Guidelines for good p@$$w0rd$
-> Software
#1: Guidelines for good p@$$w0rd$ Author: Shadow_BshwackrLocation: Central Illinois, USA PostPosted: Sat Nov 05, 2005 10:13 am
    ----
Clever intro huh?..lol

Here is something we should always consider. I found this whilst surfing the net today...:wink:

Guidelines on Constructing Passwords

Constructing a 'good' password is a very important part of ensuring data and network security. If a malicious user can get hold or 'crack' your password they can access the system with your identity and with your access rights.

A 'good' password is one that is:
1) Difficult for malicious users to guess - easy passwords to guess include dictionary words, usernames and passwords that don't contain a mixture of character types.
2) Easy for you to remember - usually something you can relate to and remember that you don't need to write down.

Many people think of these as mutually exclusive, however passwords can be both complex and quite easy to remember. Below I will show some methods that you can use for constructing complex, easy to remember passwords.

Password Complexity
A password should, and can be forced to, meet certain complexity requirements to make it harder to crack. A password is complex if it has a mixture of character types. These character types include:
1) Special characters e.g. !@#$%^&*()? etc
2) lower-case characters e.g. abcde.....z
3) UPPERCASE characters e.g. ABCDE.....Z
4) Numerals e.g. 1234567890

The complexity of the password comes from its length, its difficulty to guess and the number of possible characters that a character could be derived from.
For example if you have a password of only lower case characters, each character can be one of 26 possible values. If you add uppercase characters it increases to 52 possible values for each character and if you add special characters you have even more possible values.

Below is a simple example of the theoretical number of attempts it would take to crack a 5 character password under the scenarios outlined above

1) lower-case only - 11,881,376 attemps
2) uppercase and lower-case - 380,204,032 attempts
3) lower-case, uppercase and special characters (based on 25 special characters) - 2,706,784,157 attempts

Password Generation methods

Method 1 - Character Substitution
Character substitution is where you take a lower-case dictionary word and substitute in special characters, numbers and uppercase letters to make them more complex. Examples of common substitutions are
1) $, S or 5 for s
2) 1, I or ! for i
3) @ or A for a
4) 7 or T for t
5) 3 or E for e
6) 9, G or 6 for g
7) 0 or O for o
Cool 8 or B for b

Examples of words and associated passwords include:
1) monday - M0nD@y! (where 0 is a zero)
2) guidelines - Gu1D3l!ne5
3) important - 1mP0rt@N7?

Method 2 - Joining words with character substitution
This is where you make two separate words into one longer password. You will also need to do character substitution to ensure that the password meets complexity requirements.

Examples include:
internet explorer - 1nt3rN3TeXp70r3R
happy days - h@pPyD@Y$?
good boy - 60odB0y!

Method 3 - Substituting codes or words into other words
Under this method you substitute in patterns, codes or words into other words to make a stronger password. For example inserting numbers between the letters of the original word.

Examples include (original word - Pattern/Code/Word to insert - Password)
1) internet - numbers doubling eg 1,2,4,8,16 - I1n2T3e4R8n16E32t!
2) today - favourite colour Orange - t0oRd@aNyGe
3) John - favourite footy team tigers - Jt0iHgN3r$

Method 4 - Creating a password from phrases with character substitution
Another common method for constructing passwords is to take letters from the words of phrases and do character substitution from there. Phrases can be any number of things, they can be statements, locations, lines from books or movies etc. This is best explained with examples.

(Phrase - How to construct word - 'Word' Using Parts of phrase - final password with substitution)
1) To be or not to be that is the question - First letter from each word - Tbontbtitq - 7b0n7B7!7?
2) The next generation is you - First and last letter from each word - Tentgnisyu - 73n79N!$yU!
3) 45 main street - First 2 letters in word with a number between first letter of each word in capitals - Fo1Fi2Ma3St4 - Fo1F!2M@3St4
4) I drive a holden commodore now - First letter of each word with the characters of my number plate between (assume number plate is ABC 123) - iAdBaCh1c2n3 - !AdB@Ch1c2n3!

