Bitcoin Forum

Other => Beginners & Help => Topic started by: je_bailey on June 17, 2011, 02:38:41 PM


Title: How to make a secure password
Post by: je_bailey on June 17, 2011, 02:38:41 PM
I've seen several postings with people encountering issues with online accounts where they've had insecure passwords.

I've had over 10 years of experience with e-commerce development and security and I wanted to share some tips.


1. Make the password as long as possible. A website that's dealing with money and asking for less then 9 characters in your password has issues ( I'm looking at you Mt.Gox )
2. Combine the following; Upper and Lowercase characters, Numbers and Letters, Special characters (!,@,$,.,*... etc)
3. The more complex the better.


Examples of Good Passwords
!2#gHg6.&s
*(fs3IIIid3!F)

Examples of Bad Passwords
sdrawkcab
12121976
password

Hope this helps some of you

Title: Re: How to make a secure password
Post by: piotrus on June 17, 2011, 06:50:21 PM
also, don't use the same password on multiple sites

Title: Re: How to make a secure password
Post by: btcminer on June 17, 2011, 06:54:34 PM
I don't think it's absolutely necessary to include a bunch crazy characters in your password.

I'd suggest something easy to remember, yet hard to crack.

An example is, if you liked swiss cheese on a wednesday, and the 5th was your birthday.

5Swis5Chees5Wednesda^

That although looks relatively simple, is hard to crack unless the cracker knows your style of password creation. Using pure bruteforce, unless the guy knows you're gonna put a 5 in front of every word, capitalize every word, and put a ^ at the end, and remove the last letter of every word, it makes it very difficult to crack.

You can use your own variation, like, removing all vowels, putting '#2' between each word, etc.

Now I'm sure a lot of people are going "using your birthday number? bad idea! Capitalizing the first of every word? Bad idea! Now these would both be misconceptions because the cracker/hacker has to be able to 'predict' your pattern. An unsafe password would be:

June16  SecretPassword

Why? Because all a hacker would need to do is use a dictionary and capitalize every word. But when you take off a letter, it's no longer in the dictionary.

Why not just use a @C$*nc12m*r password? Because chances are you're gonna either:

1. Forget it. (Defeating the purpose.)

2. Write it down so you don't forget it (making it less secure).

If you can have a random password without either, then go for it :D More power to you.

If you follow these steps, chances are it's not your password that's going to be cracked, but you're going to lose it some other way.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines