.
I use https://ssl.masterpasswordapp.com/ to generate a master password for my Keepass DB with a fake name, a random site, and my real master password.
Yes, I combined the power of both to make Keepass even more secure.
Pick 2 random words, add * to the end, then the name of the service. Encode the whole thing to base32
Can you guys recommend any good malware scanners?
I use the infohash of a torrent that I know will never leave the internet.
My porn name + 12345
>>53531895
All good points. The bottom line is to pick more random words than you think you need.
>>53532097
The number of torrents on the internet is so small that your password is piss-easy to brute force. Good fucking job.
>>53530958
Please.
No one is getting a hold of and miraculously cracking encrypted KeePass databases. Its just not happening. Fear mongering doesn't make you a security expert. Pound for pound KeePass is hands down much more secure than any other viable and current alternative.
>>53532039
malwarebytes
>>53530427
ur mum's bwh
>>53532168
>Pound for pound KeePass is hands down much more secure than any other viable and current alternative.
I call bullshit.
https://news.ycombinator.com/item?id=9727297
https://www.passwordstore.org/
>>53532149
>The number of torrents on the internet is so small that your password is piss-easy to brute force
As if anybody will try it.
>>53532215
are you sure? I could have sworn I started having issues after I installed that shit on my other PC
>>53532265
best one imo, you can run it off a flashdrive or cd if you're worried about it messing up your PC
otherwise you can try superantispyware
>>53532259
If you want me to, give me the first 5 characters of your password and I'll spend a few seconds looking it up in my local collection of magnet hashes.
>>53532312
>give me the first 5 characters of your password
The point is that only I know the torrent and only I know what to use that hash on.
>>53532336
By the same logic you might as well just use ‘123’ as your password.
>>53530427
Something long but easy to remember like:
firstnamelastnamesocialsecuritynumberaddressphonenumberbirthdaymothersmaidenname
Guaranteed uncrackable
>>53532398
Yeah sure buddy. Keep trolling.
>>53532443
>firstnamelastnamesocialsecuritynumberaddressphonenumberbirthdaymothersmaidenname
You would have to be retarded to ever type in anything that is associated with your real identity.
>>53532448
I'm not trolling, I'm being serious here.
If your only argument is “my password is secure because only I know it and only I know where to use it”, then you might as well be using ‘123’ because the same reasoning applies to it.
Except, of course, for the part where you can trivially bruteforce it if you get your hands on a hash (e.g. from a database leak). Ditto for torrent hashes.
>>53530540
Enjoy your dictionary attack
>>53532488
Ok, kid. Shouldn't you be in school or something?
>>53531046
>>53531177
>>53531254
>>53531329
>>53531895
>>53532137
Having all-lowercase isn't as secure as you'd think, even if it's extremely long, see:
https://github.com/Sparell/Phraser
list all passwords i use in a text document
compress document to a password protected .rar
only have to remember the one password to unzip it
>>53532553
Wrong project, I meant this:
https://github.com/lyle-nel/siga
Really interesting "#how-it-works" section
>>53532553
>>53532571
This is neither news nor revolutionary nor does it change anything we did or didn't assume about password strength.
Also, which type of characters you choose to use or not is completely fucking meaningless. To the computer, they are just bits.
>>53532608
I'm just saying that choosing words for a password from a list is just an extremely insecure passphrase. Using a passwordgen from a dictionary makes bruteforcing from a dict-permutation algorithm unbelievably easy
>>53532553
>>53532571
>>53532608
The point is that with a diceware password, you have 7776^n combinations. With seven word password, that is a stack of ~10^27. I have no idea who this guys is, but let's take his word that the fastest computer can crack ~10^18 (I'm rounding everything up to account for the worst possible scenario). So, assuming the cracker even knows what dictionary you're using, it would take the supercomputer 10^9 seconds ~ 31 years. Yeah, I think we'll survive.
