Bitcoin Forum

Other => Off-topic => Topic started by: Myleschetty on August 05, 2020, 09:36:48 PM


Title: password generator site
Post by: Myleschetty on August 05, 2020, 09:36:48 PM
I was doing some research about how to use strong password which can be easily remember and I find a site (https://passwordsgenerator.net/) which was said to randomly generate strong password.
My question is, should i trust the password generate from this site?
Is it save from brute force?

Note : I'm going to use with an offline computer

I dont know if i posted this thread in the right section if not please let me know.

Title: Re: password generator site
Post by: jackg on August 05, 2020, 09:44:44 PM
I'd recommend this: https://youtu.be/Pe_3cFuSw1E


Or I'd go to somewhere like
https://iancoleman.io/bip39/ or look at the bip39 wordlist and make a 6-9 word seed.

A 6 word seed is of complexity O(73,786,976,294,838,206,464) to be cracked afaik.

https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt - wordlist is here.

Title: Re: password generator site
Post by: pooya87 on August 06, 2020, 03:19:35 AM
Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
My question is, should i trust the password generate from this site?

no because you can not see the source code of this website so you don't know what it is doing in the background. i would only trust open source software for security sensitive matters and only run them on an airgap computer (not just offline).

Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
Is it save from brute force?
it depends on what length of password you choose and what you use it for. sometimes passwords aren't used as they are given, it could be fed into a KDF and a new password is derived with a salt and then used which would increase the difficulty of brute force by a lot. eg. BIP-38.

Title: Re: password generator site
Post by: Charles-Tim on August 06, 2020, 05:32:29 AM
To create a password yourself, it will be good to create it randomly using your phone or computer, I do this by typing randomly capital and small letters and other characters on my keyboard. For example:

Aghdh#+&:$?!%-%;%+472#!'AG&eu2766vgdgxttdbd2765;"&$-$;+%6&@3$((+++?$;":$;#-$"&&$&$;A
Do not use this, just an example

That characters above is generated randomly by me just typing on different characters on my keyborad, which i believe no one can brute force it, it is safe because I generated it offline. Strong passwords can not be saved off hand, having the backup on paper in a safe place is better.

You can try another recommended way below, it will be better to use offline random password generator as online online one are not safe at all. Check the topic below, it can guide you to how to create a very strong password, the longer the password the lesson likely for it to be brute forced.

https://bitcointalk.org/index.php?topic=5132378.0
Quote from: GreatArkansas on April 16, 2019, 07:19:39 AM
For every website that we are using especially those required a password, mostly are our email, crypto exchanges, forum accounts, social media accounts, etc. are requiring to make our password strong and secure. Did you follow them? or did you create a password that is too short? Common passwords? Well, that is bad practice. By using a strong password, it will help our accounts more secure against hacker over the internet.

We need to know first some example passwords that aren't advisable or very common one.

A. All of these passwords are very common and you should not use it!
  • 123456
  • abcdefg
  • abc12345
  • password
  • password123
  • More common passwords. (https://www.esquire.com/lifestyle/a25570880/top-passwords-2018/More common passwords)

B. Never use passwords that include your personal information such as:
  • Name
  • Date of birth
  • Place of birth
  • Your address
Reason because why you should not ever include some of your personal information on your password because it will be an advantage on the hacker if he/she know some of your personal info, he/she can easily guess your password by using them.

C. Never use common Substitutions:
Examples:
  • D0gH0us3
  • W33kdays
  • IL0v3D0gs
Using of these kinds of password is really obvious, like D0gs , you just replaced the o with a 0. It can easy to brute force attack, just by replacing some common characters with some numbers or letters.
Creating your strong passwords
Since we already know what kinds of password that shouldn't be used, we can now proceed now on creating a strong and secure password.
  • Make sure your password is long,
    mix of  capital/small A-Z alphabets,
    0-9 numbers,
    special characters such as &^$#
    Like S5#A$B1dpqzM^UMk , but this is very hard to memorize.
    How to memorize these kinds of password? :
     
  • The sentence method:
    This idea of this method is you will create a password from a random sentence or any sentence created by you.
    Example:
    You will take every first 2 characters on each word from the sentence "I Was Born At 2:35pm In The Country Of Germany"
    Result:  IWaBoAt2:InThCoOfGe

  • Using Passphrase
    Passphrase is consist of multiple words, the randomness of every word for creating a passphrase makes it strong.
    Example:
    "Dog in the dark" -  Word make sense and it is grammatically ordered.
    "hulk touch adjourn omega" - Don't make sense phrase, not in grammatically order.
    You can use this password by capitalized every second character of every word, adding a special character between the words.
    Like hUlk&tOuch$aDjourn@oMega -
    You can use the Sentence Method here, for example, taking every first two characters of every word, capitalized every 2nd character of the word and adding random special characters.
    "hUlk tOuch aDjourn oMega".
    Result :  hU#tO!aD*oM$

  • Using random password generator,
    Quote from: whotookmycrypto on April 16, 2019, 07:40:58 AM
    Also, wouldn't feel comfortable using an online tool like Avast to generate passwords. Much more comfortable using an offline tool to generate passwords like a password manager eg. https://keepass.info/ With KeyPass, you can generate strong passwords in 2 simple steps.

