Skip to Content
7-28-2010 @ 1:10PM
LAME. Never, ever make a password any variant of "password", even if you go with the cutesy 'leet-speak versions. You want passwords that won't get guessed? Try something like cruqE3u#Ere5ed@ -- which I generated using an online generator I found with a simple google search. And yes, you should write it down using an archaic device known as a "pen" on some "paper". Keep it somewhere safe, and never put it online.
7-28-2010 @ 1:32PM
I'm pretty sure that is why the author said not to use that password. He used Pa5ssw0rd as an example only. I prefer to use something like $up3rc@l1fr@g1l1$t1c3p@1d0c1u$. That is pretty secure.Although a computer forensics class I took said a long password with out special charachters is in fact as secure or more secure than an wonky password. The instructor stated the password "dogfrogdogfrogdogfrog" would take months to bruteforce, and anybody could remember that.
7-28-2010 @ 1:33PM
Even using any sort of password generator is not good practice.Password generators use the same algorithm every time a password is generated thus someone who could use the same application can find out how the passwords are generated and determine what your password is. Yes it is hard to guess your password but the hacker is already a step closer.
7-28-2010 @ 1:49PM
Or use a passphrase instead of a password. Properly constructed they're difficult to crack, and you don't need to run the added security risk of writing them down.
7-28-2010 @ 1:54PM
See i just use something like Yeathatswhatyourmomsaid
7-28-2010 @ 2:00PM
@Glaras If only people were as smart as you. The fact you got it from an ONLINE generator means it is already online. Before you go and call someone lame you might want to think about your own response.
7-28-2010 @ 2:11PM
"The instructor stated the password "dogfrogdogfrogdogfrog" would take months to bruteforce, and anybody could remember that."Son of a...now I have to change my password from dogfrogdogfrogdogfrog...Thanks a lot, jerk.
7-28-2010 @ 4:03PM
@Duulket: The generator is online. The password's not saved there.Passphrases are indeed better.I never called anyone "lame". It's the idea of using a variant of "password" that's lame, and I stand by that statement.
7-29-2010 @ 7:55AM
Glaras, stop digging.
7-29-2010 @ 10:27AM
"Even using any sort of password generator is not good practice.Password generators use the same algorithm every time a password is generated thus someone who could use the same application can find out how the passwords are generated and determine what your password is."To some extent.What you want is something called a "cryptographically secure" password generator, or a truly random number source that relies on non-algorithmic information (random.org uses physical sources of randomness).A "cryptographically secure" PRNG is far higher quality than most other types of PRNGs, and since they are using cryptographic technologies, it is far more difficult for a hacker to discover what the initial state of the generator was in order to reproduce the same random numbers as you did.The key to any PRNG is to make sure the "seed" (initial state) of the generator is not easily found. One of the weaknesses of many PRNGs is how the initial state is determined.In any case, this can be a bit complex to talk about - but suffice to say, using some random program or website to generate passwords for you is probably not the best way to do it.I haven't done any serious research on which RNGs and PRNGs are best, but I know of two sources that produce very good results:-random.org should work, as they are in the true RNG business. They use physical sources of randomness.-KeePass has a strong PRNG: They use several sources of randomness and hashes them with a cryptographic hash and a counter, which should provide a source of randomness that is very difficult to reverse.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.