58

What are the methodologies which can be used to generate "human" good quality password?

They have to ensure a good strength and also easy to remember for a human being.

AviD
  • 72,708
  • 22
  • 137
  • 218
gbr
  • 2,020
  • 1
  • 17
  • 22
  • 3
    Create one really good one and let http://agilewebsolutions.com/onepassword do the rest. – Tate Hansen Nov 21 '10 at 20:30
  • 6
    Shouldn't this be a community wiki, since there's no one answer? – Bill Weiss Jan 07 '11 at 21:36
  • 4
    For every IT question, there is a relevant [xkcd comic](http://xkcd.com/936/). – StrangeWill Nov 29 '11 at 14:42
  • Why the requirement of easy to remember? If it's easy to remember, it's probably not strong enough. – Gerry Feb 23 '12 at 14:39
  • lastpass password generator, then you only have to make one secure password and can generate as many passwords as you want without having to remember tons of different passwords. – Mark S. May 27 '12 at 19:05
  • 1
    Best advice I've seen on passwords http://xkcd.com/936/ – Wayne In Yak Nov 30 '11 at 16:01
  • 1
    I like to use a [1Password](http://agilebits.com/onepassword)'s random passphrase generator which does allow to only use pronounceable phrases such as `wha-no-pirt-biqu-wu`. I think this is a good mixture between random chars and being able to memorize the password easily. – king_julien Apr 18 '13 at 11:27

38 Answers38

40

This XKCD comic describes a way to generate a good password. The quality of such passphrases has been discussed in : XKCD #936: Short complex password, or long dictionary passphrase?

xkcd.com

paulmorriss
  • 229
  • 1
  • 4
  • 9
  • This is a pretty decent method, but the comic doesn't really get into _how_ to generate a password consisting of random words. In particular, it's important to note that the words chosen must _actully_ be random. "thisismypassword" is a password which consists of four words, but is probably not very secure because the words chosen are not random. To ensure you are choosing your words randomly, I recommend [Diceware](http://world.std.com/~reinhold/diceware.html). – Ajedi32 Dec 05 '16 at 16:37
35

Ahem.
Depending on what this password is to be used for, I would recommend a technique recommended even by crypto-great Bruce Schneier:

Write it down.

That's right - get yourself a REEAAAHEEELLYYY complex random password that you cannot remember, and WRITE IT DOWN.
Of course, write it someplace safe, not attached to outside of your laptop that the password is being used for.

AviD
  • 72,708
  • 22
  • 137
  • 218
  • 3
    +1 Agreed. Anything that can be attacked millions of times offline needs a ridiculous password, but attacks that can be spotted before thousands of attempts don't need as strong passwords. – Bradley Kreider Feb 09 '11 at 03:51
  • 3
    and this is precisely what software like 1Password, KeePass and LastPass aim to achieve. Thumbs up. – KG - Feb 09 '12 at 10:56
  • 1
    If you write it on a piece of paper, also make sure it's the only piece of paper placed on a hard surface. Or, use a soft tip pen. Just a thought... I swear it's not me in my family that watches _Murder She Wrote_! Honestly!! :) – TildalWave Apr 11 '13 at 04:04
  • 1
    The problem with writing passwords down is that you need to carry that paper with you whenever you want to use those sites. If you're travelling, working on the move, at someone's house etc, you may not always be carrying that. Using a formula to manipulate a single strong password to work for the site your using is possible. Otherwise LastPass as mentioned above is good. – AndyMac May 05 '13 at 21:07
  • My "cheat", to generate *apparently* complex passwords that are easily remembered, is to start at one key and move diagonally. Eg, 1qazSE$rfv. You can change how you shift, do zig-zags, etc. Just avoid horizontal runs, since keyboard complexity rating algorithms sniff out those and reject them. – Hot Licks Oct 16 '14 at 18:05
  • 2
    @HotLicks, very BAD idea, now everybody knows how you create your low-entropy passwords. – reed Nov 24 '18 at 14:19
  • 1
    The reason why writing passwords on paper is generally not a good idea is that every time you need to type it you have to 1) take out the piece of paper, 2) read it carefully and type it. Often passwords need to be entered when other people are around you (friends, family, coworkers) and those people will end up knowing where you keep the piece of paper and maybe also read (or even take a picture of) the password while you are busy reading it yourself and typing it. – reed Nov 24 '18 at 14:24
26

I use a phrase. A proper phrase, with multiple words and spaces, but one I can easily remember.

"My favourite month of the year is the 3rd!"

