Passphrases That You Can Memorize — But That Even The NSA Can’t Guess

GunnyFreedom said:
Well, I'll share my former method for passWORDS (rather than passpharases) since I am no longer using it. Each unique site that I logged into had one 8 to 10 letter word I associated with THAT site, and I would type it over and over until I got the pattern down, then shift two keys to the left or right and peck out the same pattern (in different letters) add come capitalization followed by a short series of numbers, punctuation, and then characters that are neither letters, numbers, nor punctuation.

So if I were logging onto a 'war' site, for example, my unique identifier might be "blitzkrieg" so my base would be "n;oyxltorg" which becomes "N;oyxltorG" and then finally "N;oyxltorG7,$"

So then I have this password, "N;oyxltorG7,$" which I don't even really know myself, I just know how to TYPE it. Even if I were to get waterboarded, I don't even know it myself so I couldn't actually say what my password was. Put me in front of the keyboard and all I have to remember is "blitzkrieg, one right, seven comma dollars" and that gives me "N;oyxltorG7,$"

I use a much better system for my passwords now, I don't really do this anymore, so I don't mind sharing this one. :D
Click to expand...

Yeah, I've used that one before. Sucks when logging in via a cell phone though.
 
Ronin Truth said:
I have found that sentences from Shakespeare's sonnets make for some pretty good pass phrases.
Click to expand...

I think the point of the OP is that anyone with resources trying to hack your password probably has that kind of information in his database.
 
jmdrake said:
Yeah, I've used that one before. Sucks when logging in via a cell phone though.
Click to expand...

Yeah, doing geospatial patterns and key modifiers to generate passwords does tend to suck when trying to do the same in a phone. Even on a QWERTY keypad the numbers and modifiers are all different. :-/

jmdrake said:
I think the point of the OP is that anyone with resources trying to hack your password probably has that kind of information in his database.
Click to expand...

IIRC the rest of the article (the part not quoted) explicitly referenced Shakespeare quotes, even slightly munged Shakespeare quotes, as one of the first to go. Apparently that is an unusually common source for passphrases, such that it is at the top of the brute force dictionaries.
 
Very interesting stuff.

I usually just use a password with "random" characters that I try to make as incoherent as possible. For example: 4mL5s4!G2t?r32. I then write it down and store it in a physical location, not on my computer. The article says passwords like these have "slightly less entropy" than the 7 word passphrase, but are harder to memorize. I actually have to say, I don't find it that hard, especially if I use the password regularly. That and writing them down seems to be foolproof enough.

I'm not an encryption expert, though, so I do wonder if someone could shed light on how effective this method is.
 
PaulConventionWV said:
Very interesting stuff.

I usually just use a password with "random" characters that I try to make as incoherent as possible. For example: 4mL5s4!G2t?r32. I then write it down and store it in a physical location, not on my computer. The article says passwords like these have "slightly less entropy" than the 7 word passphrase, but are harder to memorize. I actually have to say, I don't find it that hard, especially if I use the password regularly. That and writing them down seems to be foolproof enough.

I'm not an encryption expert, though, so I do wonder if someone could shed light on how effective this method is.
Click to expand...

Why wouldn't you store them on your computer?
 
Okay, that's a bit easier to remember than Gunny's method.

Gerbilsarecute0_o
That's a pretty good passphrase...

Snowden's security tip: ‘Shift your thinking from passwords to passphrases

It takes a computer less than a second to crack any eight-character password, according to NSA whistleblower Edward Snowden.

He gave some tips on how to make a better password to ‘Last Week Tonight’ host John Oliver. The HBO show released a web video in which the two men discussed password security ‒ footage that didn't make into the episode that aired Sunday.

The comedian met the former National Security Agency contractor in a Moscow hotel opposite the KGB’s former headquarters in a room with all windows covered. During the frank interview, Oliver and Snowden discussed the NSA’s collection of Americans’ X-rated photos.

“The bad news is they are still collecting everyone’s information,” Snowden said, “including your dick pics.”

But an NSA release of a slew of 'dick pics' isn’t the only thing Americans should be worried about when it comes to their privacy and security, Snowden told Oliver in the web extra posted on Thursday.

“Bad passwords are one of the easiest ways to compromise a system,” Snowden told Oliver. “For someone who has a very common, eight-character password, it can literally take less than a second for a computer to go through the possibilities and pull that password out.”

...

Oliver’s password ‒ similar to the Druidia air shield security code on ‘Spaceballs’ ‒ is only five characters.

“That’s really bad,” Snowden told him.

Misspelling a word isn’t a good idea either, as permutations of common words are in the normal password dictionary, according to the NSA leaker.

President Skroob shouldn’t change the combination on his luggage from “1-2-3-4-5” to “onetwothreefourfive,” either ‒ an option Oliver hinted at.

“The best advice here is to shift your thinking from passWORDs to passPHRASES,” Snowden recommended. “Think about a common phrase that works for you. It’s too long to brute force and also make them unlikely to be in the dictionary.”

...
Click to expand...

http://rt.com/usa/248401-snowden-oliver-password-protection-advice/
 
The Dice Ware method is really good, BUT I would add some special characters between words since some places don't allow spaces. And there's no reason to forget to capitalize some letters and add some numbers.

Also, network / website / Internet passwords shouldn't be the same as local encryption key passwords. Don't reuse passwords online. they probably don't store passwords well.
 
Last edited:
You must log in or register to reply here.

Similar threads

pmbug
Rayhunter EFF anti-spying tool for cell phones
Replies
0
Views
46
pmbug
pmbug
PAF
National Elections Expose the Sham that Is Centralized “Democracy”
Replies
0
Views
519
PAF
PAF
ClaytonB
Christ is King, that is, Jesus is Lord
Replies
6
Views
824
unknown
unknown
PAF
The US Empire Isn't a Government That Runs Nonstop Wars, It's a Nonstop War That Runs a Govern
Replies
0
Views
729
PAF
PAF
PAF
The Goose that Laid the Golden Egg
Replies
8
Views
921
acptulsa
acptulsa
Back
Top