How to create UNHACKABLE password for Steemit

in #steemit8 years ago

SURPRISE? This is what most people use as their password.

Avoid names, places, and dictionary words.

Crackers use different dictionaries: English words, names, foreign words, phonetic patterns and so on for roots; two digits, dates, single symbols and so on for appendages. They run the dictionaries with various capitalizations and common substitutions: "$" for "s", "@" for "a", "1″ for "l" and so on. This guessing strategy quickly breaks about two-thirds of all passwords.

If you're curious whether your chosen password is secure or not, you can run it through an online password checker

The problem with random password is they're hard to remember, Here are four tricks you can use to remember your password.

Bruce Schneier's Method

Security expert Bruce Schneier put forth a password method back in 2008 that he still recommends today. It works like this: Take a sentence and turn it into a password.

The sentence can be anything personal and memorable for you. Take the words from the sentence, then abbreviate and combine them in unique ways to form a password. Here are four sample sentences that I put together.

WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!

PPupmoarT@O@tgs = Please pick up more Toasty O's at the grocery store.

1tubuupshhh…imj = I tuck button-up shirts into my jeans.

W?ow?imp::ohth3r = Where oh where is my pear? Oh, there.

The Electrum Method

Managing a Bitcoin wallet requires a high level of security and a huge reliance on safe passwords. Enter Electrum. The Electrum wallet offers a 12-word seed that lets you access all your Bitcoin addresses. The seed serves as a master password for your Bitcoins.

This type of password is also called a pass phrase, and it represents a somewhat new way of thinking about security. Instead of a difficult-to-remember string of characters, you can make a lengthy phrase instead. (Note: Bruce Schneier warns that password crackers now put together common dictionary words in their guesses, so if you try the pass phrase method, keep it as long as possible.)

How can you create a 12-word seed of your own? It's as simple as it sounds. Come up with 12 random words.

You can start with a phrase such as "Even in winter, the dogs party with brooms and neighbor Kit Kats." Just make sure it is not a simple phrase or a phrase taken from existing literature. You can grab 12 random words, too: "Pantry duck cotton ballcap tissue airplane snore oar Christmas puddle log charisma."

When placed into a password checker, the 12-word pass phrase above shows that it will take 238,378,158,171,207 quadragintillion years for a brute force attack to crack.

The PAO Method

Memorization techniques and mnemonic devices might help you remember an unbreakable password. At least, that's the theory put forth by Carnegie Mellon University computer scientists who suggest using the Person-Action-Object (PAO) method to create and store your unbreakable passwords.

PAO gained popularity in Joshua Foer's bestselling book Moonwalking with Einstein. The method goes like this:

Select an image of an interesting place (Mount Rushmore). Select a photo of a familiar or famous person (Beyonce). Imagine some random action along with a random object (Beyonce driving a Jello mold at Mount Rushmore).

The PAO method of memorization has cognitive advantages; our brains remember better with visual, shared cues and with outlandish, unusual scenarios. Once you create and memorize several PAO stories, you can use the stories to generate passwords.

For example, you can take the first three letters from "driving" and "Jello" to create "driJel." Do the same for three other stories, combine your made-up words together, and you'll have an 18-character password that'll appear completely random to others yet familiar to you.

Phonetic Muscle Memory

I've developed a bit of a fondness for a personal password system of mine that I've used to create some strange, unusual, random passwords over time. My method relies on a couple of helpful remembering devices: Phonetics and muscle memory. Here's how it works:

Go to a random password generator site.

Create 20 new passwords that are at least 10 characters in length and include numbers and capital letters (and punctuation if you're feeling brave).

Scan the passwords, looking for phonetic structure—basically try to find passwords that you can sound out in your head. For example: drEnaba5Et (doctor enaba 5 E.T.) or BragUtheV5 (brag you the V5).

Type out the phonetic passwords in a text file, taking note of how easy they are to type and how quickly you can type them. The easy-to-type passwords tend to get stuck in my muscle memory quicker.

Keep the phonetic, muscle-memory passwords. Toss the rest. Print out your text file with password keepers.
One at a time, change your passwords on your most-commonly-used websites. It'll take a time or two of typing in these new passwords before you have the new them fully memorized, but typing it in enough should cement it in your brain. I still remember passwords from years ago based on this method.

After creating your super-secure password, there is still one huge, all-important step remaining:

Never reuse the same password.

How do you manage to create unique passwords, never reuse a single one, and still log in with speed and efficiency (and without hitting the "forgot password" link)?

This is where the question of security versus usability really hits home for me. Fortunately, there are a number of different approaches you can take to solving this conundrum.

Sign Up for a Password Management Tool

Your best bet with password security is to sign up for a tool like LastPass or 1Password. These tools will store your passwords for you (and even provide random new passwords when needed). All you need to do is remember a single master password that grants you access to the stored data. Enter your master password once, and the password management tool does the rest.

Some of these password management tools integrate nicely within your browser or even on a mobile device. The encrypted data is stored safely (the tools are as safe as you can get online) and passwords are retrieved easily. In almost every instance, a password manager is the best way to go, and you might only notice inconveniences when you're logging in from a foreign device or a spot where you can't access the service (truly rare instances).

The biggest issue with password manager is they can be hacked like anything else (unless you keep that device offline all the time, which is impossible for most people). Therefore, it's VERY important to not use them to store passwords but rather HINT for a password that you use so you can easily remember them (when you forget).

Sort:  

Last Pass is good. I use it for everything.

As i mentioned on my blog. Be creative. https://www.coursehero.com/file/p7954d6/We-can-use-our-new-password-on-several-different-websites-by-adding-a-prefix-or/. if you fully understand the what and why the plagiarism is bad, you shoud think of yourself.

Excellent information. I just posted about a new free ebook from a friend of mine about memory techniques for passwords. Follow me for more about memory and check out the book as long as it's free: https://steemit.com/security/@flauwy/new-ebook-free-for-limited-time-the-hack-proof-password-system