growse
  • 541
  • 3
  • 5
  • 3
    Where do you use it? A system where you have to log in often? IMHO most users don't want to enter 42-character phrase. ;-) – qbi Nov 22 '10 at 14:53
  • 8
    If they can touch type it really isn't that difficult. The biggest problem is that most system place absurd restrictions on length or they won't accept spaces. – sdanelson Dec 03 '10 at 15:19
  • You can do that and pick the first letter or last letter of each word. – Bradley Kreider Feb 09 '11 at 03:46
  • 2
    Isn't that less safe than using a password? Assuming you use small and capital letters and 8 characters you have 52^8 combinations, compared to the ~2000 words we use in common speech raised to the power of 4/5? – Dave Feb 11 '11 at 00:44
  • I've not done the maths, but I would imagine if you include a good smattering of punctation marks, numbers and non-regular words, the combination count is quite high. Would be interesting to see someone sit down and work it out properly though (I'm not mathsy enough...) – growse Feb 11 '11 at 08:50
  • 8
    Actually, 52^8 yields 53,459,728,531,456, while 2000^5 yields 32,000,000,000,000,000. That's 3 orders of magnitude bigger for a "sentence" of only 5 words. Plus, most of us while we commonly only use 2000 words, have a vocabulary much bigger. Plus the sentence in the original post uses 9 words, one of which isn't even a word one would be able to see in the dictionary. – Kibbee Sep 19 '11 at 01:18
  • 1
    Some passwords are truncated: no matter how long your password is, the password is truncated before it is used for authentication. Linux and UNIX user passwords have been guilty of this; other passwords are probably guilty of this as well. – Mei Jan 26 '12 at 19:58
  • 1
    Choose one of the words in the sentence and intentionally misspell it - `My favourite mounth of the year is the 3rd!`. Still easy to remember, and increases the security quite a bit. – ripper234 Jun 10 '13 at 11:22
  • The only problem with this method (besides limitations on the size of the password) is the security risk of someone watching you type it - something meaningful to you and nonsense to someone else (like taking the first letter of each word) is the only way to combat that particular risk. Then again, the comment above mine helps as well. – Nacht Apr 28 '14 at 05:31
  • @qbi if a user can't be bothered to enter a long password, than that user doesn't deserve to be safe. – o0'. Oct 16 '14 at 13:30
  • "But I can't bother to lock my door!" ok, burglars will come, no problem for me. – o0'. Oct 16 '14 at 13:30
  • This is a pretty decent method, but I prefer to avoid it because it's difficult to accurately estimate the entropy of passwords generated using this method, and thus difficult to be sure of just how secure your password actually is. Diceware passwords are much easier to get an accurate entropy estimate of. – Ajedi32 Dec 05 '16 at 16:42
24

I like to use the Shift your fingers method. Take an easy passphrase like 'stackoverflow', move your fingers 1 character to right as you type and you get 'dysvlpbtg;pe' which is a lot harder to guess or crack.

Although this works fairly well its best to add a few other twists to this like a memorable number and some special characters to make it a really strong password.

'dysvlpbtg;pe!1234$'

Using this method its easy to have a different and very good password for each site you use but for it still be re-memorable.

UPDATE:

@Larry & @AviD point out that if this method becomes more common it becomes more likely to be taken into account by cracking dictionaries and other attack methods.

Obviously there is a balance between the re-memorable and the super secure. Depending on the usage applying some of these techniques would help make this method stronger.

  • Shift differently - don't just shift 1 character to the right. Go a different way and / or shift by a different number of characters. Using "stackoverflow" as an example passphrase again, shift down you get "xgz ,l dfv.ls", shift by 2 characters right you get "fudb;[ntyh'[r". This starts to improve the technique but obviously this can be adopted by attackers as well.
  • Suffix and Prefix - Add a suffix and prefix into the mix, "@@stackoverflow$$" adds a load of other possibilities in to the mix.
  • Be different - There are a lot of different methods suggested as answers to this question. Probably the best answer to the question, is to use a bit from each of them and make a method your own. In that way you will always remember it and if its unique to everyone else, it means it does not become weak as everyone else isn't doing the same thing.
Mark Davidson
  • 9,427
  • 6
  • 45
  • 61
  • 15
    Note that if this becomes common, it is easy to adopt dictionary attacks to this technique. – Larry Osterman Nov 22 '10 at 03:08
  • 5
    Also there are already some techniques that take keyboard placement into account. – AviD Nov 22 '10 at 06:05
  • I do agree with you guys like any technique when it becomes common it becomes less secure. A few suggestions to improve this method are to add a suffix and a prefix. Also don't just shift 1 character to the right, shift in another direction and / or by a different amount. – Mark Davidson Dec 03 '10 at 13:57
  • 3
    You should take into account, that different keyboard-layouts exists. – Mnementh Dec 19 '10 at 17:45
  • 5
    the problem with this method, once you forget was it "add @@ in the front, $$ in the back, shift 1 to the left and 2 down with wrap" or "add ## to the back, 12 at the front, shift 2 to the right with wrap and 1 down without wrap" you have a problem :) And sometimes you need passwords to places you last visited 4 years ago... – StasM Dec 31 '10 at 23:59
  • Sure, this could lead into problems if you change to a different keyboard layout... But most of us usually only encounter different layouts when travelling, and it's not a very bright idea to go typing your passwords into net cafe computers anyway, so I guess it could be considered an inadvertent security feature. :) – Ilari Kajaste Jan 10 '11 at 13:40
17

I use Diceware. You need a six-sided die (or a good random number generator), and a Diceware word-list.

Throw dice to get a five digit number; for example 34512.

Look up the word in the list; for example jinx.

Repeat five times.

Length is the most important attribute of a password. This will generate a fairly long password.

