News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Best method to create strong passwords

    Posted on dmt_3904 Comment on the AskWoody Lounge

    Home Forums AskWoody support Connected home / Internet of things Best method to create strong passwords

    Viewing 4 reply threads
    • Author
      Posts
      • #2036930 Reply
        dmt_3904
        AskWoody Plus

        Merry Christmas and Happy holidays everyone!

        Sorry if this is a duplicate post I was having problems  & kept tapping the wrong key!

        I’m not sure if this is the correct forum for but what is the best method for creating strong passwords?   I’m confused by the advice out there.   Got tips below from –https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

        According to the traditional advice—which is still good—a strong password:

        • Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
        • Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
        • Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
        • Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

        The diceware method is dictionary words.  Is the strength in using six or seven random words?  Randomness.   And if you throw in some numbers and symbols that makes it more strong?   What about a passphrase ?   Or using the first letter of each word in a sentence with numbers and symbols thrown in?  Is 14 characters minimum length really OK ?   Number of characters.

        I am going to get strongbox password manager which can generate passwords.  But I don’t want to change my passwords unless they have to be changed  and I am not 100% sure how to evaluate strength.

      • #2036953 Reply
        RetiredGeek
        AskWoody MVP

        DMT,

        IMHO the best method is to use a password manager that generates random passwords for you and remembers them.

        RFPWGenerate

        The above is from my favorite RoboForm (free for personal use).

        HTH 😎

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

        Attachments:
        3 users thanked author for this post.
      • #2037014 Reply
        access-mdb
        AskWoody MVP

        Google for most used passwords and make sure you don’t use any of them! RG’s password above doesn’t appear in the 10,000 most used passwords (unsurprisingly).

        The other thing is that you should never use the same password on more than the one site.

        Personally I don’t think changing passwords helps at all, unless you’ve been told that the site in question has been hacked, but the breach is now fixed.

        And of course, the mathematicians will tell you that most random passwords aren’t random but pseudo random, but this is me being pedantic.

        And if you use password reset and they send you the unencrypted  password, they haven’t encrypted it – so I would suggest it’s not a website you would want to use. This happened to me once (actually they confirmed the password in an email when I registered). I told them this was a big security risk, but they just said that they were a new site and hadn’t set these things up. I didn’t use them again.

        • #2037382 Reply
          dmt_3904
          AskWoody Plus

          The other thing is that you should never use the same password on more than the one site. Personally I don’t think changing passwords helps at all, unless you’ve been told that the site in question has been hacked, but the breach is now fixed.

          Totally agree on this and this what I do. Thanks for your advice.

          • This reply was modified 5 months ago by dmt_3904.
      • #2037266 Reply
        wavy
        AskWoody Plus

        This site has a few options:
        https://www.grc.com/passwords.htm it generates random passwords

        64 random hexadecimal characters (0-9 and A-F):
        BB87380052999048CE084303C3B6ABDBC49F7CD0581037FBB6F24808E9EE7600
        
        63 random printable ASCII characters:
        cmd{Nqx-tI*K8Nzsimnpw](ir"Tj:r>E@SJI[d378ZB"-rs39~mgI!6RJQuS7K2
        
        63 random alpha-numeric characters (a-z, A-Z, 0-9):
        rl5UpDViD0ZkXfIFCuAn0VTLunYE0JAnrPbyO0zSzyRPcVAjKzyh7tAnK49BqAx

        You likely would want a password manager for ones like that, even a 20 character chunk would be better than what most would use.

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        1 user thanked author for this post.
      • #2037763 Reply
        Paul T
        AskWoody MVP

        I am not 100% sure how to evaluate strength

        Open your password manager and paste the password into the password field of a test entry. You will see a password strength report – on any decent password manager.

        cheers, Paul

        1 user thanked author for this post.
        • #2040687 Reply
          dmt_3904
          AskWoody Plus

          I used my password manager password generator.   It creates a random pw –  upper, lower case, numbers, symbols – default 24 characters long.  I did a little more research and read that over 20 random characters very secure for brute-force attack.  Some password rules do not allow eight or more characters and restrict characters that may be used. But can’t help that.   The password generator can also give diceware passwords.  So I think I’m good, for now ; )

          thanks to all for your help

    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Best method to create strong passwords

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.