What is your best advice for creating a good password manually?
Devanand Premkumar
52 replies
I sometimes create passwords with a combination of words. For example "be-kind-and-respectful" is just one such combination.
At times "read-one-book-a-day" hits me up as it kind of reminds me of one of my goals that I have planned for myself.
I do wonder how do you think is the best way to create a good and strong password manually without the help of any supporting tools like browser manager, password manager, etc.
Replies
Ryan Glass@ryan_w_glass
Downtime Monkey
Entire phrases from books or song lyrics etc. are vulnerable to combined dictionary attacks even if they are very long.
Share
@ryan_w_glass That is true. At the same time, such large lists brute forcing would also be too noisy and it would trigger some alerts, if defenses are properly implemented. Adding to that, such large dictionary attacks would be time consuming as well if the length exceeds a particular value.
Take a song you know and make a password from each initial letter of every word of the first two verses
onPASSWORD One
A couple of years ago I developed a friendly password generator as a side project.
Hope it helps!
https://onpassword.one
use to take ex dob with a some selected word along with.
@sreekanth850 Sounds like a simple idea to use. But question is how secure it is and how can you remember all the passwords that is created using this logic?
@devaonbreaches regarding security , yeah . i use lastpass to remember all the password. Actualy there is a need for passwordless login.
Write long sentences ^^
@benoit_chambon Molly Bloom's soliloquy in the James Joyce novel Ulysses (1922) contains a sentence of 3,687 words.
Wonder if this would qualify as one of your suggestions :D
koinju
@benoit_chambon Does this loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo ooooooooooooooooooooooooooooooooooooong sentence work ?
@benoit_chambon @nazim_m Maybe, maybe not. ¯\_(ツ)_/¯
I randomly slap the keyboard like crazy with holding the shift key sometimes and adding random special chars, the result looks quite cryptic to me
When you were a kid you most likely was making up some names or abbreviations which are still memorable in your head, right? Just pick three of them and combine in any order you want. In the end, you are having different passwords which are easy to remember for you, but not for anyone else :) As a delimiter, you can use for the first one: dash (-), for the second one: hash (#).
For example, you can do something like this:
Memorable parts: Mat, F1Cup, 12Blond (you pick your memorable parts yourself :) )
Passwords:
Mat-F1Cup#12Blond
Mat-12Blond#F1Cup
12Blond-F1Cup#Mat
12Blond-Mat#F1Cup
F1Cup-Mat#12Blond
F1Cup-12Blond#Mat
...
Hope that helps :)
@ilia_pikulev My historical memories and words combination will always be super unique to each and every one of us. I think this is novel as well as secure considering the fact it is not expected to be easily guessed or brute forced by sheer number of combination.
As long as this is above 10-12 characters in length, I think this is super easy for all to use and remember :)
You can also substitute some letters with their equivalent number (3 = E) (I = 1) and if the source allows for it add an exclamation mark, question mark or full stop at the end of a sentence in order to secure your pw further
@nicolaas_spijker G00d 0ld p@$$sword m0d3l w0rk$ f!n3.
ComplYant
Someone once told me about this comic, which is funny and could be used as a starting point for a stronger password: https://xkcd.com/936/
@shilohjohnson Believe it or not, this is one most used strategy for password selection. Guess that works fine for you as well.
Freemake
I have several made-up words which I use as passwords with different combinations of figures and capital letters :)
@anna_caine Made up words - your own vocabulary sounds like an interesting idea. Hope the combination of words do exceed at-least 10-12 characters length as a best practice.
To make a good password I use 1 uppercase letter or if it like 2 words then 2 uppercase letters and rest of them in lowercase , other than I use 1 special character and two numbers
@jaskiran_kaur Curious me on why these combinations?
everything that is simple is always difficult. therefore, I make passwords as simple as possible.
Song lyrics :D
By the way, regarding the passwords subject. Among the products that are featured today there is Cotter No-Code Passwordless Login by @anthonyharris, @putrikarunia, @albertpurnama and @michelle_marcelline
For me the best way to do it manually ... is to do it automatically using a strong password manager :)
Diceware passwords are the way to go for me. Using a wordlist and rolling physical dice to choose the word removes any personal bias from the words chosen. Take a few words and string them together to form a password that isn't too hard to remember. More info about it here: https://en.wikipedia.org/wiki/Di...
@teamtomato7 Diceware password model is used in super sensitive accounts including financial lockers these days. I have also seen this being used in Crypto currency exchanges with a larger set of words as seed for Diceware. Nice to hear that being used as a regular use case :)
@devaonbreaches I like the concept of unbiased randomness and creating a new password is simple if you have a wordlist and physical dice. Lucky for me, I'm someone who plays board games and D&D regularly so I have dice nearby. Maybe even _too_ many dice nearby.
Autonix | Free WiFi QR Code Generator
I use a base plus a site identifier. For each website I tack on a nickname that i'll remember. Example... if my base is "pass123!" when i create a password for ProductHunt i might use "pass123!prodh". Unique passwords for every site so a compromised password isnt useful on any other website, but very easy for me to remember because all i need to do is recall my nickname for the website im trying to access.
Autonix | Free WiFi QR Code Generator
@devaonbreaches the base password is a good strong password in its own right. The combination is usually > 16 chars consisting of lower, upper, numbers and special chars. Couple that with I usually dont use the most obvious add-on name. For example with Product Hunt... I probably wouldnt use producthunt or ph (i used SSO via google so doesnt apply but just an example). All that said, im most worried about an automated attack. If you had my base password and you had some time, you probably could get into an account or two on a premium destination.
I quite often use the well-known name plus symbols, but this is not entirely reliable)
Prefer to use password managers tbh haha
but if I had to, I'd kinda' take the name of a random city I know (little town middle of nowhere mexico) plus some numbers and symbols, or someone's nickname.
usually combinations of words in different languages and numbers works as well
@carlosleyva I like your idea about the random city and combination, but the question is how will you identify the password you used to be unique with each service? That is a big question as well.
@carlosleyva True again. Password managers are much secure compared to any password creation models created manually.