Myleschetty (OP)
Member
Offline
Activity: 1191
Merit: 78
|
|
August 05, 2020, 09:36:48 PM |
|
I was doing some research about how to use strong password which can be easily remember and I find a site which was said to randomly generate strong password. My question is, should i trust the password generate from this site? Is it save from brute force? Note : I'm going to use with an offline computer I dont know if i posted this thread in the right section if not please let me know.
|
|
|
|
|
pooya87
Legendary
Offline
Activity: 3598
Merit: 10931
|
My question is, should i trust the password generate from this site?
no because you can not see the source code of this website so you don't know what it is doing in the background. i would only trust open source software for security sensitive matters and only run them on an airgap computer (not just offline). Is it save from brute force?
it depends on what length of password you choose and what you use it for. sometimes passwords aren't used as they are given, it could be fed into a KDF and a new password is derived with a salt and then used which would increase the difficulty of brute force by a lot. eg. BIP-38.
|
Bitcoin is the only decentralized money in existence.
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1694
Merit: 5167
Leading Crypto Sports Betting & Casino Platform
|
|
August 06, 2020, 05:32:29 AM |
|
To create a password yourself, it will be good to create it randomly using your phone or computer, I do this by typing randomly capital and small letters and other characters on my keyboard. For example: Aghdh#+&:$?!%-%;%+472#!'AG&eu2766vgdgxttdbd2765;"&$-$;+%6&@3$((+++?$;":$;#-$"&&$&$;ADo not use this, just an exampleThat characters above is generated randomly by me just typing on different characters on my keyborad, which i believe no one can brute force it, it is safe because I generated it offline. Strong passwords can not be saved off hand, having the backup on paper in a safe place is better. You can try another recommended way below, it will be better to use offline random password generator as online online one are not safe at all. Check the topic below, it can guide you to how to create a very strong password, the longer the password the lesson likely for it to be brute forced. https://bitcointalk.org/index.php?topic=5132378.0For every website that we are using especially those required a password, mostly are our email, crypto exchanges, forum accounts, social media accounts, etc. are requiring to make our password strong and secure. Did you follow them? or did you create a password that is too short? Common passwords? Well, that is bad practice. By using a strong password, it will help our accounts more secure against hacker over the internet. We need to know first some example passwords that aren't advisable or very common one.A. All of these passwords are very common and you should not use it!B. Never use passwords that include your personal information such as: - Name
- Date of birth
- Place of birth
- Your address
Reason because why you should not ever include some of your personal information on your password because it will be an advantage on the hacker if he/she know some of your personal info, he/she can easily guess your password by using them. C. Never use common Substitutions: Examples: - D0gH0us3
- W33kdays
- IL0v3D0gs
Using of these kinds of password is really obvious, like D0gs , you just replaced the o with a 0. It can easy to brute force attack, just by replacing some common characters with some numbers or letters. Creating your strong passwordsSince we already know what kinds of password that shouldn't be used, we can now proceed now on creating a strong and secure password. - Make sure your password is long,
mix of capital/small A-Z alphabets, 0-9 numbers, special characters such as &^$# Like S5#A$B1dpqzM^UMk , but this is very hard to memorize. How to memorize these kinds of password? :
- The sentence method:
This idea of this method is you will create a password from a random sentence or any sentence created by you. Example: You will take every first 2 characters on each word from the sentence "I Was Born At 2:35pm In The Country Of Germany" Result: IWaBoAt2:InThCoOfGe
- Using Passphrase
Passphrase is consist of multiple words, the randomness of every word for creating a passphrase makes it strong. Example: "Dog in the dark" - Word make sense and it is grammatically ordered. "hulk touch adjourn omega" - Don't make sense phrase, not in grammatically order. You can use this password by capitalized every second character of every word, adding a special character between the words. Like hUlk&tOuch$aDjourn@oMega - You can use the Sentence Method here, for example, taking every first two characters of every word, capitalized every 2nd character of the word and adding random special characters. "hUlk tOuch aDjourn oMega". Result : hU#tO!aD*oM$
- Using random password generator,
Also, wouldn't feel comfortable using an online tool like Avast to generate passwords. Much more comfortable using an offline tool to generate passwords like a password manager eg. https://keepass.info/ With KeyPass, you can generate strong passwords in 2 simple steps. Step 1: Select dropdown box Step 2: Select the strength required of your password Note: You can also customize what characters are allowed / disallowed in your passwords when they are generated which is handy. Lastly, using password managers also solves the problem you mentioned of passwords being "hard to memorize". REMOVED the Avast Random Password Generator, since I found that the offline and open-sourced one is much safer.
- Password Manager
Using a password manager will help us to ogranize our different password on different website. I will suggest to use https://keepass.info/, this is open-source project and free.
Steps on how to use KeePass password manager: 1st, Download and install the KeePass, you can use the portable version or the installer. 2nd, Once the installation is done, you will be asked for the master password and the location path for the KeePass KDBX File (.kdbx) where you can use that as your backup. 3rd, Fill up the fields.