    Step 1: Select dropdown box
    Step 2: Select the strength required of your password
    Note: You can also customize what characters are allowed / disallowed in your passwords when they are generated which is handy.

    https://i.imgur.com/DzWGBkb.png

    Lastly, using password managers also solves the problem you mentioned of passwords being "hard to memorize".

    REMOVED the Avast Random Password Generator, since I found that the offline and open-sourced one is much safer.

  • Password Manager
    Using a password manager will help us to ogranize our different password on different website. I will suggest to use https://keepass.info/, this is open-source project and free.
    https://i.imgur.com/dormpaL.png
    Steps on how to use KeePass password manager:
    1st, Download and install the KeePass (https://keepass.info/), you can use the portable version or the installer.
    2nd, Once the installation is done, you will be asked for the master password and the location path for the KeePass KDBX File (.kdbx) where you can use that as your backup.
    3rd, Fill up the fields.
    https://i.imgur.com/qq2zbC8.png
    You can just easily copy/paste your password in different entry you made, by just double-clicking it on password field. Password will paste on your clipboard and will automatically delete after 12 seconds.
    *Make sure you save your database of KeePass safe and remember your master password on the database*
    Thanks whotookmycrypto (https://bitcointalk.org/index.php?topic=5132378.msg50625166#msg50625166) and OmegaStarScream (https://bitcointalk.org/index.php?topic=5132378.msg50625257#msg50625257) for this.

    Android Version:
    KeePassDroid  (https://play.google.com/store/apps/details?hl=en&id=com.android.keepass)
    I just found an android version for password manager/password generator which is also open-source and you can use it offline.
    The good thing here you can import your database file from your KeePass in windows. They are almost the same.
    https://i.imgur.com/o2Faf3v.png
    Read/write support for .kdb and KeePass 1.x.
    Read/write support for .kdbx and KeePass 2.x.
TIPS
  • Do not share your passwords to anyone.
    Be careful who you trust, never share your password.
  • Use a different password for every account you have.
    Just like on different crypto exchanges, don't use only one password for every exchange you have.
  • Always create long passwords.
    The most recommends password contains a minimum of 8 characters  or 12 characters
  • Never upload your passwords to the cloud.
    Avoid storing your passwords online, like storing it on some file hosting services.
  • Always use two-factor authentication(2FA) or multi-factor authentication (MFA).
    This will help your account more secure, since before you can log-in on a particular website.
  • Be careful on Phishing websites.
    Even how strong your password is, once you fall in phishing website, it's useless.

Some discussion here Creating strong password. (https://bitcointalk.org/index.php?topic=5052209.0).

You got any ideas creating our password strong and secured or any tips? feel free to add by posting it below ;)
Filipino Version: Gabay sa Paggawa ng Malupit at Ligtas na Password (https://bitcointalk.org/index.php?topic=5138376.0)
Sources:
How to create a strong password (https://blog.avast.com/strong-password-ideas)
How to Create a Strong Password (and Remember It) (https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/)
How to Create a Secure Password (https://www.wikihow.tech/Create-a-Secure-Password)
[must read]Tips on creating a secure password[important] (https://www.mobilarian.com/showthread.php?t=300564)

Title: Re: password generator site
Post by: Paperweight on August 06, 2020, 08:04:17 AM
Don't use a password generator website. Thousands of Bitcoins have been stolen this way. Even if you use if offline, it is HIGHLY LIKELY to give you intentionally or unintentionally predictable output.

Don't use a super-strong random password without a physically secured, but weakish-password, backup wallet. Thousands of Bitcoins have been lost this way. You are HIGHLY LIKELY to forget any password that's strong enough to not be brute-forced.

DO focus on the basics of "security" = "something you have" + "something you know". Assume that, tonight, Russian hackers will whack you on the head, give you password amnesia, steal your airgapped computer, start grinding it with a supercomputer, and burn your house down with everything in it to hide the evidence.  ;D

Title: Re: password generator site
Post by: Charles-Tim on August 06, 2020, 09:21:48 AM
Quote from: Paperweight on August 06, 2020, 08:04:17 AM
Don't use a password generator website. Thousands of Bitcoins have been stolen this way. Even if you use if offline, it is HIGHLY LIKELY to give you intentionally or unintentionally predictable output.
If the random password generator is offline, there is nothing bad to use it, but I consider it stressful than to randomly input different characters on my keyboard, but that does not mean it is not safe, nothing connected it online, but use the recommended ones. If connected online, then it is not advisable because we do not know what is running underground to steal the password online in the process of creating it.