I always pick short lowercase sentences including persons I know or pets. For someone trying to get into my shit, "kr4k3n420" is way easier to guess/bruteforce than "myextremelylazycatisnamedwheatly".
>>53532671
Not if your dictionary is big enough, and not if you have enough words. See >>53532677
You could think of it like this, you are picking n numbers each of which range from 1 to 5^6.
Now, I used to use keepass and like both keepass and keepassx, however: there was a quite thorough study of password manager formats and the only one that didn't have weaknesses that could be exploited by modifying the file was the password safe database version 3.
The is only a problem when you sync files with dropbox or any other cloud service, but it could be worth knowing.
I can't use password safe since all linux versions of the software are unstable or slow or just unusable. Passafe (generally quite good) is nice but sadly dumbed down so badly it won't let you select which file you want to open.
https://www.cs.ox.ac.uk/files/6487/pwvault.pdf
>>53530427
I pick a place I've been in my life. Not something obvious, like where I lived, but something I know is written nowhere about me (the name of the place I used to by breakfast when in highschool, the main feature of a town I liked, etc...) then swap random letters for number and high case
>>53531374
There is only 29 sentences over 50 words long. I just got your password bro.
>>53532832
I never gave the right information. I didn't say which edition, I lied about the single sentence, and I lied about the character count. I might have also lied about the book itself. :^) I also lied about what I do with the information from that book to produce the password I actually use to open my Keepass DB.
I never disclose parameters outside of my head.
I use the "forgot password" link if my wallet gets corrupted or I loose the password some way.
I use kwallet to manage all of the things, having it locally means fewer people will try to access it.
>My 2nd waifu ~Maki~ is so kawaiii
There, unbreakable masterpassword. Upper/lowercase, number, and special character. Proper name and words not found in the typical english dictionary.
>>53532885
Nice backpedaling. You're rekt.
>>53532954
Ok go ahead and hack me breh.
KermitTheFrogHasAn11InchDick#!CrunchBANG#!
R8 my password please. I know it's not too complicated but it's easy to remember. How secure?
>>53532992
well now it's security is zero since you posted it here. go change it
come up with a dumb sentence and replace all the vowels with a number combo
> iwanttobetheverybestthatnooneeverwas
>0w0ntt1b1th0ve0ryb1stth1tn00n11v0rw0s
>>53532962
>>53533009
How will an anonymous post affect my security? Are you memeing me? Can somebody see that post and use that info to hack me?
>>53533023
>e
see even though I remember it, I still fuck it up.
>>53532962
and done
you're fucking dead now, kiddo
>>53533023
>goat pokemon theme
>dumb
Memorize a sentence that contains a year.
Done.
>>53532992
>11InchDick
Please go unJew your mind, goy.
>>53533041
I actually used the pokemon theme LOL
>>53532671
>I'm just saying that choosing words for a password from a list is just an extremely insecure passphrase.
No, it really isn't.
>Using a passwordgen from a dictionary makes bruteforcing from a dict-permutation algorithm unbelievably easy
This is blatantly false.
Lack of education on your part doesn't magically make the search space go away, anon.
>>53532677
>but let's take his word that the fastest computer can crack ~10^18
The order of magnitude depends GREATLY on the hash used.
For example, a powerful single server could attempt 10^11 MD5 hashes per second, but only 10^2 GnuPG keys per second.
That's 9 orders of magnitude, or the difference between cracking a password in 1 second and cracking it in 30 years.
Suppose I use 7 words from a dict of 1000 and fix my order, I'll get something on the order of 2e17 possible passwords. I then use this as a GnuPG decryption password with the largest possible s2k-count. It would take a powerful single server well over 10 million years to crack the password.
Even if the NSA had a million powerful servers running at the same time, it would still take them over 10 years.
And this is using the _very_ generous estimate of 7 words from 1000-size dict with fixed word.
>>53533302
Agreed, I was trying to trump up the worst case scenario. Even if a computer could attempt 10^25 (which is a fuckhuge number) keys/second, a mere eight words from the Diceware dictionary would take like 11 years to crack your pass.
