passwords/passphrases
Endwall
10/18/2018 (Thu) 22:50:06
No.1328
del
Cross-posting copy-pasta from
>>>/b/19022
"I've covered this in an old OPSEC thread and I think I'll report this password tip copypasta because it is a very good security tip (the two anons were originally from 8chan/n/):
PASSWORD SECURITY TIPS
Anon #1 posts following: Now As far as passwords go, here is how I do it: I'll give you an example by posting a supposed password: donotletthefedsseethisaccount887756
As you can tell, this passowrd has 35 characters total. This is A LOT of characters but also easy to memorize too, for example, its easy to remember the phrase; "do not let the feds see this account" ; and added to that phrase is a code (which you can also memorize easily) 887756. Once you come up with a phrase you can memorize it, then attach a code number you can easily remember right after it. This will make your password very difficult for hackers or spies to brute force using 'dictionary attacks' by adding random entropy at the end of the phrase (via the random code). This 'password' would be unbelievably hard to crack if it were not a fake and had I not posted it. Use your tinfoil hats, paranoia can be your best friend.
Anon #2 responds to Anon #1: It is better not to do letter/number type strings camel casing and special characters as well. Pass phrases are easier to remember but mixing it up makes it exponentially harder to brute. Though your example is secure enough a minor change can make a large difference in your password scheme. Also a lot of programs cut you off at 16 (or even fewer) characters so casing/ascii helps.
Ex: donotletthefedsseethisaccount887756 would average 10^66 tries. Just moving the numbers and adding casing/one special character you get: Do8Not8Let7The7Feds5See6This@ccount which bumps it up to 10^84 and is just as easy to remember."