Title: Re: password generator site
Post by: o_e_l_e_o on August 06, 2020, 01:03:12 PM
Quote from: Charles-Tim on August 06, 2020, 09:21:48 AM
If the random password generator is offline, there is nothing bad to use it
This is not accurate. It is only completely safe to use an offline password generator if it is open source, you have reviewed the code yourself, and you have compiled it yourself.

A malicious password generator could give you one of a number of pre-generated paawords, which an attacker also has stored on their own device, giving them a very short list to brute force from.

Title: Re: password generator site
Post by: bob123 on August 06, 2020, 01:32:55 PM
You should never ever use a website (doesn't matter whether online of offline) to create a password for you.

You got a few options to securely generate a password:
  • Use some pseudorandom characters you type yourself, or
  • use a trusted and open source password manager, or
  • use your OS's random number generator (easier with linux /dev/random than with windows)

And as i have mentioned in this post (https://bitcointalk.org/index.php?topic=5132378.msg50625648#msg50625648), length beats complexity.  Rather choose a password which is a few chars longer, than a shorter one with a larger set of chars.

Title: Re: password generator site
Post by: optimisticcm on August 06, 2020, 05:49:53 PM
Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
I was doing some research about how to use strong password which can be easily remember and I find a site (https://passwordsgenerator.net/) which was said to randomly generate strong password.
My question is, should i trust the password generate from this site?
Is it save from brute force?

Note : I'm going to use with an offline computer

I dont know if i posted this thread in the right section if not please let me know.
I donot trust or use any third party password generator or storing apps or softwares. Even if i need to do so i do it with my google account because it syncs automatically giving me access from anywhere and anytime.

Title: Re: password generator site
Post by: daneal stev on August 06, 2020, 08:43:28 PM
Yes my friend you can trust these sites as they only create a password but their words are awkward and difficult to remember so it is better to create a password based on yourself where you can put a password be. Its content is a sentence you know well or a difficult number but easy to remember

Title: Re: password generator site
Post by: Myleschetty on August 06, 2020, 11:02:10 PM
Quote from: pooya87 on August 06, 2020, 03:19:35 AM
Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
My question is, should i trust the password generate from this site?

no because you can not see the source code of this website so you don't know what it is doing in the background. i would only trust open source software for security sensitive matters and only run them on an airgap computer (not just offline).
Just need to know that cause the site SSL seems ok. How can I run computer on an airgap?

Title: Re: password generator site
Post by: IntuitiveCoins on August 06, 2020, 11:19:55 PM
I would get an offline password generator. Even so, is it really that hard to generate a good password by yourself? Just post a bunch of letters and numbers, so long as it's long enough you should be fine.

For example: 239hwo32#87rioe3krrpefqap

Or use a trusted open source password manager.

Title: Re: password generator site
Post by: Mpamaegbu on August 07, 2020, 05:08:16 AM
    Quote from: bob123 on August 06, 2020, 01:32:55 PM
    You should never ever use a website (doesn't matter whether online of offline) to create a password for you.
    This, honestly, ranks as the best advice on this issue for me. Sometimes I wonder if it's lethargy or indifference that makes those who use it do it. I believe it exposes the user to a level of vulnerability.

    Quote from: bob123 on August 06, 2020, 01:32:55 PM
    You got a few options to securely generate a password:
    • Use some pseudorandom characters you type yourself
    Yes, just make it as long as you want to provided you're also going to copy it out on paper. Well, I think every password on any site should be copied out. Don't trust your brain to always remember. 🤔[/list]

    Title: Re: password generator site
    Post by: boyptc on August 07, 2020, 06:52:23 AM
    Quote from: daneal stev on August 06, 2020, 08:43:28 PM
    Yes my friend you can trust these sites as they only create a password but their words are awkward and difficult to remember so it is better to create a password based on yourself where you can put a password be. Its content is a sentence you know well or a difficult number but easy to remember
    I wouldn't.

    If you rely on bob's reply, you'll understand why you shouldn't. Create a password that you only know and unique just like those generators do but it's not published there.

    Title: Re: password generator site
    Post by: Naida_BR on August 07, 2020, 10:24:46 AM
    Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
    I was doing some research about how to use strong password which can be easily remember and I find a site (https://passwordsgenerator.net/) which was said to randomly generate strong password.
    My question is, should i trust the password generate from this site?
    Is it save from brute force?

