[GUIDE] How to Create a Strong/Secure Password

[GreatArkansas]

For every website that we are using especially those required a password, mostly are our email, crypto exchanges, forum accounts, social media accounts, etc. are requiring to make our password strong and secure. Did you follow them? or did you create a password that is too short? Common passwords? Well, that is bad practice. By using a strong password, it will help our accounts more secure against hacker over the internet.

We need to know first some example passwords that aren't advisable or very common one.

A. All of these passwords are very common and you should not use it!

• 123456
• abcdefg
• abc12345
• password
• password123
• More common passwords.

B. Never use passwords that include your personal information such as:

• Name
• Date of birth
• Place of birth
• Your address

Reason because why you should not ever include some of your personal information on your password because it will be an advantage on the hacker if he/she know some of your personal info, he/she can easily guess your password by using them.

C. Never use common Substitutions:
Examples:

• D0gH0us3
• W33kdays
• IL0v3D0gs

Using of these kinds of password is really obvious, like D0gs , you just replaced the o with a 0. It can easy to brute force attack, just by replacing some common characters with some numbers or letters.
Creating your strong passwords
Since we already know what kinds of password that shouldn't be used, we can now proceed now on creating a strong and secure password.

• Make sure your password is long,
  mix of  capital/small A-Z alphabets,
  0-9 numbers,
  special characters such as &^$#
  Like S5#A$B1dpqzM^UMk , but this is very hard to memorize.
  How to memorize these kinds of password? :
   
  
• The sentence method:
  This idea of this method is you will create a password from a random sentence or any sentence created by you.
  Example:
  You will take every first 2 characters on each word from the sentence "I Was Born At 2:35pm In The Country Of Germany"
  Result:  IWaBoAt2:InThCoOfGe
  
  
• Using Passphrase
  Passphrase is consist of multiple words, the randomness of every word for creating a passphrase makes it strong.
  Example:
  "Dog in the dark" -  Word make sense and it is grammatically ordered.
  "hulk touch adjourn omega" - Don't make sense phrase, not in grammatically order.
  You can use this password by capitalized every second character of every word, adding a special character between the words.
  Like hUlk&tOuch$aDjourn@oMega -
  You can use the Sentence Method here, for example, taking every first two characters of every word, capitalized every 2nd character of the word and adding random special characters.
  "hUlk tOuch aDjourn oMega".
  Result :  hU#tO!aD*oM$
  
  
• Using random password generator,
  

  Also, wouldn't feel comfortable using an online tool like Avast to generate passwords. Much more comfortable using an offline tool to generate passwords like a password manager eg. https://keepass.info/ With KeyPass, you can generate strong passwords in 2 simple steps.
  
  Step 1: Select dropdown box
  Step 2: Select the strength required of your password
  Note: You can also customize what characters are allowed / disallowed in your passwords when they are generated which is handy.
  
  
  
  Lastly, using password managers also solves the problem you mentioned of passwords being "hard to memorize".
  

  
  REMOVED the Avast Random Password Generator, since I found that the offline and open-sourced one is much safer.
  
  
• Password Manager
  Using a password manager will help us to ogranize our different password on different website. I will suggest to use https://keepass.info/, this is open-source project and free.
  
  Steps on how to use KeePass password manager:
  1st, Download and install the KeePass, you can use the portable version or the installer.
  2nd, Once the installation is done, you will be asked for the master password and the location path for the KeePass KDBX File (.kdbx) where you can use that as your backup.
  3rd, Fill up the fields.
  
  You can just easily copy/paste your password in different entry you made, by just double-clicking it on password field. Password will paste on your clipboard and will automatically delete after 12 seconds.
  *Make sure you save your database of KeePass safe and remember your master password on the database*
  Thanks whotookmycrypto and OmegaStarScream for this.
  
  Android Version:
  KeePassDroid
  I just found an android version for password manager/password generator which is also open-source and you can use it offline.
  The good thing here you can import your database file from your KeePass in windows. They are almost the same.
  
  Read/write support for .kdb and KeePass 1.x.
  Read/write support for .kdbx and KeePass 2.x.
  

TIPS

• Do not share your passwords to anyone.
  Be careful who you trust, never share your password.
  
• Use a different password for every account you have.
  Just like on different crypto exchanges, don't use only one password for every exchange you have.
  
• Always create long passwords.
  The most recommends password contains a minimum of 8 characters  or 12 characters
  
• Never upload your passwords to the cloud.
  Avoid storing your passwords online, like storing it on some file hosting services.
  
