Password strength

[allen-uk]

Without going mad, I'm trying to settle on a 'strong' password. Microsoft's checker says mine is only medium, but I think they're barking.

This isn't it, but it's on similar lines:

1mmgawpbabcsa0tl1ffh1pau

which I thought (think) is darned-near uncrackable. Or am I being hopelessly naive in the face of modern password-cracking programs?

A.

 

[marinyork]

What's in the alphabet? Some languages over the alphabet include uppercase and the shift + number functions. I'm not sure why you'd want a password that had so many a and 1s in.

 

[allen-uk]

That particular 'form' is the first couple of lines of an old song. 1 is I, 0 is O; apart from that, each letter is the right letter.

And anyway, is it easily cracked? (Or am I?)

A

 

[marinyork]

It is certainly not strong. You can easily get a strong password with 8 characters. It's not a dictionary style string though, so could be a lot worse.

 

[allen-uk]

How do password-cracking programs work? (It might help me understand why mine is weak and what I can do about it).

A.

 

[Carwash]

Without going mad, I'm trying to settle on a 'strong' password. Microsoft's checker says mine is only medium, but I think they're barking.

It might be saying that because, while it's a long string of letters and numbers, there are no non-alphanumeric characters. That would be a bit silly, but at the same time it would be consistent with Microsoft products.

Why not try doing

$ pwgen -s1 24

a few times and picking one you like?

 

[allen-uk]

Because of a failing memory, carwash old bean. First lines of songs, however long and complex, I can remember, and apparently WILL remember to my grave. Random bits and pieces as N times harder.

A.

 

[marinyork]

Proper password hacking programmes use various methods based on mathematical theorems. More normal password gathering programmes rely on people using easy dictionary word, easy sequences and so on. You're probably best off reading something like http://en.wikipedia.org/wiki/Password_strength rather than listening to me as I'm not a number theorist. A simple example might be best to demonstrate why longer is better.

Compare a 8 digit password similar to yours. 36^8= 2.8x10^12
I might have a password that used my 74 characters that was a string of length 8. 74^8=9x10^14. So by using the extra characters there are about 300 odd times the number of combinations.

Your password is all right, I was just making the point that at least one very famous on-line company allows both uppercases in passwords and special functions. So instead of the 26 lowercase and 10 digits in your password you could have 26lc + 26 uppercase + 10 digits + at least 12 special characters. Theoretically you could get 88 or above characters but few places support this.

 

[allen-uk]

Hmm. As I hinted to carwash, the added problem is remembering the buggers. I could probably devise an uncrackable password, but I'd need to write it down next to my computer!

A

 

[marinyork]

Do what works for you. It's certainly better than most people I've met and their passwords. The other point is many people use the same much simpler password on many different things, which is also a bad idea.

 

[Carwash]

Hmm. As I hinted to carwash, the added problem is remembering the buggers. I could probably devise an uncrackable password, but I'd need to write it down next to my computer!

A

Something which might make a (marginally) more secure password that's nonetheless memorable might be to pick a word/phrase and a number you will easily remember, and mix them together somehow. For example, a M*A*S*H fan might use 'hawkeye4077' or 'h4a0w7k7eye'. Would beat dictionary attacks, at any rate.

 

[marinyork]

I find it interesting that you find it easy to remember music but not numbers or other strings. Definitely interesting!

 

[bonj2]

I don't think anyone's that bothered about hacking into your cyclechat accont allen.

 

[Night Train]

I use complex alpha numeric in upper and lower case but have a more simple complex code to remember what each one I use is.

 

[fossyant]

Easy for us bikey's - pick some random bike makers name/part name and your away with a number combination you know.....