• Best method to create strong passwords

    Home » Forums » AskWoody support » Connected home / Internet of things » Connected home / Internet of things – Misc » Best method to create strong passwords

    Author
    Topic
    dmt_3904
    AskWoody Lounger
    December 27, 2019 at 8:14 am #2036930

    Merry Christmas and Happy holidays everyone!

    Sorry if this is a duplicate post I was having problems  & kept tapping the wrong key!

    I’m not sure if this is the correct forum for but what is the best method for creating strong passwords?   I’m confused by the advice out there.   Got tips below from –https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

    According to the traditional advice—which is still good—a strong password:

    • Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
    • Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
    • Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
    • Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

    The diceware method is dictionary words.  Is the strength in using six or seven random words?  Randomness.   And if you throw in some numbers and symbols that makes it more strong?   What about a passphrase ?   Or using the first letter of each word in a sentence with numbers and symbols thrown in?  Is 14 characters minimum length really OK ?   Number of characters.

    I am going to get strongbox password manager which can generate passwords.  But I don’t want to change my passwords unless they have to be changed  and I am not 100% sure how to evaluate strength.

    Reply | Quote
    Viewing 3 reply threads
    Author
    Replies
    • RetiredGeek
      AskWoody_MVP
      December 27, 2019 at 9:41 am #2036953

      DMT,

      IMHO the best method is to use a password manager that generates random passwords for you and remembers them.

      RFPWGenerate

      The above is from my favorite RoboForm (free for personal use).

      HTH 😎

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      3 users thanked author for this post.
      Moonbear, Ascaris, dmt_3904
      Reply | Quote
    • access-mdb
      AskWoody MVP
      December 27, 2019 at 1:57 pm #2037014

      Google for most used passwords and make sure you don’t use any of them! RG’s password above doesn’t appear in the 10,000 most used passwords (unsurprisingly).

      The other thing is that you should never use the same password on more than the one site.

      Personally I don’t think changing passwords helps at all, unless you’ve been told that the site in question has been hacked, but the breach is now fixed.

      And of course, the mathematicians will tell you that most random passwords aren’t random but pseudo random, but this is me being pedantic.

      And if you use password reset and they send you the unencrypted  password, they haven’t encrypted it – so I would suggest it’s not a website you would want to use. This happened to me once (actually they confirmed the password in an email when I registered). I told them this was a big security risk, but they just said that they were a new site and hadn’t set these things up. I didn’t use them again.

      Eliminate spare time: start programming PowerShell

      Reply | Quote
      • dmt_3904
        AskWoody Lounger
        December 29, 2019 at 6:36 am #2037382

        The other thing is that you should never use the same password on more than the one site. Personally I don’t think changing passwords helps at all, unless you’ve been told that the site in question has been hacked, but the breach is now fixed.

        Totally agree on this and this what I do. Thanks for your advice.

        • This reply was modified 5 years, 4 months ago by dmt_3904.
        Reply | Quote
    • wavy
      AskWoody Plus
      December 28, 2019 at 6:10 pm #2037266

      This site has a few options:
      https://www.grc.com/passwords.htm it generates random passwords

      64 random hexadecimal characters (0-9 and A-F):
BB87380052999048CE084303C3B6ABDBC49F7CD0581037FBB6F24808E9EE7600

63 random printable ASCII characters:
cmd{Nqx-tI*K8Nzsimnpw](ir"Tj:r>E@SJI[d378ZB"-rs39~mgI!6RJQuS7K2

63 random alpha-numeric characters (a-z, A-Z, 0-9):
rl5UpDViD0ZkXfIFCuAn0VTLunYE0JAnrPbyO0zSzyRPcVAjKzyh7tAnK49BqAx

      You likely would want a password manager for ones like that, even a 20 character chunk would be better than what most would use.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      1 user thanked author for this post.
      dmt_3904
      Reply | Quote
    • Paul T
      AskWoody MVP
      December 30, 2019 at 8:20 am #2037763
      dmt_3904 wrote:

      I am not 100% sure how to evaluate strength

      Open your password manager and paste the password into the password field of a test entry. You will see a password strength report – on any decent password manager.

      cheers, Paul

      1 user thanked author for this post.
      dmt_3904
      Reply | Quote
      • dmt_3904
        AskWoody Lounger
        January 5, 2020 at 6:16 am #2040687

        I used my password manager password generator.   It creates a random pw –  upper, lower case, numbers, symbols – default 24 characters long.  I did a little more research and read that over 20 random characters very secure for brute-force attack.  Some password rules do not allow eight or more characters and restrict characters that may be used. But can’t help that.   The password generator can also give diceware passwords.  So I think I’m good, for now ; )

        thanks to all for your help

        Reply | Quote
    Viewing 3 reply threads
    Reply To: Best method to create strong passwords

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.