Lets say your name is John, and you really like going duck hunting, so john has been using the the password sillyduck for the past 10 years.Now how would we make this strong, I bet I know your answer.
John could make his password like this
sillyduck123 or how about sillyduck1 or sillyduck89 for the year he was board etc.. Oh man now lets get really creative Sillyduck89 now see how creative we just got? we just made the S at the beginning of the sentence upper cased. Now we are uncrackable! Sadly that is not the case, a lot of companies that I have pentested for have these polices and this is the most common way that people create their supposedly stronger password. Now this is the mistake, all that I would need to do is extract the hash and create a word list to try and crack all of their passwords. Well lets say my first attempt I cracked all of their passwords without any rules being set in 12 hours using a gpu based cracking program.Now with the security implementation, it may take me longer and I might miss a lot of them, but a hacker might just simply say hey just add an upper case to the first part of every password on the list and then add some random number 1-999 and then what it would do is it will create a list using the one that just cracked all of the old ones, but this time it will add all of the other passwords that we just generated with that new rule. Lets start up our program..... ding 99.9% cracked. Hmmm are these passwords really all that secure. Now lets look at the password that we didn't crack, oh look someone used an uppercase letter L and an upper case C is sillyduck123 instead of at the beginning. This is good, but not the best. Now how I like to create passwords and how I advice others to create passwords especially for those with any type of power on a website such as an admin or moderator. Is make the password the least be relevant to you as possible. and also don't use just one word. I recommend a password that is at least 15 characters long. Lets get into creating this super password. What I like to do is think of a sentence like lets say something like
My wife hates it when I eat spicy food at the taco place before I go to bed. Now how do we make this long sentence a password.
My we can have that be an m
wife can be a W or to vv but lets make it a capital W
hates lets make that an h
it well the i looks kinda of like a ! so lets use ! and when ever we run into an i lets change it to an !
When lets make that an uppercase W
I yet again lets make it an !
eat lets make it a lowercase e
spicy lets make it a $ and use the $ when ever we run into an S
food lets use a lower case f
at lets use a uppercase A or we could use @ but I feel we have to many symbols already
the lets just have it be capital and remember to use that rule for all T's that we have T
Taco so yet again another capital T
place lets make that a lowercase p
before lets also make that lowercase b
I lets use ! because we always will use ! for anything that has an I !
Go lets make the G a capital and always use G as an uppercase in all of our other passwords G
To yet again we are going with an uppercase T
and then bed lower case b
So are new password is
mWh!W!e$fATTpb!GTb now doesn't that look confusing just looking at the password and seemingly impossible to remember without our sentence password creating system.
I really would advise anyone to use this system for creating strong passwords.
I'm not just a gamer, I do this for a living, so take it from a professional that actually pentests and cracks websites, networks, and users passwords for a living.
If you have any questions just send me a pm on tomshardware, and as always thanks for reading.
Related resources
- SolvedIs my CPU strong enough not to create a bottleneck? Forum
- SolvedUnable to make a strong password on my Belkin Share N300 Forum
- SolvedAdvice for creating a gaming PC out of existing hardware Forum
- strong passwords Forum
- kogan smart TV gets a strong signal from router, I type the correct password but won't connect. any idea? Forum