• Post Reply Bookmark Topic Watch Topic
  • New Topic
permaculture forums growies critters building homesteading energy monies kitchen purity ungarbage community wilderness fiber arts art permaculture artisans regional education skip experiences global resources cider press projects digital market permies.com pie forums private forums all forums
this forum made possible by our volunteer staff, including ...
master stewards:
  • Carla Burke
  • John F Dean
  • Timothy Norton
  • Nancy Reading
  • r ranson
  • Jay Angler
  • Pearl Sutton
stewards:
  • paul wheaton
  • Tereza Okava
  • Andrés Bernal
master gardeners:
  • Christopher Weeks
gardeners:
  • Jeremy VanGelder
  • M Ljin
  • Matt McSpadden

Creating a password

 
out to pasture
Posts: 12818
Location: Portugal
3828
goat dog duck forest garden books wofati bee solar rocket stoves greening the desert
  • Likes 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
 
Posts: 75
Location: USA
4
foraging books bee
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
LOL As if, "password already in use."

I recently shared with my friends a method that I developed, for making passwords. I like it, and it works for me. It might not be for everyone, but maybe the general idea could inspire you!

For example, I start with two simple words that I can relate to. I'm rather a hippie, so let's take Tree and Leaf. Then, I combine them! Treeleaf. Now, I can choose either first letter of either word to be capital. Usually one capital is enough. Let's use treeLeaf. At this point, I want to make it stronger, instead of ridiculously simple (dictionary words are just that.) So, I use the leet language!

Leet:
A = 4
E = 3
O = 0
I = 1

Sometimes, other letters get more numeric representations, but you get the idea. We only need a couple, or so. So:
treeLeaf -> tr33L34f

Password strength? Amazing! It's still logical, which makes it not impossible to crack (hackers), but it's better than most. Most people still use 1234, their name, a name of a relative or pet, or their birthdate in different formats. All of those are worse than this.

Enjoy.
 
steward and tree herder
Posts: 10940
Location: Isle of Skye, Scotland. Nearly 70 inches rain a year
5291
5
transportation dog forest garden foraging trees books food preservation woodworking wood heat rocket stoves ungarbage
  • Likes 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does anyone else have good ways of creating strong passwords? My work makes me choose a new password every three months for one system and about every month for the other system, what with banks and other accounts, I'm finding it easy to get confused!
 
gardener
Posts: 1606
Location: Proebstel, Washington, USDA Zone 6B
999
3
wheelbarrows and trailers kids trees earthworks woodworking
  • Likes 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best passwords are just a long string of words that you can remember. When a system requires numerals and special characters, I usually put in a "1!" at the end.
password_strength.png
xkcd's password strength recommendation
 
master steward
Posts: 7654
Location: southern Illinois, USA
2827
goat cat dog chicken composting toilet food preservation pig solar wood heat homestead composting
  • Likes 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Nancy,

Most families have a private language of select words and phrases that have meaning to members of the family but not to outsiders.  I look in that direction when I am seeking a password. For most private languages I have encounter, these are comprised of modifications of words or experiences.  To invent an example, maybe a kitten that hung around the kitchen was referred to as a Kittchin by your child in the first house you lived in after you were married.  Your young child, Debbie, had trouble pronouncing her name.


Dobbie’s1stworthingtonkittchin

You would easily remember that password.  It would not be guessed.  Of course, there is room for numerous modifications.
 
steward
Posts: 17548
Location: USDA Zone 8a
4494
dog hunting food preservation cooking bee greening the desert
  • Likes 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Nancy Reading wrote:Does anyone else have good ways of creating strong passwords? My work makes me choose a new password every three months for one system and about every month for the other system, what with banks and other accounts, I'm finding it easy to get confused!



I have a system. I feel it is not wise to tell my system.
 
pioneer
Posts: 255
51
cat trees urban
  • Likes 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeremy VanGelder wrote:The best passwords are just a long string of words that you can remember. When a system requires numerals and special characters, I usually put in a "1!" at the end.



Came here to say this: XKCD explains it well, thank you.
 