/Roger

Roger C S Wernersson
  • 3,100
  • 4
  • 19
  • 12
  • 9
    Length is NOT the most important attribute, f.e. "aaaaaaaaaaaaaaaaaaaaaa" will be hacked faster than "@#^(F3", and is harder to type in correctly without messing up the length. Quick, without looking: how many a's were there? – AviD Nov 22 '10 at 13:31
  • 10
    I disagree. If I wrote a program to find the password using brute force, I would check the shorter password much sooner than the longer password. I might be able to crack a six letter password within a day. The 22-letter a-password would take years, if not decades, using brute force. Also, I did say the MOST important, not the only attribute. Do you discourage using Diceware? – Roger C S Wernersson Nov 24 '10 at 06:57
  • 2
    Basically, you six letter All ASCII Printable Characters password has around 36 bits of entropy. Your 22 characters Case Insensitive Latin Alphabet password has more than 96 bits of entropy. See Wikipedia for details (https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength) – Roger C S Wernersson Nov 24 '10 at 11:23
  • 7
    When it comes to length vs complexity, one is not better than the other. There are trade offs. You need a degree of complexity with a fair length. – Steve Nov 25 '10 at 20:32
  • 5
    @Roger, there is a difference between brute-force and dictionary attacks. Obviously, bruteforcing the shorter one will be quicker than the longer - but a dictionary attack would work on the longer, whereas you would be forced to bruteforce the entire pass-space for the shorter. Wrt entropy, that only applies if it is a random password that uses the entire space - simple passwords are much easier broken without regard to entropy or length. – AviD Dec 05 '10 at 21:29
  • Diceware is an excellent starting point as it gives you a random nonsense phrase which you can strengthen as you see fit (random characters, multiple word lists etc). – Andrew Feb 14 '11 at 02:50
  • @Roger - diceware is used to create passphrases, not passwords. Thus you would have 6 words in the example given above. Of course, the same length of random alphanumeric with special chars will be stronger, but much harder to remember and input. – DanBeale Aug 03 '11 at 19:10
  • I too recommend Diceware. Not because of _length_, but because of _entropy_. Diceware generates high-entropy passwords which tend to be relatively easy to remember. Length in and of itself is only a valid defence against the most mind-numbingly simple of brute-force attacks, whereas high entropy passwords will hold up against brute-force no matter what guessing strategy the attacker uses. – Ajedi32 Dec 05 '16 at 16:26
14

I take a line from a song I like, and then take the first letter from each word. This will most likely not exist in any password dictionary. Then, you can substitute special characters.

For example, take Elvis Presley's Hound Dog:

You ain't nothing but a hound dog, crying all the time

This would become:

yanbahd,catt

Then, sprinkle in some special characters, play with the case, etc:

Y@nBa!^d,c@Tt

Then, if you can remember the song lyric, hopefully you can remember the password.

pkaeding
  • 1,034
  • 7
  • 12
  • 5
    It is pretty easy to add many of the most common ones here to a password dictionary: the number of well-liked songs out there is pretty small (compared to the number of words with even 9 letters, e.g.). Also, first letters of words have less entropy than even letters in general. It helps to make the modifications, but people tend to make the same sorts of changes (a to @, t to T, etc) so that doesn't take you to a whole new level. I much prefer the methods that more randomly connect big sources of entropy. Combining this with the place you first heard the song might be better. – nealmcb Nov 29 '10 at 05:36
  • I think you've lost the 'b' of 'but' in your final password. Maybe that's how you avoid the dictionary attack ;-) – tttppp Nov 29 '10 at 13:08
  • @tttppp ahh, good catch! – pkaeding Nov 29 '10 at 17:09
  • 2
    @nealmcb good point. I thought this was a clever method of coming up with passwords. I'm not really sure that I agree that the number of 'popular' songs is so small; what defines 'popular'? I would agree that songs Elvis's songs are among the most popular, but you can pick a song that is less mainstream-popular, yet has special meaning to you. You also don't have to pick a line from the chorus; you can pick a line from a verse. – pkaeding Nov 29 '10 at 17:13
  • @pkaeding Though I guess for a very targeted attack where the attacker can fetch your music interests from social media, using songs that only you like would be a useless counter. :) – Ilari Kajaste Jan 10 '11 at 13:51
  • @nealmcb: I strongly disagree. How would the attacker know it was *these two* lines from *this* Elvis song? How would the attacker know it was *all the words* from these lines? Take all the popular songs out there, and take all the lines from those songs in both one and two line combinations. Now take the first and last words off each of those lines. Your dictionary would be so large it would be useless. – Josh Feb 07 '11 at 16:32
  • What good is a password dictionary if you can detect the attack after the 500th attempt? I guess it depends on your definition of *good*. If you want your password to never ever be broken, then it is going to be very hard to remember it. – Bradley Kreider Feb 09 '11 at 03:49
  • I tried this method for a while, but in 4-5 years you completely forget which line from which song you used for which place, and with special characters you may as well randomly generate it - you have no chance of remembering it. At least I don't. That's why I abandoned this method. – StasM Feb 18 '11 at 07:10
  • @StasM, yeah, I have also abandoned this method, as a matter of fact. I now forget about trying to remember passwords, since it is not practical to have a secure password, that you don't use in multiple places. I now use a password management program (1Password is what I use, but there are others that are probably just as good). So, I just remember one secure password, and I type that into 1Password. 1Password remembers all my passwords, and generates new ones randomly when I need a new one. – pkaeding Feb 18 '11 at 21:27
  • 3
    @josh: There were only 933 songs to top the Billboard charts between 1955 and 2003 ("Fred Bronson's Billboard Book of Number 1 Hits, 5th Edition"). Multiply by perhaps 20 for # lines. There are of course many popular songs that never hit #1, and many genres, etc, but all told I think the number of songs likely to be used for the scheme presented here is very small compared to what you want to work from for a password. The presented scheme does not include your suggestion to remove first and last words (only sometimes, I assume), and even that only multiplies the number of entries by 4. – nealmcb May 22 '11 at 19:09
  • 1
    More importantly, any scheme that asks for something "I like" will likely lead most people to pick from a very skewed distribution of popular things, which makes dictionary attacks much more practical. Instead, password schemes need good independent sources of entropy. – nealmcb May 22 '11 at 19:13
  • Even if you went up to the top 40, the total number of lines is certainly less than a decent sized dictionary, and there will be many repeats due to the rules of english language and music lyric construction. As one of the masses, for now, this is probably fine. But if someone is going after you personally and knows your scheme, this is very weak. If this scheme becomes more popular, it will be added in as a default to JtR etc, at which point its game over for offline attacks. – Jason Coyne Jul 27 '15 at 16:46
  • @JasonCoyne yeah, that is a very good point, but I think it is one that can likely be made about any password that can be easily remembered. If someone is targeting you specifically, they may also know your taste in music, so even picking an obscure lyric in an obscure song by an obscure artist may not work. – pkaeding Jul 27 '15 at 18:12
  • Well, the point of diceware etc, is that they are easy to remember, but still have very high entropy. For your scheme, pick 3-4 different songs and take a verse from each. – Jason Coyne Jul 27 '15 at 18:23
  • Yeah, I understand the theory behind diceware, but I guess I'm skeptical that it leads to easy to remember passphrases. Was it 'righthorsebatterystapler'? No, 'correctdonkeybatteriespaperclip'? – pkaeding Jul 27 '15 at 18:27
11

