Creating strong password.

[cleygaux]

Does it mean "LooksStrong" password can be cracked for 59 years? really? I used some really good password generator before and it can actually generate thousands of passwords in an hour but unfortunately Im not successful using it because I only test it in a very strong password characters with special characters and numbers.

[1714797445]

1714797445

[1714797445]

1714797445

[1714797445]

1714797445

[1714797445]

1714797445

[GDragon]

I think some of us aware of this thing today because as you see in every application,  they required a strong password to pass the registration of accounts. In fact,  there are only few application didn't care on what combination you will put.

[mk4]

Take note that legit and secure website read like this (https:) and not secured website has only like read like this (http:) without letter s. This is the only thing I know about secured or legit website and not secured website. I guess there are many good members here that could explain further on your posts. You may create also a thread for this for the newbies. This is very important for the awareness of the new comers here. This will let them avoid  scam and phishing activities.

This has nothing to do with a "legit" website. Anyone can get a free SSL certificate in 2 minutes (literally) and then have HTTPS in their website.

You shouldn't be looking at the text before the domain but at the domain itself. E.g: If you are on Binance, double check if it's binance.com and not binaence.com or binance.tk; Most phishing websites try to take advantage of the user who type the wrong domain or click at the unknown email with the fake website.

At this point I wouldn't even trust looking at the address bar. It's a lot safer to type it in yourself(or via a browser bookmark). There was this Binance phishing site in the past with the url: biṇaṇce.com. Yes. Take a look at it a bit closer. biṇaṇce.com. There's a dot under both n's. That's tricky as hell.

[TryNinja]

At this point I wouldn't even trust looking at the address bar. It's a lot safer to type it in yourself(or via a browser bookmark). There was this Binance phishing site in the past with the url: biṇaṇce.com. Yes. Take a look at it a bit closer. biṇaṇce.com. There's a dot under both n's. That's tricky as hell.

Damn. I thought the mainstream browsers (at least Chrome and Firefox) had fixed this issue already. The best solution at this point is bookmark each website and use an extension with an anti-phishing system like EAL or Metamask to make sure you’re in the right website.

[nakamura12]

Damn. I thought the mainstream browsers (at least Chrome and Firefox) had fixed this issue already. The best solution at this point is bookmark each website and use an extension with an anti-phishing system like EAL or Metamask to make sure you’re in the right website.

Yes, it is the best solution. My firefox browser had lots of bookmarked websites wether old topics or new ones that is helpful even until now.

For me , a strong password is enough long with number, and special characters that hacker can not access to our  account

Refer to Ognasty's suggestion or refer to op's infographic, however it's up to you on what password you would like for example:
1P4a3S5sW1o4r3D5* looks hard enough to where I got that sample password but it's a word Password and numbers 1 4 3 5 and special characters just like Ognasty's suggestion or the Op's infographic. I think you only read the title which is all about creating a strong password, good luck with that mate.

[pooya87]

One of the most critical problems, in my opinion, is the difficulty of generating those words from the ordinary user where it is difficult for the user to remember passwords such as "fw5J||59TanCRys."

it will come down to the purpose of that password in my opinion. for example password of an Email account is not of the same importance as password for the encryption of a key printed on a paper wallet. the first one can simply be "myHard@MailPass69:)" but the second one should be harder since you would need to enter the first one multiple times and losing an Email is not important most of the times but you only want the second password once so it can be "s2ujkCb27$6hdb@7bn5+Dpc3*9dm"!

there is also password managers that are safe to use, and some open source, that can handle generation and storage of strong passwords which you can use in a safe manner.

[guybrushthreepwood]

Does it mean "LooksStrong" password can be cracked for 59 years? really? I used some really good password generator before and it can actually generate thousands of passwords in an hour but unfortunately Im not successful using it because I only test it in a very strong password characters with special characters and numbers.

A password generator is not a cracking tool. I wouldn't rely on that image and using something as simple as LooksStrong as a password either and it's better to be safe than sorry. Passwords should be much stronger and longer than that but they don't need to be ridiculously so, especially if you run the risk of forgetting it which is another security risk arguably even a bigger one than hackers.

One of the most critical problems, in my opinion, is the difficulty of generating those words from the ordinary user where it is difficult for the user to remember passwords such as "fw5J||59TanCRys."

it will come down to the purpose of that password in my opinion. for example password of an Email account is not of the same importance as password for the encryption of a key printed on a paper wallet. the first one can simply be "myHard@MailPass69:)" but the second one should be harder since you would need to enter the first one multiple times and losing an Email is not important most of the times but you only want the second password once so it can be "s2ujkCb27$6hdb@7bn5+Dpc3*9dm"!

Nobody is going to be able to bruteforce a gmail password so that doesn't need to be ridiculously strong, but obviously don't use something simple. Email providers normally usually have 2fa options as well so make sure you utilize them for an extra layer. 

[VolkoB]

And so if we use a password with 12 characters (including case, numbers, and 1-2 special characters) such a password cannot be decoded, at least brute. There are many more intelligent ways to steal a password from a victim. Therefore, be safe and do not use the same password everywhere

[Korkorjkk]

This is a great information, thanks for sharing. I think I want to add something small to it, that do not use one password for different accounts, and you can have a small notebook in which you can write the passwords in them.

[erikoy]

This is a great information, thanks for sharing. I think I want to add something small to it, that do not use one password for different accounts, and you can have a small notebook in which you can write the passwords in them.

Yes, we have all initiative and it is also a common sense when it comes to keeping safe of the password we use for an account. I have different way of keeping my password too. I wrote it in the word and save as a document and zip it in a folder. I have also to copy the document in a removable storage device for a back up of my password. Thus, I have to keep it discrete for it has a lot of password that includes private key for all of my digital wallets.