Nancy Reading
steward and tree herder
Posts: 10940
Location: Isle of Skye, Scotland. Nearly 70 inches rain a year
5291
5
transportation dog forest garden foraging trees books food preservation woodworking wood heat rocket stoves ungarbage
  • Likes 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My trouble isn't just creating one strong password and remembering it, it is having a good one, and then having to change it each month! At the moment I'm thinking I could do something with song lyrics - pick one or two songs, take a word off each and mix them together - adding !1, ?2, or whatever is a good idea thanks Jeremy!
So I could have Seargean Pepper and Strawberry fields forever:
"It was twenty years ago today Sergeant Pepper taught the boys to play"
and
"Let me take you down, 'cause I'm going to Strawberry Fields"
could become:
"ItwasLetme!1"
then
"Twentyyearstakeyou"2"
and so on

As long as I remember the song used, I can work out a new password and remember the last one. The only downside is that if someone knows your previous passwords, they could probably crack the system too. I guess if the password field characters are limited, you'd have to truncate the words, but that would be doable.
 
gardener
Posts: 2880
Location: Central Maine (Zone 5a)
1437
homeschooling kids trees chicken food preservation building woodworking homestead
  • Likes 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The goal with creating a good password is to force a hacker to do a brute force hack. They will start by guessing all the common passwords and variations and lists from hacked accounts. If none of those work, then they have to do a brute force hack where they start with 1 letter and keep adding until they figure it out. Like trying every single combination on a combination lock... they will get it eventually but it will take a long time. They start with a, then b, then c, etc. Then aa, ba, ca, da, etc. This is very tedious even with powerful computers. If you can create a password that is not on any lists, then they are forced to guess it 1 character at a time, which is called brute force hacking. And if you can get to that point, then length matters more than complexity.

From a brute force hack standpoint "3&RF08gj" is easier to crack than "D0g......." and yet the second is FAR easier to remember. There is a site that talks about this and also has a free password calculator. It calculates how long it would take to brute force hack a password. Keep in mind that if the password is a common one or is on a list somewhere, it will be found out much faster because they wouldn't be brute forcing it, they would be comparing it to a list. https://www.grc.com/haystack.htm

As for creating passwords, I usually suggest people look around the room and pick three unrelated things, put them together with a number, capital, and symbol. A puppy, a water bottle, and a glove becomes Something like "3PuppyBottleGlove!"

Something that I use every day is a password manager. I like Lastpass myself. These password managers are much more secure than what is built in to the browser. They allow you to come up with 1 really good password that you can remember, and that locks up a vault of all your other passwords. All those other passwords don't even have to be remember-able because the plugin can fill it in for you, or you can copy and paste the password. That was how they came up with their name, the last password you will ever have to remember. Most have a built in password generator, so you can great things that are 25 characters long very easily without having to remember them.
 
steward & manure connoisseur
Posts: 4517
Location: South of Capricorn
2493
dog rabbit urban cooking writing homestead ungarbage
  • Likes 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Nancy Reading wrote:Does anyone else have good ways of creating strong passwords? My work makes me choose a new password every three months for one system and about every month for the other system, what with banks and other accounts, I'm finding it easy to get confused!


I am in the same boat, and my solution is to "go nuts" with the kooky passwords and write it all down in a little notebook i keep in a drawer in my desk (call me old fashioned but i am not thrilled about password keeper companies that might close and leave me in the lurch, and the physical keyfob things here cost way too much money for me, also don't work with some things like my banking apps). It lets you be really creative with what you choose without worrying you won't be able to remember.
 
Posts: 4
Location: Maryland Piedmont, Zone 7
7
  • Likes 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think all of these will result in good passwords.
The US government used recommend a lot of complex password rules, but recently scrapped all of it in favor of a simpler recommendation (NIST SP800-63b):

Go long. At least 8 characters.
 
Anne Miller
steward
Posts: 17548
Location: USDA Zone 8a
4494
dog hunting food preservation cooking bee greening the desert
  • Likes 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I never thought of using a phrase.  I use simple words that mean something to me that no one else knows.  Usually a street, a flower or dog.

I also use numbers that have a meaning like a house address or telephone number.

My special character also have a special meaning.

I also use backwards and forwards...
 