Use a long sentence in your language. It's easier to crack a short, illegible password, than a long "plain" sentence. Choose lyrics from your favourite songs, quotes, whatever.

You can craft long (i.e., 40 characters or more) passwords this way, without having to think too much about them.

rsuarez
  • 235
  • 2
  • 3
  • 4
    The only problem with this method is if you apply it across multiple sites you may run into sites that limit your password to fewer characters than your sentence, and then you will have to remember multiple sentences. – joshuahedlund Nov 29 '11 at 17:17
  • @joshuahedlund: As an example, Skype won't let you use anything over 20 characters - just *how* they're storing the authentication data, I dare not ask (I just hope it's not in `user_password VARCHAR(20)`. – Piskvor left the building Nov 30 '11 at 14:48
  • @joshuahedlund this is not really the problem because password should be unique per site. I mean don't use the same password twice. I'm using 1Password to store passwords, usually 30 characters random, when site limits it to let say 20 I generate shorter one. – Wojciech Bednarski Dec 11 '12 at 01:54
11

There is good advice at http://www.schneier.com/blog/archives/2007/01/choosing_secure.html and http://en.wikipedia.org/wiki/Password_strength

I think the key is to combine at least two seemingly unrelated pretty big sources of entropy. E.g. part of one medium-sized word combined with letters from the beginning of an idiosyncratic phrase, with some mixed case and numbers/symbols thrown in the middle. Do it in a way that you can make an odd and memorable story about it all, and make sure it is long enough, depending on how important it all is to you. Practice it for a while, and put some subtle hints about the story in a relatively private file.

You can also go overboard on picking a long or hard-to-remember password: http://www.schneier.com/blog/archives/2009/07/strong_web_pass.html

nealmcb
  • 20,693
  • 6
  • 71
  • 117
8

I think of a lie -- something that isn't true, and make it into a proper sentence such as "The sky really is Green!". (This isn't one I've used before)

They are easy to remember because they are just so odd.

Steve
  • 15,215
  • 3
  • 38
  • 66
6

I use a passphrase and random generator for that phrase (substitution cipher). I regenerate my key card monthly and keep a copy with me. I find the pseudorandom nature of it creates for strong passwords in a quasi-2 factor authentication. Something I have is my key card, something I know is my key phrase. As sample, I wrote a short app to build them here:

For example: my bank password could be "banking" and it would generate a very strong password for me, it would be easy to change, and my password would always be banking.

http://levii.com/cipher.php

*Edit: Just as a note, I proposed this method to the /. community back in 2005ish and haven't updated it since. I've been meaning to run some real research on it as part of my MS-ISA program.

iivel
  • 1,593
  • 10
  • 13
6

For passwords, I use the following: two letters, then two digits, then two letters, then two digits. Letters are lowercase. Letters and digits are generated randomly.

It turns out that the resulting passwords are easy to remember (at least, easy for me; your brain might not be wired the same way than mine).

A good point of such passwords is that it is easy to compute their entropy: there are 264x104 possible passwords with this format, all with the same probability, thus an entropy of about 32.09 bits (a given password has probability 1/232.09 to be selected). 32 bits of entropy are not good for all usages, but they are good enough for most, including every usage where attacks are online. An online attack is one where the attacker must make a request to an "honest" system for each guess; e.g. a SSH server. Offline attacks (where the attacker can check a guess "alone", limited only by his computing power) are more scary and would require a stronger password.

Remember that knowing how much security you have is at least as important as having such security.