>People actually using numbers and letters instead of just a bunch of regular words.
I'm sure that dictionary attack will with 20k combinations per word is going to be nasty. Seriously 10 words is already fucking ridiculous.
>>53533302
>>53533478
>all these idiots worried about the brute force resistance of their passwords
Good goys, that's exactly what the NSA wants you to do. Believe you're safe because you're using a long enough password, while in reality they're stealing your keys from under your noses with side channel attacks.
>>53533040
Please, no :'((
>>53530427
I made up a word
I then made up another word
I then merged the words
I then added some capitalisation and numbers
Used it for a while to get it in my fingers
I then changed it to using the keys to the left of the original keys so yes would for example be twa
japanese and korean lyrics from multiple songs plus some numbers here and there
my keepass password is 101 chars. 459 bits.
my password is a 12 character random string, with 2 out of the 12 characters being based off the URL and therefore unique to the website.
it's kind of a pain in the ass to type but at least i have it memorised and it's never the same.
>>53534159
Repeat it.
Now you have a 202 character password.
>>53534159
>459 bits
In reality, it's probably much less, around 80 or so, unless you wrote it in kanji, in which case I have no idea. Either way, it's a bad idea, Markov chains will fuck you up.
Use diceware.
>>53530511
qHU9l3~1W!1aOd~qaQUSHYy
I made software to always arrange this into a unique password.
>>53534275
>101 characters
>80 bits
You what?
lol every thread the same, people thinking they know more than security experts
>>53534491
Security experts like McAfee, right?
I think of a song and pick a phrase. Then I add some letters,numbers and symbols to it.
itsakindof30%/agicmagicMagic
>>53530427
>take website name
>1337-ize it
>add same amount of dots as website name
Example:
>4chan
becomes
>4ch4n.....
This method usually gets me 80%+ strength on those password ranking sites
Use an online random string generator, then copypasta the first n characters, at least 8.
>>53534413
Okay, my bad, it's more like 150, but still way less than 459.
>>53534653
>copypasta is a verb now
Shiggy diggy doo, reddit
>>53530427
u53 l3375p34k f46607
>>53534666
>Le rebbit
Lurk more nigger
People used to write in fucking leetspeak, saying copypasta is almost proper English.
>>53530427
>strong master password
you mean strong master passphrase
when it allows long strings i always do
thisismypasswordforthissite
Long passphrase for a master password. Then I rely on the entropy of the password manager generator for my actual passwords.
>>53534697
I'm no memeologist but this sounds not right
>>53534717
I often lie awake at night, wondering if paleontomemology and archeopepelogy will be a real sciences.
>>53534713
Weaknesses of password managers aside, what's the entropy of something like this?
Q4i0%WH`i5c(,!bg:})9#a48E>q|oLE4e[cd+0#7ct/s
>>53534735
I sometimes wonder if people will still watch our movies in 1000 years.
Like Star Trek Into Darkness about the future of mankind.
>>53534742
pretty sure one can't always have slashes in passwords
>>53534742
It seems random, so probably at least 265 bits.
>>53534754
I'm sure they will after the next dark age of man>>53534758
>>53534742
This seems like a tough one to crack, but nobody would be able to tell without knowing the entropy source.
Let's say, for arguments sake, that your entropy source always skips certain characters, or has a pattern that makes it predictable when one would expect a number or a letter at fixed intervals, or any other patterns. This would be very detrimental to the entropy of all the password you would be able to generate.
>>53534787
The source is a random password generator, uses Uppercase, lowercase, symbols, and numbers. Any symbol on a standard American keyboard. This particular password is 44 char long,
So, each char would be 8 bits, 44 * 8 = 352
352 bits of entropy?
>>53534818
Wait, no, I'm wrong. there are 99 keyboard symbols. And the possibility of a blank(null) entry for a total of 100 possible characters.