• Always use two-factor authentication(2FA) or multi-factor authentication (MFA).
  This will help your account more secure, since before you can log-in on a particular website.
  
• Be careful on Phishing websites.
  Even how strong your password is, once you fall in phishing website, it's useless.
  

Some discussion here Creating strong password..

You got any ideas creating our password strong and secured or any tips? feel free to add by posting it below
Filipino Version: Gabay sa Paggawa ng Malupit at Ligtas na Password
Sources:
How to create a strong password
How to Create a Strong Password (and Remember It)
How to Create a Secure Password
[must read]Tips on creating a secure password[important]

[1713243151]

1713243151

[1713243151]

1713243151

[whotookmycrypto]

Using random password generator, like Random Password Generator by Avast.
It generates random passwords, you can set it whether it contains special characters, numbers or small/capital letters.

Good stuff. Personally feel that no password guide would be complete without a section on how to store and use them eg. with a password manager.

Also, wouldn't feel comfortable using an online tool like Avast to generate passwords. Much more comfortable using an offline tool to generate passwords like a password manager eg. https://keepass.info/ With KeyPass, you can generate strong passwords in 2 simple steps.

Step 1: Select dropdown box
Step 2: Select the strength required of your password
Note: You can also customize what characters are allowed / disallowed in your passwords when they are generated which is handy.



Lastly, using password managers also solves the problem you mentioned of passwords being "hard to memorize".

Interesting read on how password cracking is done: https://arstechnica.com/information-technology/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/
Helps you gain insights into unsafe sources of generating your password from.

Stay safe.

[nakamura12]

It has been discussed here in the forum on how to create strong password so I'll just add the thread link in here and also you can read other people's tips on what to do if something happens or if there is a virus/malware in your computer. Here's the link of the thread: Creating strong password..

[whotookmycrypto]

It has been discussed here in the forum on how to create strong password so I'll just add the thread link in here and also you can read other people's tips on what to do if something happens or if there is a virus/malware in your computer. Here's the link of the thread: Creating strong password..

Yes, saw that and wanted to link to that too. But having read both threads don't you think OP's post is much more comprehensive than the other thread?

[OmegaStarScream]

A video to give people a deeper understanding of how hackers crack passwords: https://www.youtube.com/watch?v=YiRPt4vrSSw

As for your suggestion to use Avast, I think it's safer and more secure to use something open source like KeePass to both generate and store passwords.

[nakamura12]

Yes, saw that and wanted to link to that too. But having read both threads don't you think OP's post is much more comprehensive than the other thread?

Well, it's not about which thread is much more comprehensive but one thing in common both of them provide an Image where there is an example of strong password on a board. The reason I link that thread is that there are replies there like an app you can use to have a strong password like having a password manager.

What do you think about this the same threads?

Date Created: November 20, 2018, 08:25:11 AM
https://bitcointalk.org/index.php?topic=5072351.0
The image is not that good but still clear anyway.

Date Created: April 04, 2019, 05:16:41 AM
https://bitcointalk.org/index.php?topic=5127958.0

[bob123]

A general rule regarding password security is:

Length beats complexity.


Rather make your password a few characters longer, than using special characters which makes it hard to memorize.

This quote is from a post i made less than 2 weeks ago:

Complexity:
We got a charset of 26 (lower case letters) + 26 (upper case letters) + 10 (numbers) + 32 (special characters) = 94
Now with a 'normal' password length (8 chars) we got 6.095.689.385.410.816 possibilities.

Length:
If we look at lowercase letters only, we got a base of 26.
A password with a length of 12 has 95.428.956.661.682.176 different combination and already is about 15 times stronger than a complex password with 8 chars.

Mathematically it is better to increase the exponent (amount of characters) , not the base (set of characters).
This example was with lowercase letters only.
If you take upper case and numbers into it, you can confidently go without special characters by simply increasing the length by 2 or 3 chars.

Example:
You will take every first 2 characters on each word from the sentence "I Was Born At 2:35pm In The Country Of Germany"
Result:  IWaBoAt2:InThCoOfGe

You know, what would be an even stronger password ? If you'd take the whole sentence: I Was Born At 2:35pm In The Country Of Germany
You have to memorize the same, but you increase strength by a lot.