You can just easily copy/paste your password in different entry you made, by just double-clicking it on password field. Password will paste on your clipboard and will automatically delete after 12 seconds. *Make sure you save your database of KeePass safe and remember your master password on the database* Thanks whotookmycrypto and OmegaStarScream for this.
Android Version: KeePassDroid I just found an android version for password manager/password generator which is also open-source and you can use it offline. The good thing here you can import your database file from your KeePass in windows. They are almost the same.
Read/write support for .kdb and KeePass 1.x. Read/write support for .kdbx and KeePass 2.x.
TIPS- Do not share your passwords to anyone.
Be careful who you trust, never share your password.
- Use a different password for every account you have.
Just like on different crypto exchanges, don't use only one password for every exchange you have.
- Always create long passwords.
The most recommends password contains a minimum of 8 characters or 12 characters
- Never upload your passwords to the cloud.
Avoid storing your passwords online, like storing it on some file hosting services.
- Always use two-factor authentication(2FA) or multi-factor authentication (MFA).
This will help your account more secure, since before you can log-in on a particular website.
- Be careful on Phishing websites.
Even how strong your password is, once you fall in phishing website, it's useless.
Some discussion here Creating strong password.. You got any ideas creating our password strong and secured or any tips? feel free to add by posting it below Filipino Version: Gabay sa Paggawa ng Malupit at Ligtas na Password
Sources: How to create a strong passwordHow to Create a Strong Password (and Remember It)How to Create a Secure Password[must read]Tips on creating a secure password[important]
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Paperweight
Jr. Member
Offline
Activity: 41
Merit: 41
|
|
August 06, 2020, 08:04:17 AM |
|
Don't use a password generator website. Thousands of Bitcoins have been stolen this way. Even if you use if offline, it is HIGHLY LIKELY to give you intentionally or unintentionally predictable output. Don't use a super-strong random password without a physically secured, but weakish-password, backup wallet. Thousands of Bitcoins have been lost this way. You are HIGHLY LIKELY to forget any password that's strong enough to not be brute-forced. DO focus on the basics of "security" = "something you have" + "something you know". Assume that, tonight, Russian hackers will whack you on the head, give you password amnesia, steal your airgapped computer, start grinding it with a supercomputer, and burn your house down with everything in it to hide the evidence.
|
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1694
Merit: 5167
Leading Crypto Sports Betting & Casino Platform
|
|
August 06, 2020, 09:21:48 AM |
|
Don't use a password generator website. Thousands of Bitcoins have been stolen this way. Even if you use if offline, it is HIGHLY LIKELY to give you intentionally or unintentionally predictable output.
If the random password generator is offline, there is nothing bad to use it, but I consider it stressful than to randomly input different characters on my keyboard, but that does not mean it is not safe, nothing connected it online, but use the recommended ones. If connected online, then it is not advisable because we do not know what is running underground to steal the password online in the process of creating it.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18718
|
|
August 06, 2020, 01:03:12 PM |
|
If the random password generator is offline, there is nothing bad to use it
This is not accurate. It is only completely safe to use an offline password generator if it is open source, you have reviewed the code yourself, and you have compiled it yourself. A malicious password generator could give you one of a number of pre-generated paawords, which an attacker also has stored on their own device, giving them a very short list to brute force from.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
August 06, 2020, 01:32:55 PM |
|
You should never ever use a website (doesn't matter whether online of offline) to create a password for you. You got a few options to securely generate a password: - Use some pseudorandom characters you type yourself, or
- use a trusted and open source password manager, or
- use your OS's random number generator (easier with linux /dev/random than with windows)
And as i have mentioned in this post, length beats complexity. Rather choose a password which is a few chars longer, than a shorter one with a larger set of chars.
|
|
|
|
optimisticcm
Member
Offline
Activity: 210
Merit: 10
Sovryn - Brings DeFi to Bitcoin
|
|
August 06, 2020, 05:49:53 PM |
|
I was doing some research about how to use strong password which can be easily remember and I find a site which was said to randomly generate strong password. My question is, should i trust the password generate from this site? Is it save from brute force? Note : I'm going to use with an offline computer I dont know if i posted this thread in the right section if not please let me know. I donot trust or use any third party password generator or storing apps or softwares. Even if i need to do so i do it with my google account because it syncs automatically giving me access from anywhere and anytime.
|
|
|
|
daneal stev
|
|
August 06, 2020, 08:43:28 PM |
|
Yes my friend you can trust these sites as they only create a password but their words are awkward and difficult to remember so it is better to create a password based on yourself where you can put a password be. Its content is a sentence you know well or a difficult number but easy to remember
|
|
|
|
Myleschetty (OP)
Member
Offline
Activity: 1191
Merit: 78
|
|
August 06, 2020, 11:02:10 PM |
|
My question is, should i trust the password generate from this site?
no because you can not see the source code of this website so you don't know what it is doing in the background. i would only trust open source software for security sensitive matters and only run them on an airgap computer (not just offline). Just need to know that cause the site SSL seems ok. How can I run computer on an airgap?
|
|
|
|
IntuitiveCoins
Newbie
Offline
Activity: 82
Merit: 0
|
|
August 06, 2020, 11:19:55 PM |
|
I would get an offline password generator. Even so, is it really that hard to generate a good password by yourself? Just post a bunch of letters and numbers, so long as it's long enough you should be fine.