100^44 ≈ 2^292 bits
>>53534877
>>53534818
I think you're right about the math, but character space is typically determjned by the character set you're using (UTF-8, for example). However, nobody would be able to tell you the practical strength of the password without knowing the entropy source. Consider Debian and OpenSSL for example (2008) https://www.schneier.com/blog/archives/2008/05/random_number_b.html
Debian distributed their OpenSSL package with a weak pseudo random number generator (PRNG) by removing an important line that greatly impacted the entropy of the PRNG. The initial randomness of the seed (IV) was reduced to the maximum number of process IDs on your system (2^15, or 32,768. This caused all OpenSSL generated certificates to be very weak, and I think there are still some servers around the globe that run these weak certificates. Qualys SSL Labs still tests this for server tests as well: https://www.ssllabs.com/ssltest/
So, people make mistakes, and without knowing the system you rely on, or without at least public verification of the cryptographic system you rely on, there's no telling if the system is weak and should therefore not be trusted until it's verifiably secure. To quote Auguste Kerckhoffs, "a cryptosystem should be secure even if everything about the system, except the key, is public knowledge". For cryptographic systems, always choose open source projects that receive regular code inspection or audits.
>>53531214
My response got a little too long, and then a lot too long. If you want the real text so you can copy the references or something, feel free and I can share the ref.bib as well so you don't have to go hunting down URLs and shit
>>53530815
Your meme passwords become easily crackable when the website has arbitrary password restrictions with a 16 char limit :'>
Thats another reason why password managers are GOAT.
>>53535025
I don't use any sites or services with limiting requirements on my passwords, so I'm not sure how I would handle that. I would probably just not use the site. If I'm ordering food at some restaurant's site and I don't see the HTTPS symbol (which is a pretty low level of security, really, but a very visible bar and one that some places don't even meet) I won't place the order or send over credit card info or anything like that. So I might be more conscientious than the average person
>>53535022
>forgot to en-dash "counter-argument"
why am i even alive
MARGARETTHATCHERis110%sexy
>>53535022
also, i regret nothing, except for the en-dash.
>>53530427
I'm using a long sentence that is not cryptic.
>>53531084
easy to remenber
>>53535022
Reading that pic, I can't help but think what a neat idea a secure program that can rotate all your passwords with something like a "sudo [program name] rotpass [database master password]" command would be. Of course CAPTCHA would stop it from ever becoming a reality.
>>53535113
is that a statement or your actual master password
>>53533302
And behind this password lies... What? Your MLP collection? Sure the NSA will use their million servers to crack that.
>>53530427
I manage my passwords with safeincloud and just have it generate them for me from the criteria I select.
>>53534742
>Weaknesses of password managers aside, what's the entropy of something like this?
See >>53531258
Depending on the rule you used to generate the password it could be anything from 0 bits to 352 bits.
>>53535783
>And behind this password lies... What?
Well, things that could get me thrown in jail for starters.
If there's something the government could conceivably use against me in order to ruin my life, it's worth protecting with crypto strong enough to survive your lifespan - especially if it's piss easy to do, right?
>>53537584
Not implying you're Amerifat, but isn't there a law in Murrika requiring you to release the keys on law enforcement's request, or face jail time for not complying?
Also, daily reminder all crypto means shit in the face of $5 wrench brute force approach.
>>53537834
>>53530660
all i see are *******'s
>>53537834
I'm not sure. I live in Germany, either way.
“They could just torture you” is not an excuse to use weak passwords, especially not when the difference between weak and strong passwords is only a very tiny overhead, so I'm not sure how it factors into this discussion at all.
Any amount of security is better than no security.
>>53530427
three or four words
>>53530427
Letters and numbers in cobinations that i can remember, Sometimes i make it so saying the numbers and letters outloud make some kind rhytm that i can remember
>>53537834
Isn't the murrican government in lawsuit with Apple because of that? And the FBI wants WhatsApp to give them a backdoor to their customers messages.