Another example for a stronger (and easier to type) password would be: Germany is where i have been born.
Even though it might seem less secure because it is a whole logic sentence, the bit strength considering bruteforce is way better.

And dictionary attacks aren't effective against this either, even though this is against your rule B:

B. Never use passwords that include your personal information

To completely mitigate dictionary attacks which are targeted at you, use random words.

The classical password correct battery horse staple is about 10¹² (= 1.000.000.000.000) times stronger than IWaBoAt2:InThCoOfGe:


correct battery horse staple:
- lowercase + special chars (even tho its just 1 it has to be considered) = charset of 58
- 28 Characters

=> 58²⁸ possibilities => ~ 2.37x 10⁴⁹


IWaBoAt2:InThCoOfGe:
- Lower- + Uppercase + special chars (even tho its just one it has to be considered) + numbers = charset of 94
- 19 Characters

=> 94¹⁹ possibilities => ~ 3.08 x 10³⁷



So, to summarize:

Length beats complexity!

[GreatArkansas]

Also, wouldn't feel comfortable using an online tool like Avast to generate passwords. Much more comfortable using an offline tool to generate passwords like a password manager eg. https://keepass.info/ With KeyPass, you can generate strong passwords in 2 simple steps.

Thanks for this, I added this on the OP, before the Avast random password generator since I found this KeePass is much safe since you can generate password offline and it is open-source.

Good stuff. Personally feel that no password guide would be complete without a section on how to store and use them eg. with a password manager.

Done creating a simple guide on how to use a password manager, I used the KeePass since OmegaStarScream also found this much safer than Avast.

It has been discussed here in the forum on how to create strong password so I'll just add the thread link in here and also you can read other people's tips on what to do if something happens or if there is a virus/malware in your computer. Here's the link of the thread: Creating strong password..

Oh, Thanks for noticing this thread, no worries, I will also add this on the OP.

A general rule regarding password security is:
Length beats complexity.
Rather make your password a few characters longer, than using special characters which makes it hard to memorize.

Exactly. The more characters on your password will be more secure and make your password stronger.

And dictionary attacks aren't effective against this either, even though this is against your rule B:

This rule B is risky if some hacker is the only target is you, they can use some of your personal info to bruteforce your passwords, and yes dictionary attacks for this is really aren't effective.

You know, what would be an even stronger password ? If you'd take the whole sentence: I Was Born At 2:35pm In The Country Of Germany
You have to memorize the same, but you increase strength by a lot.

But this still safety for some scenarios? Like for example, you are on the public and then you type this password and someone is watching you then they can read what you are typing in the keyboard as they can read on what you are typing in the keyboard.

[hugeblack]

The problem is that if you choose an easy password it is easy to hacks, otherwise it is difficult to remember or people will copy/paste those words "You will be exposed to many risks such as clipboard viruses, impossible to remember without copying/pasting."

The best option is to use some sites like this site -----> https://passwordsgenerator.net/[/b]]https://passwordsgenerator.net/.

you can generate new password:  [ raQyd*UF!E3+PGZkz2kBrp+ ]  and you can save this to remember:  [  rope apple QUEEN yelp drip * USA FRUIT ! EGG 3 + PARK GOLF ZIP korean zip 2 korean BESTBUY rope park +  ]

[Lucius]

I never use any password generator, my brain is best generator and paper is for now keep all them safe. It's quite logical to not use common / simple passwords (which most people do), but to make relatively strong passwords. Take for example a 12-character password, it is not easy for the average person to remember such password, but if we divide it in 3 parts (3x4 character) it is very easy to remember such password.

Even if I always create unique passwords and write them down on paper, with time I manage to learn them by memorize part of the password at the time. If I estimate that password need extra strength, I just add 4 character more by password change option. In this way you can very easy memorize even 20-character password, and in same time keep backup on paper.

[TMAN]

I never use any password generator, my brain is best generator and paper is for now keep all them safe. It's quite logical to not use common / simple passwords (which most people do), but to make relatively strong passwords. Take for example a 12-character password, it is not easy for the average person to remember such password, but if we divide it in 3 parts (3x4 character) it is very easy to remember such password.

Even if I always create unique passwords and write them down on paper, with time I manage to learn them by memorize part of the password at the time. If I estimate that password need extra strength, I just add 4 character more by password change option. In this way you can very easy memorize even 20-character password, and in same time keep backup on paper.

Really paper? RL opsec isn’t your strong point.

[Lucius]

Really paper? RL opsec isn’t your strong point.