Does it mean "LooksStrong" password can be cracked for 59 years? really? I used some really good password generator before and it can actually generate thousands of passwords in an hour but unfortunately Im not successful using it because I only test it in a very strong password characters with special characters and numbers.

No, not really it is just a reference for you on how to create a password and how many years it could be cracked. But, it doesn't mean that the password could only be cracked on 59 years for there could be chances that it will be cracked less than 59 years. My post only specified how difficult password could be cracked using special characters and uppercase letters password.

[Edrahil67]

You can test your password on this website https://howsecureismypassword.net/

It's show you how long is take for a computer to crack it

for exemple : ilovebitconsomuch

take  23 million years to crack ! 

[LoyceV]

You can test your password on this website https://howsecureismypassword.net/

NEVER enter any of your password anywhere else than the original website where you use it! This is how you lose your security.

for exemple : ilovebitconsomuch

take  23 million years to crack ! 

Just like the examples in the OP, this isn't true! It's a very dumb method to estimate the cracking time for dictionary words as if it's random characters.
Scientific paper Speed Optimizations in Bitcoin Key Recovery Attacks gives some examples (page 6) of brain wallet passwords they cracked:

1.  say hello to my little friend
2.  to be or not to be
3.  Walk Into This Room
4.  party like it’s 1999
5.  yohohoandabottleofrum
6.  dudewheresmycar
7.  dajiahao
8.  hankou
9. {1summer2leo3phoebe
10.  0racle9i
11.  andreas antonopoulos
12.  Arnold Schwarzenegger
13.  blablablablablablabla
14.  for the longest time
15.  captain spaulding

According to the website you showed, these passwords would be impossible to crack. In reality, a smart attacker can crack them.
To prevent this, you'll need to have a password with random characters, and for that, you'll need a password manager.

[mk4]

I think this is great, but if you're someone like me, creating it isn't the problem... remembering it is!

Password managers exist. It makes it a lot easier since you only need to memorize one complex password- your master password. Everything else: you other passwords, will be generated and stored on the password manager itself.

Lookup KeePass2. It blows my mind why people still don't use password managers.

Its debatable, that is according to this article: Overall Security of Password Managers Debatable, Cracking Firm Says. I'm old school anyhow, I would rather write down my password or memorize everything instead of using password manager.

Yes. It definitely depends. Using a password manager is pretty useless if your master password itself is weak, and it the password database you're using is in the cloud. If done well, using a password manager is definitely better in my opinion.

Writing down your password is definitely safer. No question about that. But would I memorize or write down every single password I use online? Knowing that I have more than 30 accounts online, hell no. Not to mention that I have to type in a 40-character password every time I have to login to a specific website? Nope. Not a single chance I'm doing that. Using the pen and paper method is pretty much only feasible if you have only a few accounts(probably 5 max). Imagine writing all 30 different 40-character passwords on paper. Thinking about it alone makes me nauseous; let alone memorizing every single one.

Another thing on the pen and paper method. If you have lots of accounts, you'd have to write every single password; the margin for error is pretty high in my opinion. Not to mention you'd have to make multiple copies if ever you lost your original copy. The percentage chance of you messing up/missing a single character of a single password is definitely not zero.

[Areding]

The longer the password and the more randomness of letters and numbers in it, the harder it is to crack it, as fraudsters are looking for logically constructed passwords. Therefore, keep in mind)

[Ardavan2150]

I think the best way to select a strong password is to let Google Chrome or Safari choose it for you.
They have "suggested password" option whenever you want to create an account.
They create a crazy complicated password and suggest it to you, and you just have to say yes.
Then they save it for you on your Gmail. You just have to make sure your Gmail account password is strong and turn on the extra security feature for it to make sure you don't loose it.

[shasan]

To create strong password you can use https://passwordsgenerator.net/
From https://passwordsgenerator.net/ you can get random and strong password which no one can imagine and also it is easy to generate. You can create password by combine of Symbols, Numbers, Lowercase Characters, Uppercase Characters. Also while generating password you can exclude Similar Characters as well as Ambiguous Characters.
And even you can select how many characters the password will be!

[nakamura12]

To create strong password you can use https://passwordsgenerator.net/
From https://passwordsgenerator.net/ you can get random and strong password which no one can imagine and also it is easy to generate. You can create password by combine of Symbols, Numbers, Lowercase Characters, Uppercase Characters. Also while generating password you can exclude Similar Characters as well as Ambiguous Characters.
And even you can select how many characters the password will be!

Check the Op's provided image the password you stated is the same as  the op's provided image that contains Uppercase, Lowercase, numbers and more. Using the password generator is also a good idea to choose a strong password but for me i'll use password generator as my guide on what to add when making a password. I prefer creating my own password that is based on internet or generator but I won't use passwords from passwords generators.

[dvdrewritable]

Thanks for your nice post with an informative photo. Yes, the password is one of the most serious issues for creating an account and it should be strong as no one can break it. But for making secure my wallet and information I generally like to use a password manager that's why I have been using LastPass and KeePass password manager.

[erikoy]

I think this topic was useful here so I am just wanting to bump this thread as it has been given the chance to get merit.

Anyway, I just remember this and was able to apply it after the seminar. So far it is effective though others had given also their input which is also good. But, to those who are not really that techie and wish about knowing good password then you can start reading the post again and see the image I posted.

[madrogue]

Creating a strong password is good to secure your account and keep it safe. But, there are have other ways, that hacker can steal your password. They can steal by use phising, keylogger, brute force and many more to steal your password.
I think you can add autenthication to add more secure your account.