Any Tips on creating a good password?

Add a Comment

Comment by Glenn on July 18, 2009 at 6:48pm

You've received a number of very good suggestions. My suggestion would be only for the most paranoid of cases. It also assumes that you're not looking for an ultra-secure password to access the computer itself.

The most security possible (in my opinion) is to use one of the password generators mentioned, and preferably one that will generate passwords using even the undisplayable characters, if it is possible to use them in your application. You then want to create as long a password as possible. The more characters you can use, the harder it will be to "crack" it, and undisplayable characters will make it even harder. There are 36 of them (some of which cannot be used for obvious reasons, such as ASCII code &127, which is for Delete).

If you are super paranoid about it, the password should be generated on another computer. I'm not absolutely sure that some of these programs aren't security risks themselves, and if the code is generated on another computer that isn't going to be using it then transferred to yours, that should fairly well secure that possible hole. Once the password is generated, transfer it to a USB stick, an SD card, or whatever your preferred removable media would be.

Once you have the generated password inserted into your security software (encrypted drive or folder?), you can then use the removable media to insert your password whenever necessary. Of course, it wouldn't be a good idea to use such a password as access to your computer account, as you will not have access to your drives until logged in, and considering that some characters might be undisplayable (possibly you would not even be able to generate them with your keyboard), it would make it hard to log in.

The above is for absolute paranoia security. Most of the ideas already presented will generate a quite sufficiently secure password for the majority of security situations. I just thought it worth mentioning generating the password on another computer, and using undisplayable characters in it, if possible. Anything that makes your password harder to crack is a plus.

Comment by Unnikrishnan S on July 13, 2009 at 5:51pm

Randpass HTML App

http://windowsitpro.com/Windows/article/articleid/102048/random-passwords-on-demand.html

Comment by Robin on July 13, 2009 at 4:32pm

I use easy to remember password for most forums and other places where security is not paramount. For more important passwords, I use a password manager called KeePass (an awesome opensource password manager). For it to work, I ONLY have to remember one master password, which you should make sure is long and complicated enough (maybe use the tips others have given to create this master password). Whenever you open your KeePass passwords file, it will ask for the master password. After you have been authenticated, you can save/retrieve passwords. It also has a decent password generator to create really strong passwords if you need strong passwords, and since the password is stored in the passwords file, you don't have to remember it!

KeePass even has a USB version that you can slip into your pen drive. So, you can have password with you where ever you go! I may suggest you to save your passwords file on an online location, just in case you need to access it while you don't have your pen drive. You can use Dropbox, Syncplicity or anything similar to achieve this easily, so that you don't even have to upload your updated passwords file manually upon change.

I have tried other free password managers out there, but KeePass seems to be the best.
Hope this helps.

Comment by ACe on July 13, 2009 at 11:07am

the way i choose my passwords , is kind weird , but i been doing it for almost 7 years

i find a frase i know and i can remember example in god we trust i translate that frase into greek ..

στο Θεό εμπιστευόμαστε i chose the word εμπιστευόμαστε and i mix ^$&& .. ^ first $& at the 7th place and end with &

^εμπιστ$&ευόμαστε&

and no i dont speak greek lol

Comment by Petr Jan Otakar Svacina on July 13, 2009 at 9:25am

What I suggest to my clients is to remember a phrase or the initial words of an old child song and type the first characters of each word. I recommend to select some words, like nouns, and capitalize those characters. At the end of it I usually add a date or an address number of a dear person. This usually generates a sequence of characters and numbers impossible to find in a dictionary and, unless the phrase or song are to common, impossible to guess.

This process has also the advantage of being easy for the author to remember because it is generated from something that is dear to him or her.

Comment by Keith Stoneberger on July 13, 2009 at 9:16am

one way of doing so is to open up notepad and close your eyes then random type

Comment by WKnight on July 13, 2009 at 7:03am

I like to use my own personal ciphers. Then I memorize the ciphers so I can write down my passwords. For example, the cipher I use for business passwords might be:

1. Capitalize every other letter.
2. All lower case m's become asterisks
3. All passwords end in -%

So I write down hamburger in my wallet or password file but the password is really hA*BuRgEr-%. If someone finds your password file, it's useless without the ciphers. And I never write down my ciphers. I use a different cipher for personal accounts, sensitive personal accounts and business. Every time I change jobs I change business ciphers. As long as you have at least 3 rules to your cipher, you should come up with some secure passwords. 3 ciphers are easier for me to remember than 40 passwords. This method has been working for me for the past 10 years.

Comment by TechDaddyK on July 13, 2009 at 6:45am

When I need a "real password", I use the Strong Password Generator in 1Password. There are similar programs for you poor Windows users, too.

Comment by Seif Sallam on July 13, 2009 at 5:22am

for important things stuff make a password that contain letters (capital and small), numbers, and any special character like (_,#,$,.....) any thing, so if some-one try a brute-force attack on you it wont be easy.

for less important stuff like forms just use
make it 1 password for all that stuff
make it short and easy to remember

another technique to make a password, you can use the first letter of each word in a sentence, also you can use a password manager like LastPass it can make a generated password and keep it.

Comment by Jeni on July 13, 2009 at 4:49am

Take a sentance like "My favorite two authors are number one JC Hutchins and two Scott Sigler" then take the first letter of each word capatalizing when appropriate and using numbers and symbols. The resulting password would be "Mf2awb#1JH&2SS"

• First
• Previous
• Next
• Last