What is wrong with paper? With proper storage paper can last a few hundreds years, quite enough for me. I was never hacked or lost any password in 15 + years of using internet.

Generally speaking, good quality paper stored in good conditions (cooler temperatures; 30-40% relative humidity) are able to last a long time -- even hundreds of years.

https://www.loc.gov/preservation/care/deterioratebrochure.html

[bob123]

You know, what would be an even stronger password ? If you'd take the whole sentence: I Was Born At 2:35pm In The Country Of Germany
You have to memorize the same, but you increase strength by a lot.

But this still safety for some scenarios? Like for example, you are on the public and then you type this password and someone is watching you then they can read what you are typing in the keyboard as they can read on what you are typing in the keyboard.

Usually password fields do not show what you enter in plain text.

Regarding watching the keyboard.. that applies to anything you enter. I'd even say that it is harder to recognize what you type if you type a sentence fast, than typing a complex password slowly.

But in the end.. we were talking about technical security.
Someone can always just watch what you type or blackmail you to give the password out. No password is protected against that.

[tbct_mt2]

I heard about Keepass around two months ago, but still not use it to secure my account. Today, the guide makes me feel more easily to secure my accounts with Keepass. The random apssword genersting feature is amazing.
All those steps presented are very detailed, and tips from whomtookmycrypto makes sense. I appreciated contributions both GreatArkansas and whomtookmycrypto for the topic and for the forum.

[mk4]

• Never upload your passwords to the cloud.

I really don't know about this point. While having your password database on the cloud like on your Dropbox account is definitely a security attack vector, I think it should be fine if your master password is also secure enough(as it should be in the first place). I mean, I don't trust my hard drive to not break in the future; and it would be a hassle to update my password db on a flash drive every time I change a password. So using the cloud to store my password db is fine for me. Just my 2 satoshis.

[r1a2y3m4]

I went to a seminar and they told us how to create a strong password. The person that gave the seminar said that you should create a password by making a phrase . For example, I Ate A Thousand Donuts In 1 Day. The scenario shouldn't be related to you just like my example and you will get the first letter of the words in the phrase. So that would be. IAATDI1D. Or you can try iaatdi1d. Or a combination of it, IaAtDi1d. But I think the best password includes special characters since password hackers will find a hard time hacking it.

[o_e_l_e_o]

For example, I Ate A Thousand Donuts In 1 Day. The scenario shouldn't be related to you just like my example and you will get the first letter of the words in the phrase. So that would be. IAATDI1D.

You can see bob123's post above for a great explanation of why it would be better just to use the whole phrase, rather than just using the first letter of each word. It doesn't make sense to remove so many extra bits of entropy when you have to remember them all anyway.

Still, even with all the advice in this thread about how to come up with good passwords, the best option remains to use an open source, encrypted, password manager such as KeePass which will generate truly random and very secure passwords.

[mu_enrico]

How about using hash for example: SHA256("not-too-complicated-password"). We could use SHA256 x times, then x also part of the password. Alternatively, we could use a full bible verse since we also only need to know the book name and number, for example, Mark 15:9.

[pooya87]

A general rule regarding password security is:
Length beats complexity.

when  you are writing a guide like this you should not think about how YOU can make a strong password, instead you should think about all the people who are going to use that method. in this case (using a sentence with actual words instead of using symbols,...) the example here may be strong but most people are not going to create strong passwords like that. next thing you know they are using passwords that while looking unique are easy to guess even without a dictionary attack. and that is the point of that extra complexity added to the passwords. humans are not capable of making truly random/complex passwords in general.

~would be a hassle to update my password db on a flash drive every time I change a password. ~

how about a deterministic password manager?
i don't really know if such thing exists but the basic idea of it is similar to BIP32. you have an entropy that you back up and then each time you need a new password, you derive that password from that entropy by incrementing your step.
it would be very easy to write an app for it too.

[GreatArkansas]

The best option is to use some sites like this site -----> https://passwordsgenerator.net/.

Still much safer to use offline password generator, like KeePass.

I never use any password generator, my brain is best generator and paper is for now keep all them safe.

There's still some pros and cons for storing our password online or offline. Yes, it's okay to use paper to keep them safe. Even in storing our private keys in different crypto-currencies wallets, they are suggesting it write in paper and never store it online.

Alternatively, we could use a full bible verse ......

Yes, you can also use this. It could help you to easily memorize the password, as long as you know the bible verse.