For example: 239hwo32#87rioe3krrpefqap
Or use a trusted open source password manager.
|
|
|
|
Mpamaegbu
Legendary
Offline
Activity: 2842
Merit: 1226
Once a man, twice a child!
|
|
August 07, 2020, 05:08:16 AM |
|
You should never ever use a website (doesn't matter whether online of offline) to create a password for you.
This, honestly, ranks as the best advice on this issue for me. Sometimes I wonder if it's lethargy or indifference that makes those who use it do it. I believe it exposes the user to a level of vulnerability. You got a few options to securely generate a password: - Use some pseudorandom characters you type yourself
Yes, just make it as long as you want to provided you're also going to copy it out on paper. Well, I think every password on any site should be copied out. Don't trust your brain to always remember. 🤔[/list]
|
Before you boast of your material acquisition, take a stroll to a morgue and there you will find those who were once better than you're. Only fools think they've it all. Stay humble 🤔
[/color]
|
|
|
boyptc
|
|
August 07, 2020, 06:52:23 AM |
|
Yes my friend you can trust these sites as they only create a password but their words are awkward and difficult to remember so it is better to create a password based on yourself where you can put a password be. Its content is a sentence you know well or a difficult number but easy to remember
I wouldn't. If you rely on bob's reply, you'll understand why you shouldn't. Create a password that you only know and unique just like those generators do but it's not published there.
|
|
|
|
Naida_BR
Member
Offline
Activity: 980
Merit: 62
|
|
August 07, 2020, 10:24:46 AM |
|
I was doing some research about how to use strong password which can be easily remember and I find a site which was said to randomly generate strong password. My question is, should i trust the password generate from this site? Is it save from brute force? Note : I'm going to use with an offline computer I dont know if i posted this thread in the right section if not please let me know. I would never trust a website like this one. You don't know what is going on on the background and on top of that Passwords are very sensitive data - even if you insert a password by yourself you can see that hackers try to hack it - imagine what will happen with a password generated from a random site.
|
|
|
|
articlecity
Member
Offline
Activity: 196
Merit: 11
https://blockmembers.io/
|
|
August 07, 2020, 11:43:18 AM |
|
Do not use such services rather you should create your own passwords and keep a diary with all your passwords or store online in your email. This works well for me to be honest.
|
|
|
|
PurpleFrog
Jr. Member
Offline
Activity: 39
Merit: 1
|
|
August 07, 2020, 01:48:55 PM |
|
If you need password for website accounts I can recommend you LastPass. It's browser extension (available for Chrome, Firefox and Opera) that can generate and store your passwords. I've been using it for years and never had a problem.
|
|
|
|
jrrsparkles
Sr. Member
Offline
Activity: 2506
Merit: 278
Hire Bitcointalk Camp. Manager @ r7promotions.com
|
|
August 07, 2020, 04:56:28 PM |
|
If you need password for website accounts I can recommend you LastPass. It's browser extension (available for Chrome, Firefox and Opera) that can generate and store your passwords. I've been using it for years and never had a problem.
Stores your password? Then I would never recommend it because we never know what is actually going behind maybe they keep log of your every passwords and can sell it on the darknet. Extensions are one of the main reason for people gets hacked so don't trust them anyways.
|
|
|
|
Paperweight
Jr. Member
Offline
Activity: 41
Merit: 41
|
|
August 07, 2020, 07:21:44 PM |
|
Guys, guys! If you need to generate random passwords just use your operating system's built-in tools. From the Mac or Linux terminal: LC_ALL=C tr -cd \!-~ < /dev/urandom | head -c 42 From Windows Powershell: [Reflection.Assembly]::LoadWithPartialName("System.Web") [System.Web.Security.Membership]::GeneratePassword(42, 0)
And if you INSIST on doing it from a web browser, just copy-paste this into a text file and rename it random.html, but keep in mind your "Free VPN" or whatever browser extensions are probably sending all your passwords to China anyway. <script> var bytes = new Uint8Array(420); window.crypto.getRandomValues(bytes); // supposed to be cryptographically secure document.write( [...bytes] .filter(x => 33 <= x && x <= 126) // filter out non-ascii character codes .map(x => String.fromCharCode(x)) // map character codes to characters .join('') // join characters into string ); </script>
|
|
|
|
OgNasty
Donator
Legendary
Offline
Activity: 4886
Merit: 4699
Leading Crypto Sports Betting & Casino Platform
|
|
August 07, 2020, 07:41:25 PM |
|
Imagine thinking that having a 3rd party generate and store your passwords is a good idea...
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|