Bonus: here is the C program I use to generate those passwords (compiles under Linux and FreeBSD, should work on other Unix-like systems):

/*
 * Small utility for password generation.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>

static unsigned
randval(unsigned max)
{
        static int fd = -1;

        unsigned char x;

        if (fd < 0) {
                fd = open("/dev/urandom", O_RDONLY);
                if (fd < 0) {
                        perror("open");
                        exit(EXIT_FAILURE);
                }
        }
        for (;;) {
                unsigned val;

                for (;;) {
                        if (read(fd, &x, 1) <= 0) {
                                if (errno == EINTR)
                                        continue;

                                perror("read");
                                exit(EXIT_FAILURE);
                        }
                        break;
                }
                val = (unsigned)x;
                if (val >= max * (256 / max))
                        continue;
                return val % max;
        }
}

static int
randletter(void)
{
        return "abcdefghijklmnopqrstuvwxyz"[randval(26)];
}


static int
randdigit(void)
{
        return "0123456789"[randval(10)];
}

int
main(void)
{
        printf("%c%c%c%c%c%c%c%c\n",
                randletter(), randletter(),
                randdigit(), randdigit(),
                randletter(), randletter(),
                randdigit(), randdigit());
        return EXIT_SUCCESS;
}
Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • You only have two classes: numeric and lowercase. Since so many authentications require uppercase and specials, how do you handle that? – pboin Feb 08 '11 at 17:35
  • @pboin: strangely enough, none of the passwords I have generated in the last five years have uppercase letters. There probably are applications which require uppercase letters and/or special characters, but, in my experience and with regards to what I do with computers, they must be quite rare. – Thomas Pornin Feb 08 '11 at 19:10
  • Assuming you're telling the truth, you've just revealed how to built a dictionary/algorithm tuned to significantly reduce the search space against your logins. – Andrew Feb 14 '11 at 02:33
  • 1
    @Andrew: yes, absolutely. There are 232.09 possible passwords. This is too small for comfort, assuming that the attacker can "verify" a guess on his own computers (that's an "offline" attack). A good protocol will not allow that (in Unix terminology: `/etc/shadow` is not freely readable). – Thomas Pornin Feb 14 '11 at 13:31
  • This is a terrible scheme. Why put any artificial limits on permutations? Knowing this scheme, one GPU doing 10 billion unsalted md5 tries per sec would take a maximum of **half a second** to cover all permutations of [a-z][a-z][0-9][0-9][a-z][a-z][0-9][0-9]. Even salted passwords would be vulnerable. This post should be deleted in case someone actually wants to use it. – Andy Lee Robinson Aug 13 '11 at 09:45
  • 2
    If you hash the password with a single MD5 invocation then your weakness is to use a single MD5 invocation. An adequate password storage function invokes the hash function _millions_ of times, multiplying the attack cost by that many. What should be deleted is your suggestion of using plain MD5 for hashing; that's a terrible advice. A proper password hashing technique is bcrypt: http://en.wikipedia.org/wiki/Bcrypt – Thomas Pornin Aug 13 '11 at 16:15
6
  1. I start with a passphrase, such as pancakes.

  2. Next, I make some substitutions - add numbers, symbols and capitals. pAzc@Kez.

  3. Finally, I'll add a prefix or suffix for each site I use it on, such as pAzc@KezStack.

    PS: It's a good idea to have a few bases and alternate those as well.

Disclaimer: This is not any of my passwords. (Yes, I am eating a pancake as I write this.)

Moshe
  • 1,831
  • 3
  • 18
  • 23
  • yay for pancakes! dang, now *I* want some pancakes... – AviD Nov 22 '10 at 06:06
  • 4
    This is pretty close to the common methods that Schneier says are targeted pretty successfully by tools like PRTK. http://www.schneier.com/blog/archives/2007/01/choosing_secure.html I suggest finding a way to memorably combine two very different worlds of entropy. – nealmcb Nov 29 '10 at 06:21
  • erm... http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered/6124#6124 – Tobias Kienzler Sep 19 '11 at 11:22
  • If somebody discovers that your Stack Overflow password is "pAzc@KezStack", then they will have a pretty good idea what your Google, Apple, Facebook, etc. passwords are. This scheme prevents automated cross-site password guessing, but n0ot manual. – Bennett McElwee Aug 27 '13 at 23:52
  • How do you remember "pAzc@Kez" anyway? – Bennett McElwee Aug 27 '13 at 23:53
6

I use the password generator in Mac OS X, set to "memorable password" mode.

5

For medium-security sites:

  1. Choose a word you would remember and it long enough - let's say it's porcupine.
  2. Choose a number you would remember - don't use you birth year, month and day, neither for your relatives, etc.! - let's say it's 28.
  3. When you need a password for site security.stackexchange.com - make it 28-porcupine+S.S.C

This password is rememberable, since you only need to remember 1 word and 1 number for all sites you visit, and can recover password for any site without any effort. Of course, you can change algorithm, but the idea is to use combination f(n, w, s) where n and w are fixed and s is generated from the site name.

For high-security sites (aka "if somebody gains access to this, my life is ruined") - generate long random password, write it down, put this paper somewhere secure - like with your passport, titles, etc. documents.

