OK, maybe not. But most people do pick poor passwords. I just read an article on digg that suggests a method to create an easy, stronger password. I disagree with this nonsense method, as it is exactly the type of complicated thing that leads to weak passwords. I must type passwords hundreds of times a day, and I don’t want something that makes me have to think about what I’m doing.
Try this instead:
Lets say your dream car is a Porsche. This would make a great password, right?
Instead of using just porsche. Replace a few letters with a numeric alternative. ie: p0rsch3. This is much easier to remember, and type.
a=@
e=3
t=7
i=|
o=0
To create an even stronger password, add more variables that are still easy to remember. ie: 99p0rsch3turbo. You’ve just created an un-guessable, un-breakable password.
If you like what’s here, please follow me on twitter here.
9 Responses to “I Can Guess Your Password”
As has been previously discussed at length, this is a very common technique, and consequently is added to dictionary attacks, providing not as much good as you’d expect.
99p0rsch3turbo is not an unbreakable password. Many dictionary attack algorithms know all about l33t-speak, compound words, and leading/trailing numbers. In fact, there is no such thing as an unbreakable password because brute force will always break your password–it’s just a matter of how long it will take. For some reason, there have been a lot of stories on digg and elsewhere from people who think that all of a sudden they’ve found the perfect way to create a memorable, unbreakable password. Easier to remember, sure, but neither this method nor the one in the article you linked creates a particularly stronger password (unless you weren’t planning on using numbers at all in your original password). Your best bet is to take a few minutes and just memorize something like :U*..Q/I%D~_sq(A1sJ53s]GqrJc;T. It’s not really that hard. Most people dismiss it as too difficult without even trying. I can do it in about 5 minutes, and it sticks.
It’s true that dictionary attacks try leet, as well as two sequential words with a special character in the middle. Care to explain how my method leads to weak passwords? The example I used was short for ease of explanation, but what about tpuorrbcohe (porche turbo)? Show me a password cracker that can break that easily.
Thats something that always amazed me was password simplicity and how easy people would over look such a major flaw in network security. I worked for Department of Defense from when I was 16 until I was 19 years old and worked as a IT Technician. Daily we had policies given to us to re-assign group policies and restrictions on passwords, but even when I left, a password such as “password12!@” was considered strong. How is this?
When I run clients networks, the users might complain about a password such as 0M$DA@@oo00&# but when they don’t have people stealing their data daily I don’t really here to many complaints.
Any password is breakable as said above, but it comes down to how hard users / businesses want to make it more secure.
-Nick
Use SSH keys, problem solved!
Bingo. I wrote something to this effect, but I think this blog ate my comment.
Sorry it appeared, now. Strange.
Ilya,
Your method requires either leaving the home-row or using the weakest finger (pinky) to get down to the arrow keys. Either slows you down and makes it complicated to type. Its not that your passwords are weak, its that its too complicated, which leads to people reverting to a weak password.
I never said weak. Just not particularly stronger. Want strength? Increase the length of the password or the size of the character set. Simply scrambling harder is not as effective.