I don't feel safe trusting american companies' cryptography anyway. I treat anything I post in their networks as if it was plaintext in public spaces.
>>53538218
You shouldn't trust any company's cryptography.
Only trust peer-reviewed FOSS crypto implementations that have been developed and vetted by independent cryptographic experts.
Example: GnuPG, OTR
Keepass autogen
>>53531401
statistically, ypur password will contain XXX , since porn is the most common scene release, did I win?
>>53532511
Say your password is exactly 20 characters long. How many different combinations of words can it be made of?
Use /usr/share/dict to get started. A dictionary attack is going to take you forever.
I use an animals name with the letters that resemble numbers changed so.
Eg. m4rm0s3t
>>53530427
>anagram of my middle and last name + year i graduated from hs + random couple of symbols
>switch out a few characters for different variations, so I'm not using the same password everywhere
>>53539717
It's a common misconception that changing letters to numbers increases the security of the password.
The only way it would be an actual increase is if you used a random number generator to decide which letters to replace and which to keep. (Worth one extra bit per replacement)
But especially if you just replace every vowel, then you've essentially added yourself no security at all because the process is still deterministic.
Remember kids, security ONLY comes from randomness - not from obscurity.
>Make password basic as fuck
>Be poor and not have anything worth securing
>>53539862
I've got an awful memory I don't think I could remember a huge string of random numbers and letters.. any tips?
>>53530427
i use my old phone number from brazil. in in canada now .
>>53539910
>I've got an awful memory I don't think I could remember a huge string of random numbers and letters.. any tips?
>>53531046
>>53531177
>>53539910
Also minor nitpick:
>I have an awful memory
You probably mean “I'm bad at memorizing things”.
If you learned how to memorize things properly you would probably be able to memorize pi to a thousand digits with only a little effort involved.
>FUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSA
and then I put
>!4CHiN_T3h_HaCkEr!
at a random place in this string
>>53531059
I use my name in my native language
>>53540030
>6.6 bits of entropy
Not bad, might even take a nanosecond to crack.
Everyone knows that the four most uncrackable passwords are Love, Sex, Secret and God.
I use my last name backwards plus 123
>nolitepameepasahan123
>>53530427
One uppercase letter (at least)
One number
One Symbol of some kind
Use a word that no one has ever heard before, something Finnish or German perhaps
>>53530427
>Registering on a website
>Generate random 64 character password
>Registration completed successful
>Try to login
>doesn't work, WTF?
>mfw majority of websites cut your password off after 15th character without letting you know
>>53540142
> muh xkcd
ebonics + weeb slang
>>53531059
>world
contraseña: taco
drowssap
never had it cracked, feel free to use it
Five random non-english words spelt sideways with random capitalization
>>53540538
Any website that does that is most likely storing passwords in plain text which is a great reason to stay the fuck away from it.
"my.supersuper#securesecure@password1"
>>53530511
Which is stronger?
>>53530511
or
hellofuckyoufaggotimamuchstrongerpassword
>>53540562mapM_ (putStrLn . peeks ("!4CHiN_T3h_HaCkEr!"++)) $ contexts "FUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSAFUCKYOUNSA"
wow I just brute forced your password
Ask your Mather open vim, write your name and exit from the editor, do not forget run keyloger in the background.
#Gentoo666Gentoo666Gentoo666
You're welcome
A sentence in your third world language that only a couple million people speak anyways.
>>53541270
Still weak-
pw to everything = password123456
>>53543034
I -wish- I could put my password in Kanji.
>>53541270
Passphrases are very weak.
4096 random Unicode characters. If the website doesn't support this I simply don't use it because a website that doesn't take its security seriously is not worth using.
>>53530427
make it a number like 99988550011 then when you type it in hold down shift so its (((**%%))!! then add a word and put those symbols between the letters f((u(*c*k%%o)f)!f! then all you have to do is remember the numbers and the word(s)