StasM
  • 1,871
  • 2
  • 15
  • 23
  • 1
    If one of those sites is malicious, they can see your generated password, and can guess your algorithm easily, allowing them to login for you in every other such "medium-security site". – Paŭlo Ebermann Aug 11 '11 at 11:56
  • @Paulo That provided there are really sites that have humans ponder over each password entered there (out of hundreds of people signing up every day, probably) and guess the algorithm which is being used (and these humans are smart enough to guess it by just one instance). I think it's moderately safe to bet that chances of this happening are low. And if the site proves malicious the harm of giving them my email is probably worse - I get tons of trash from some sites that I signed up, found they are worthless and too lazy to find out how to delete my account. – StasM Aug 11 '11 at 20:31
  • 1
    correct horse battery staple! – Rory Alsop Aug 12 '11 at 13:08
5

Unfortunately, many systems place silly restrictions on passwords, so the same method of generating "rememberable" passwords will not always work for me.

Most often I don't need to remember that many passwords. I write the important ones down in keepass or a PGP-encrypted text file, or both.

However, most ones that I chose for my unix systems are based on lines from songs or just silly phrases or expressions, where I let each word become a character, with case varied depending on the stress or intonation of the word, or what words have more "meaning" in the phrase. Good idea to suffix or prefix some representation of the system/site name as well.

About password length: on web sites I always chose passwords of more than 8 characters. My reasoning being that many "clueless" systems designers store just an MD5 hash of the users password without any salt. Web sites do get hacked, and even if I use different passwords everywhere, I still don't want a script kiddie to do a lookup in a pregenerated hash-to-plaintext table and find my "random" password there.

MattBianco
  • 231
  • 3
  • 9
  • Exactly. I despise all of the password restrictions. Some sites require 8 or more characters; other's 8 or less (which makes NO sense); other's require a number or a punctuation character; other's don't allow punctuation. It's hard enough to remember 30 passwords, but when all the sites have different requirements, it becomes nearly impossible. – Jeff-Inventor ChromeOS Aug 06 '14 at 19:12
4
  1. Shuffle a deck of cards.
  2. The order of cards is your password.
  3. Buy a new deck for each password. Don't drop the deck.

If coerced you can drop the deck, or in the case of the UK when they search your house they will scatter your deck and delete your password / encryption key.

;)

Bradley Kreider
  • 6,182
  • 2
  • 24
  • 36
4

A password hint should just be something that reminds you what your password is without exposing the actual password. Which means it should be something you would understand, but that a stranger would not be able to figure out.

If you use a base password but sometimes you use all lowercase or sometimes special characters then you could use a hint that just explains that (i.e. hint is "all lowercase").

Or use LastPass, it is my favorite password keeping tool that I use for almost everything.

JLZenor
  • 171
  • 3
3

For my login passwords, I use software (pwsafe or KeePass, mattering where I am) to generate an ugly password of whatever length I need (9 characters?). Then I write it down on something that goes in my wallet. After a few days of using it I remember it well enough and I shred the paper. The backup there is keeping it in one of those programs that's on a different machine than the password is to :)

For everything else, software does that for me. Having a program remember your passwords is so much better than doing it yourself, I don't quite understand why people resist it.

Bill Weiss
  • 777
  • 3
  • 15
  • Sometimes people do - for example, using the password manager in their web browser to memorise which of a few passwords they used for a specific site. The bigger issue is "if the software fails, what was my password?" - given how big of a joke (findable via Google search / Facebook profile) the "security" questions used by websites for password recovery are. – Andrew Feb 14 '11 at 02:39
3

To avoid Rainbow Table attacks, length is key. It is not uncommon when carrying out exploitation to grab SAM file or /etc/passwd and run a crack on the hashes. In the past I often used John the Ripper for a few days to see which hashes could be brute forced. These days I would quickly pop the hashes against a rainbow table and would have 95% of all the passwords under 9 characters (and if I wanted to check for 10 chars I could download the table for that length too - it just starts to get very big...)

Having said that, the 2 techniques I use are:

  1. like pkaeding - lyrics from songs
  2. the old CVC CVC CVC CVC CVC method (consonant, vowel, consonant) to whatever degree of entropy required
Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
1

Here's yet another scheme for musicians:

qiurtyuqytnreqwerwmqweq
qqwnqqrtyyyttrrtyy7yytytrrtr
qweqqweqerterttytreqtytreqqbqqbq
32g5532g5532g5d5srr

Transpose or obfuscate further as desired.

1

One methodology I've heard of is to pick a page of a book and use the first letter of each word on a line. If you combine the capitalisation of the words and the odd number you can get a strong password that isn't easy to guess - all you have to do is remember the book and line!

Ventral
  • 299
  • 1
  • 3
1

I've recently been looking at Off The Grid by Steve Gibson. It's a paper based encryption which can encrypt a domain name (or any text really) and provide a password to use. There's plenty of information on the site about it.

The basics of it is you take a 26x26 table of characters. This table follows rules similar to Sudoku (only one of each character in each row and column). This starts it off with a lot of entropy (1400 bits minimum). The basics of how to use it are fairly easy (I won't bother re-typing it all out again). The biggest risk for it is if someone physically steals your grid. Even then there are few steps you can take slow (should be easily long enough to realize someone has stolen it). These methods include,

  1. Choosing a different starting location
  2. Salting (You can do this by pre-pending/appending something when performing the encryption)
  3. When performing the encryption (read the appropriate page) instead of choosing the next two characters. Instead choose perhaps the next three characters, one across one up, two down one left, etc.

I'm not using it myself, but I don't have much difficulty remembering 20 random characters which I use in combination of Passpack (online password manager)

Dracs
  • 244
  • 2
  • 9
1

Depending on what I need it for, I'll calculate an MD5 or SHA1 on some random file and run over that a few times. That's rather weak though, in that it only contains 16 characters.