    Note : I'm going to use with an offline computer

    I dont know if i posted this thread in the right section if not please let me know.

    I would never trust a website like this one.
    You don't know what is going on on the background and on top of that Passwords are very sensitive data - even if you insert a password by yourself you can see that hackers try to hack it - imagine what will happen with a password generated from a random site.

    Title: Re: password generator site
    Post by: articlecity on August 07, 2020, 11:43:18 AM
    Do not use such services rather you should create your own passwords and keep a diary with all your passwords or store online in your email. This works well for me to be honest.

    Title: Re: password generator site
    Post by: PurpleFrog on August 07, 2020, 01:48:55 PM
    If you need password for website accounts I can recommend you LastPass. It's browser extension (available for Chrome, Firefox and Opera) that can generate and store your passwords. I've been using it for years and never had a problem.

    Title: Re: password generator site
    Post by: jrrsparkles on August 07, 2020, 04:56:28 PM
    Quote from: PurpleFrog on August 07, 2020, 01:48:55 PM
    If you need password for website accounts I can recommend you LastPass. It's browser extension (available for Chrome, Firefox and Opera) that can generate and store your passwords. I've been using it for years and never had a problem.
    Stores your password? Then I would never recommend it because we never know what is actually going behind maybe they keep log of your every passwords and can sell it on the darknet. :D Extensions are one of the main reason for people gets hacked so don't trust them anyways.

    Title: Re: password generator site
    Post by: Paperweight on August 07, 2020, 07:21:44 PM
    Guys, guys! If you need to generate random passwords just use your operating system's built-in tools.

    From the Mac or Linux terminal:
    Code:
    LC_ALL=C tr -cd \!-~ < /dev/urandom | head -c 42

    From Windows Powershell:
    Code:
    [Reflection.Assembly]::LoadWithPartialName("System.Web")
    [System.Web.Security.Membership]::GeneratePassword(42, 0)

    And if you INSIST on doing it from a web browser, just copy-paste this into a text file and rename it random.html, but keep in mind your "Free VPN" or whatever browser extensions are probably sending all your passwords to China anyway.
    Code:
    <script>
    var bytes = new Uint8Array(420);
    window.crypto.getRandomValues(bytes); // supposed to be cryptographically secure
    document.write(
      [...bytes]
      .filter(x => 33 <= x && x <= 126) // filter out non-ascii character codes
      .map(x => String.fromCharCode(x)) // map character codes to characters
      .join('')                         // join characters into string
    );
    </script>

    Title: Re: password generator site
    Post by: OgNasty on August 07, 2020, 07:41:25 PM
    Imagine thinking that having a 3rd party generate and store your passwords is a good idea...

    Title: Re: password generator site
    Post by: Artemis3 on August 09, 2020, 09:46:14 AM
    Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
    I was doing some research about how to use strong password which can be easily remember and I find a site (https://passwordsgenerator.net/) which was said to randomly generate strong password.
    My question is, should i trust the password generate from this site?
    Is it save from brute force?

    Note : I'm going to use with an offline computer

    I dont know if i posted this thread in the right section if not please let me know.

    You should download a proper password manager like KeepassXC (Free and Open Source) and let that generate your passwords. Never trust online generators, or proprietary software for that matter.

    How do you know such an online generator isn't saving it for some private database or giving it to some agency?

    Title: Re: password generator site
    Post by: josephsonand on August 10, 2020, 08:06:27 AM
    Quote from: pooya87 on August 06, 2020, 03:19:35 AM
    no because you can not see the source code of this website so you don't know what it is doing in the background. i would only trust open source software for security sensitive matters and only run them on an airgap computer (not just offline).
    It's just a set of characters that almost nothing (and most likely nothing) can be tracked. After all, you don't even have to copy it to the clipboard to save it. You can also rewrite it by hand. The main thing is to get a ready-made set of characters for the password.

    Title: Re: password generator site
    Post by: Mor254 on August 11, 2020, 06:11:17 AM
    This is a good site and I use it in order to get strong passwords and can be trusted because this site only gives us passwords and he does not know where we will put these words, whether in sites or emails

    Title: Re: password generator site
    Post by: StyleForceOne on August 11, 2020, 07:59:25 AM
    Quote from: Myleschetty on August 05, 2020, 09:36:48 PM
    I was doing some research about how to use strong password which can be easily remember and I find a site (https://passwordsgenerator.net/) which was said to randomly generate strong password.
    My question is, should i trust the password generate from this site?
    Is it save from brute force?
    Note : I'm going to use with an offline computer
    I dont know if i posted this thread in the right section if not please let me know.
    If you really do care about such things - isn't it easier to sort of generate your own random password?
    I am totally fine with using online service like passwordgenerator net or whatever, so can't help with finding the service


    Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines