legal contact rss
 

A good password guide

The question of "how does a good password look like" has never been more important than today.

Still the password is at least one of, but usually your only security barrier for abuse.
So one might think making it really complicated and hard to guess is the right way. BUT, usually you have more than one account to protect and by following the rule of not using your password in more then one place makes it hard to remember. Honestly, who can remember dozens of passwords like jGf4§hT5$?

On top of the point of that non-rememberable password it's pretty insecure as it can be brute force cracked pretty fast.

A good password is ...

... very long!

while having done several audits in the past I found that the most difficult one's to break are the Long ones. The time you Need to compute all the different permutations of a long password grows eponentional.

Ok, so make it a long one.

But on the other hand a long password can not be remembered by a user so it ends up by writing it down somewhere and that's even more insecure. (Have you seen "War Games"?)

Another trap on the way to a good password is the dictionary. These are wordlists made up from past data leakages and put together the most used ones in a simple list. - I'll talk abaout that in one of my Blogs here.

Hence, the password should be long AND not available in a dictionary.

A perfect password is ...

... unique and long!

So let me share some ideas about a perfect Long, unique remembereable password.

Take a scenario that you recently joined and think of it in an unlogical way to describe it.

A dark sky behind a big bonfire. -> nodarkskyof2smallbonfire

Three brown cows on the green -> greencowson2thebrown

Trees on the river -> ariverlaysonthetrees

I hope you get the Point how the it works to make up your own good Passwords. - Please do NOT use any of the above examples in real live as they are now publicaly known.