Of all these methods, method 3 and 4 are the best, there is nearly an endless amount of phrases or words you can use and an endless amount of different ways you can create passwords from those phrases or words.

Method 2 is more secure then method 1 as password crackers are becoming more aware of character substitution and include checks for common substitutions when they are trying to crack passwords (for example P@$$w0rd is a common character substitution password).

When determining your new password think of common words phrases you will remember, a method of selecting characters from those phrases, and then your method of character substitution. When it is time to change your password again you can keep the same methods for substitution and selecting characters (obviously do not tell them to anyone else) and just select a new word or phrase.
#2: Re: Guidelines for good p@$$w0rd$ Author: airshowpilot PostPosted: Wed May 31, 2006 9:04 pm
    ----
Good idea yet the guys who obtain your password usually await a MSN Hotmail account that is sent to him accidentally from some other E-MAIL account .( common stuff like "chain mail" or those "top 10 lists or some goofy thing which gets recycled around the INTERNET.

Then the obtain your IP from hotmail via java Script..

They loiter on the web and shadow your movement and the leech onto your IP and await a chance for you to sign in on your website They begin the spoofing and await your movement and latch into you where your password is cracked with a simple program which can see through those little ***** in which we see .. The crook sees the entire password with a simple, free downloadable program.
Yes it's a Bummer but true however, GMail will not give a trace of your IP unlike your Hotmail. It's much safer, free and you can create tons of fake e-mail accounts to thwart thieves.. I have 3 addresses in Gmail and 1 is legitimate and the other(s) are for spam.. GMail is free and holds a gig of crap.
I usually dump my junk mail by replying to the 8000 pieces of old mail from every offer you can imagine. I Intentionally left my spam filter to no filtering to maximize my spam..Now I have fun by spamming the spammers.!!. Just imagine you receive 1000-5000 pieces of junk mail in your E-Mail !!
I have actual marketing companies block my mail to their E-mail as a result They were tired of me spamming them their own messages!!... I r got my idea from one person who's regular mail was filled full of junk mail.. He took the junk mail and used those nice postage paid envelopes and began to stuff and return them with Pizza coupons, Oil Lube coupons. 10% off of chimney sweeping adds, etc..


.
#3: Re: Guidelines for good p@$$w0rd$ Author: Hangman PostPosted: Wed May 31, 2006 10:03 pm
    ----
my passwrods generally contain at least 5 letters and 3 numbers...ahhh geeess..now I have to redo them all..lol..nahhh..with that combo it's not likely they'll ever be hacked...
#4: Re: Guidelines for good p@$$w0rd$ Author: Shadow_BshwackrLocation: Central Illinois, USA PostPosted: Thu Jun 01, 2006 12:59 am
    ----
abcdef123?...lmao...

Just kidding!

Airshowpilot... ROFLMAO.....Did you automate the 'reply to' process too?
#5: Re: Guidelines for good p@$$w0rd$ Author: airshowpilot PostPosted: Thu Jun 01, 2006 2:31 am
    ----
- Shadow_Bshwackr
abcdef123?...lmao...

Just kidding!

Airshowpilot... ROFLMAO.....Did you automate the 'reply to' process too?


Some yes some no..I have a small picture as of today so you have an idea..
#6: Re: Guidelines for good p@$$w0rd$ Author: ShadesLocation: 3rd Branch up, 'Ye Olde Oak', Green Wood. PostPosted: Thu Jun 01, 2006 8:29 am
    ----
I hate to be picky but, shouldn't this be in 'Software'?

Razz
#7: Re: Guidelines for good p@$$w0rd$ Author: Shadow_BshwackrLocation: Central Illinois, USA PostPosted: Thu Jun 01, 2006 10:27 am
    ----
Dang Shades, I hate it when you're right...lol
#8: Re: Guidelines for good p@$$w0rd$ Author: ShadesLocation: 3rd Branch up, 'Ye Olde Oak', Green Wood. PostPosted: Thu Jun 01, 2006 10:30 am
    ----
WHEeeeeeeeeeeeeeeeeeeeeeeeeee!
-> Software

All times are GMT - 6 Hours

Page 1 of 1