If I need something stronger, I'll type three or four characters into a Tripcode searcher and see what it throws back at me. Stick two of those together and run them over a few times, and you've got a pretty secure password in that it's really quite random.

JBirch
  • 151
  • 3
1

I open a big book at a random page and use the first letter of the ~8 first words/lines. Not exactly easy to remember but it makes it very hard to completely "forget" your password.

Olivier Lalonde
  • 5,079
  • 8
  • 32
  • 35
1

Change your life :) have all password be extremely complicated, with no way to remember any of them. Get a password manager, I found KeePass pretty useful.

You can keep DB files on dropbox and use password + picture (binary file) to access passwords, keep the picture (file) only on devices you likely use to access password from (not on dropbox!).

Keep picture accessible but not obvious. So the system is still usable, but if hackers get your password DB files they can not get access to it by brute force.

This way you will need to remember only one password, which is much easier.

Change it and the file regularly and you you're safe.

DropBox keeps a history of your data for a month (?) so remember it when changing the DB password.

CodesInChaos
  • 11,964
  • 2
  • 40
  • 50
Vitaly Nikolaev
  • 291
  • 1
  • 2
1

similar to some of the other answers, for some passwords a base it on a phrase which I find memorable then translate that into a password. So as an example

i;)@0dd^'s

is a reasonable password which I'd remember as "I wink at odd hats". Generally that or something based on first letters of a phrase (usually with some leet speak modifications and added punctuation).

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
1

I use the perl module Crypt:RandPasswd, which can create pronouncable phrases surrounded by misc. specials and numerics. I find that the pronounciation rules limit the keyspace, but they make the mental part much easier. Even if I have to lookup a password, I can remember it long enough to type correctly first time.

A password might look like this: Vorda#Capis%99^

pboin
  • 488
  • 3
  • 6
  • 1
    > Instead, it uses perl's built-in rand() function, which in turn is (usually) built on the pseudo-random number generator functions of the underlying C library. – CodesInChaos Aug 06 '14 at 17:28
0

I find a totally random, complex string of characters by randomly hitting keys on my keyboard in a pattern my fingers are comfortable with and can do very quickly. Techniques I use to do this are:

  • alternate successive keys between hands for speed or use small groups of keys (2 or 3) next to each other on the keyboard, alternating the groups between each hand to make up the full password. It is hard to type an entire password quickly with just one hand
  • literally make the keys random and not spell anything or even a variant of something
  • when you change passwords, change your finger pattern significantly enough to hit totally different keys and key patterns (and not the same pattern shifted 1 or 2 keys in any direction)

After I have my random password, I practice typing the new password a few times to get my muscle memory to retain the key pattern. After my password is set, I log into a few systems in a row to further retain the key pattern.

In the end, you will have a totally random password that is difficult for you to forget because you aren't even remembering a string of characters, just a pattern your fingers take on the keyboard that doesn't mean anything at all to anyone, even you. Sometimes when I accidentally type my password in a clear text field (everyone has done this at some point...) it looks totally foreign to me because I don't think of the string, just the pattern I am hitting on the keyboard.

This method also doesn't translate to similar passwords and patterns among different users because everybody types differently. What is easy and fast for one person to type may be more difficult for another.

August
  • 179
  • 2
  • 2
    Typing "randomly" rarely creates random characters. There will usually be some identifiable structure and therefore weakness. eg, leftside chars then rightside chars, dipthongs, adjacent character groups. Instead use a program to create a random string, and then practice that to commit to haptic (muscle) memory. – Andy Lee Robinson Aug 13 '11 at 08:38
0

Create some new words: splur, bambile, egilomanifastic, spilomasilomagnitolistable. Combine for a bit of fun rhyme and an easy mnemonic.

l0b0
  • 3,011
  • 21
  • 29
0

If English is not your mother tongue, you are lucky. I would suggest using a passphrase that uses a combination of English words with words from your native language or languages. Such a password will be quite difficult to guess.

Of course you should choose a passphrase that can be remembered easily by you. I am not a big fan of creating too complex passwords, just remember that the password should not be easily guessable and should not be listed in a dictionary.

I also recommend not to have a single password for all your accounts. I maintain a small pool of passwords (this will come with practice). Your net banking password should not be reused for your eBay or monster.com account. Once I clicked on forgot password link of a job site and they sent me my password in plaintext. Basically you cannot trust every random website out there!

CodesInChaos
  • 11,964
  • 2
  • 40
  • 50
Shurmajee
  • 7,335
  • 5
  • 28
  • 59
  • You're assuming the attacker doesn't know your native language. – CodesInChaos Aug 06 '14 at 17:38
  • @CodesInChaos My assumption is that it will be difficult for an attacker to get his hands on a dictionary of non-English passwords. The recommendation is to use a mix of English and the native language. – Shurmajee Aug 08 '14 at 08:20
0

What about a password with a rotating key, based on what you are doing? Example: My core password is P4$$w3rdthati$h4rd (yeah, that's really what I use)

I want to use it for GMail. I start with P4$$w3rdthati$h4rd and add gm to the end (P4$$w3rdthati$h4rdgm). This way I only have to remember two or three letters based on what I'm doing, as my password is relatively consistent across services (public and private). I may use a tail ending (suffix) modifier for internet stuff, and a beginning modifier (prefix) for private stuff. Or insert it in the middle.

