Best method to create strong passwords

[dmt_3904]

Merry Christmas and Happy holidays everyone!

Sorry if this is a duplicate post I was having problems  & kept tapping the wrong key!

I’m not sure if this is the correct forum for but what is the best method for creating strong passwords?   I’m confused by the advice out there.   Got tips below from –https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

According to the traditional advice—which is still good—a strong password:

• Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
• Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
• Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
• Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

The diceware method is dictionary words.  Is the strength in using six or seven random words?  Randomness.   And if you throw in some numbers and symbols that makes it more strong?   What about a passphrase ?   Or using the first letter of each word in a sentence with numbers and symbols thrown in?  Is 14 characters minimum length really OK ?   Number of characters.

I am going to get strongbox password manager which can generate passwords.  But I don’t want to change my passwords unless they have to be changed  and I am not 100% sure how to evaluate strength.

Reply | Quote

[RetiredGeek]

DMT,

IMHO the best method is to use a password manager that generates random passwords for you and remembers them.

The above is from my favorite RoboForm (free for personal use).

HTH 😎

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Attachments:

You must be logged in to access attached files.

3 users thanked author for this post.

Moonbear, Ascaris, dmt_3904

Reply | Quote

[access-mdb]

Google for most used passwords and make sure you don’t use any of them! RG’s password above doesn’t appear in the 10,000 most used passwords (unsurprisingly).

The other thing is that you should never use the same password on more than the one site.

Personally I don’t think changing passwords helps at all, unless you’ve been told that the site in question has been hacked, but the breach is now fixed.

And of course, the mathematicians will tell you that most random passwords aren’t random but pseudo random, but this is me being pedantic.

And if you use password reset and they send you the unencrypted  password, they haven’t encrypted it – so I would suggest it’s not a website you would want to use. This happened to me once (actually they confirmed the password in an email when I registered). I told them this was a big security risk, but they just said that they were a new site and hadn’t set these things up. I didn’t use them again.

Reply | Quote

[dmt_3904]

The other thing is that you should never use the same password on more than the one site. Personally I don’t think changing passwords helps at all, unless you’ve been told that the site in question has been hacked, but the breach is now fixed.

Totally agree on this and this what I do. Thanks for your advice.

• This reply was modified 1 year ago by dmt_3904.

Reply | Quote

[wavy]

This site has a few options:
https://www.grc.com/passwords.htm it generates random passwords

64 random hexadecimal characters (0-9 and A-F):
BB87380052999048CE084303C3B6ABDBC49F7CD0581037FBB6F24808E9EE7600

63 random printable ASCII characters:
cmd{Nqx-tI*K8Nzsimnpw](ir"Tj:r>E@SJI[d378ZB"-rs39~mgI!6RJQuS7K2

63 random alpha-numeric characters (a-z, A-Z, 0-9):
rl5UpDViD0ZkXfIFCuAn0VTLunYE0JAnrPbyO0zSzyRPcVAjKzyh7tAnK49BqAx

You likely would want a password manager for ones like that, even a 20 character chunk would be better than what most would use.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

dmt_3904

Reply | Quote

[Paul T]

dmt_3904 wrote:

I am not 100% sure how to evaluate strength

Open your password manager and paste the password into the password field of a test entry. You will see a password strength report – on any decent password manager.

cheers, Paul

1 user thanked author for this post.

dmt_3904

Reply | Quote

[dmt_3904]

I used my password manager password generator.   It creates a random pw –  upper, lower case, numbers, symbols – default 24 characters long.  I did a little more research and read that over 20 random characters very secure for brute-force attack.  Some password rules do not allow eight or more characters and restrict characters that may be used. But can’t help that.   The password generator can also give diceware passwords.  So I think I’m good, for now ; )

thanks to all for your help

Reply | Quote

[Author]

Posts