Bitcoin Forum

Other => Beginners & Help => Topic started by: je_bailey on June 17, 2011, 02:38:41 PM



Title: How to make a secure password
Post by: je_bailey on June 17, 2011, 02:38:41 PM
I've seen several postings with people encountering issues with online accounts where they've had insecure passwords.

I've had over 10 years of experience with e-commerce development and security and I wanted to share some tips.


1. Make the password as long as possible. A website that's dealing with money and asking for less then 9 characters in your password has issues ( I'm looking at you Mt.Gox )
2. Combine the following; Upper and Lowercase characters, Numbers and Letters, Special characters (!,@,$,.,*... etc)
3. The more complex the better.


Examples of Good Passwords
!2#gHg6.&s
*(fs3IIIid3!F)

Examples of Bad Passwords
sdrawkcab
12121976
password

Hope this helps some of you


Title: Re: How to make a secure password
Post by: piotrus on June 17, 2011, 06:50:21 PM
also, don't use the same password on multiple sites


Title: Re: How to make a secure password
Post by: btcminer on June 17, 2011, 06:54:34 PM
I don't think it's absolutely necessary to include a bunch crazy characters in your password.

I'd suggest something easy to remember, yet hard to crack.

An example is, if you liked swiss cheese on a wednesday, and the 5th was your birthday.

5Swis5Chees5Wednesda^

That although looks relatively simple, is hard to crack unless the cracker knows your style of password creation. Using pure bruteforce, unless the guy knows you're gonna put a 5 in front of every word, capitalize every word, and put a ^ at the end, and remove the last letter of every word, it makes it very difficult to crack.

You can use your own variation, like, removing all vowels, putting '#2' between each word, etc.

Now I'm sure a lot of people are going "using your birthday number? bad idea! Capitalizing the first of every word? Bad idea! Now these would both be misconceptions because the cracker/hacker has to be able to 'predict' your pattern. An unsafe password would be:

June16  SecretPassword

Why? Because all a hacker would need to do is use a dictionary and capitalize every word. But when you take off a letter, it's no longer in the dictionary.

Why not just use a @C$*nc12m*r password? Because chances are you're gonna either:

1. Forget it. (Defeating the purpose.)

2. Write it down so you don't forget it (making it less secure).

If you can have a random password without either, then go for it :D More power to you.

If you follow these steps, chances are it's not your password that's going to be cracked, but you're going to lose it some other way.