I'm open to flames if you feel this is bad practice, but I've never run into someone guessing my passwords, and I've never needed to write them down.

Everett
  • 1,516
  • 1
  • 12
  • 20
  • 2
    We no longer need to try and guess your password! – Nev Stokes Nov 20 '10 at 19:21
  • There is no way you could guess, ah crap... ;) – Everett Nov 20 '10 at 19:31
  • 7
    The real problem would be if you use this scheme to sign up to a site that doesnt encrypt/hash your password. Either the site itself, or that site's attacker, could read your password - and it would be pretty trivial to figure out your scheme based on this, and then use that for a differnt site. Though it's a fair risk, I do something similar... :) – AviD Nov 21 '10 at 14:43
  • 1
    I think this is the best answer without making the psw too long. – Diego Nov 23 '10 at 11:15
  • @AviD if you think the "baseword" + "gm" scheme is too simple, you can increase the complexity of the algorithm. I have a baseword similar to Everett but my algorithm involves replacing letters in certain positions and adding numbers in certain positions based on the number of chars in the site's domain. Voila, short unique complex passwords that are easy to remember. – joshuahedlund Nov 29 '11 at 17:16
0

I used to take four random words, substitute some of the letters for numbers, and append four numbers plus a special character. The problem was, that was a bit difficult to remember - now, I have take my favourite line from the book I was reading the previous month and do a similar substitution plus some capitalisation changes, e.g:

"A human head rises up from a swamp of sleep" (number9dream, David Mitchell) becomes "Ahum4nH34dR1s3sUpfR0mASw4mpOfSl33p!"

It has acceptable entropy and the computational complexity of a brute-force search means that such an attack is impractical.

0

Two more points:

a. Along with all other methods, one more way to increase entropy:

Go beyond just (plain) English.

If we combine (seed) words from more that one language the password guessing/search area immediately becomes HUGE. And that would certainly confuse people writing password guessing rules.

Then again that would require having a broader field of thinking than the "bad guys". Perhaps it comes down to "our" intellect against "theirs". Perhaps, the broader thinking should be:

Go beyond just CS methods.

So, what other such ways can we think to outsmart password guessing?

b. One point not seen mentioned so far: Thinking from the administrator's side, let's not forget that any password generation rules may also have to adhere to the password policy of your organization. E.g. I have difficulty thinking how the method words-separated-by-spaces (using uncommon words!) could be easily implemented and enforced in an enterprise environment (OK, parsers, dictionaries etc. but you get the idea...)

And how about educating and convincing users to use this or any other method...?

George
  • 2,813
  • 2
  • 23
  • 39
0

First reccomendation is something like lastpass or keepass, but I know those aren't always practical and my less technically savvy friends certainly don't want to "complicate things any more" so I have found that a substitution cipher works fairly efficiently and allows for easy remembrance of your password while making it very unlikely for it to be guessed or easily hacked.

I put an example out there http://levii.com/cipher.php ... I use at least a 4 letter key word (so "BANK" for my bank "WORK" for my work) which I don't bother changing -- I keep the card in my wallet and print a new one up every couple of months when its time to change the password. (note: this is not the actual app I use to generate my cards, but is conceptually the same)

iivel
  • 1,593
  • 10
  • 13
-1

My way is in no way unbreakable, primarily because it relies on security through obscurity, but it is better than password reuse and doesn't rely on keeping much remembered. I xor a repetition of the url of the site in question with a long password of my choosing. In this way, you only remember one password yet a compromise of one site's password store doesn't compromise your other logins. This has potential for infinite variation. You could do the url followed by the ip address, the url reversed, the url translated to spanish, etc, etc.

-1

I have a long password I use which I can type in from memory each time which I created by remembering a specific zig-zag path across the keyboard, one which passes through letters, numbers, and symbols, and then tapping out the keys that make up that path in the rhythm of a drum pattern from a favorite post-dubstep track of mine, shifting some of the characters according to where the snares are in that drum pattern.

This is a different 'path' to what I use, but you can see how complex a password this technique gets you, and with a little bit of practise it's quite memorable:

\]={-p)o9I8u&y6T5r$e3W2q

Then for different applications I'll I will usually add at the end my old Hotmail password I came up with when I was 11, or my date of birth backwards, or something like that that I can remember easily.

Brock Adams
  • 103
  • 1
  • 5
Lewis
  • 1
-1

Let you choose a verse from your favorite song in the history or just in this period of time.

Take a random sentence, make some CamEl cAse permutation, you can even use a script kiddie charset substitution to m4k3 1t l00k1ng so CoMpl3X and difficult to guess.

Ideally, you write an English sentence, like: this morning I am so blue. Actually your password can be: Th1S M0rn1Ng I 4M s0 Blu3.

Easy to remember and after some input also easy to type.

Hendrik Brummermann
  • 27,158
  • 6
  • 80
  • 121
Paolo Perego
  • 175
  • 3
-2

My way is to change some letters with similar numbers and every new word start with uppercase.

for example: Th1sIsGreatPassw0rd!

i=1,

0=o

and at the and '!' or something else.

  • 1
    Most password crackers (john the ripper, etc.) automatically check for the common number substitutions. If I remember the statistics correctly, this technique adds less than 20seconds to the time required to crack a password. – MCW Nov 13 '12 at 11:41