Steward of piddlers
Posts: 6154
Location: Upstate NY, Zone 5, 43 inch Avg. Rainfall
2983
monies home care dog fungi trees chicken food preservation cooking building composting homestead
  • Likes 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My company has rolling password resets and it can get frustrating at times trying to remember a variety of different logins.

I TOTALLY wouldn't do it but I have heard of someone who just keeps adding an additional "*" character to their usual go-to password every time.
 
Matt McSpadden
gardener
Posts: 2880
Location: Central Maine (Zone 5a)
1437
homeschooling kids trees chicken food preservation building woodworking homestead
  • Likes 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Timothy Norton wrote:My company has rolling password resets and it can get frustrating at times trying to remember a variety of different logins.

I TOTALLY wouldn't do it but I have heard of someone who just keeps adding an additional "*" character to their usual go-to password every time.



Which is actually why NIST switched their recommendations. They found that the recommendation to reset the password every 60-90 days did not increase security at all, as it was plenty of time for an attacker to do whatever they wanted, and it actually reduced security, because people did just that. They would just add a 1, and the next time switch it to 2, and so on. That is where a password manager can really help. It allows you to change them when you have to, but make good ones each time without worrying about remembering it.
 
master steward
Posts: 13818
Location: Pacific Wet Coast
8148
duck books chicken cooking food preservation ungarbage
  • Likes 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have read both that: using a phrase makes for a safer password *and* that changing them less often improves security. However, in Nancy's case, she doesn't get to choose.

So consider thinking up a series of Q&A's that few people would know the answer to?

For me, one possible question would be: Where was your favorite place as a child? Here is a made up answer: I loved our cottage on Beaver Lake. The number of people still alive who would remember the real location of our cottage that was sold 50 years ago, is small and getting smaller. Thus, this sentence  would be hard to guess. Similarly, a sentence including the name of my stuffed toy that I remember garbaging 50 years ago, would be very hard to guess.

Similarly, a note book in my desk that had the questions written in them, with some innocuous title on the page like, "stories I'd like to write," would help you remember without writing down the actual password.

And in an effort to help out your future selves, name your pets something unusual and bizarre! Spot doesn't make the cut. Venus Fly Trap is better!
 
gardener
Posts: 565
Location: The North
292
cat purity gear tiny house books bike fiber arts bee solar woodworking ungarbage
  • Likes 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would strongly recommend a decent password manager and if you don't like having a company involved then keepass is a good option.

Personally I use bitwarden (it can be self hosted) and have used Lastpass (not really recommended as their history isn't great.).
 
Nancy Reading
steward and tree herder
Posts: 10940
Location: Isle of Skye, Scotland. Nearly 70 inches rain a year
5291
5
transportation dog forest garden foraging trees books food preservation woodworking wood heat rocket stoves ungarbage
  • Likes 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Matt McSpadden wrote:Which is actually why NIST switched their recommendations. They found that the recommendation to reset the password every 60-90 days did not increase security at all, as it was plenty of time for an attacker to do whatever they wanted, and it actually reduced security, because people did just that. They would just add a 1, and the next time switch it to 2, and so on.


It's too tempting to do something like that. I wish the Post Office would do something sensible like that too!

Thank you all for some great suggestions!
 
Zalman Kuperman
Posts: 4
Location: Maryland Piedmont, Zone 7
7
  • Likes 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Timothy Norton wrote:My company has rolling password resets and it can get frustrating at times trying to remember a variety of different logins.

I TOTALLY wouldn't do it but I have heard of someone who just keeps adding an additional "*" character to their usual go-to password every time.



My first employer had a rule that the password couldn't be any of the last 4 passwords, which ruled out adding the season to the end of my password. So I added the number of times I needed to change my password instead.
 
Posts: 44
Location: Denver CO
9
rabbit urban chicken
  • Likes 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So I really like having different passwords for every website. I don't like writing them down or trusting password apps to save them so I made up a formula that mixes my core password phrase and the url of whatever website I'm needing to log in to. For example permies.com has 7 characters (not counting the dot com) , and permies starts with a p and ends with an s. The 7, p, and s are mixed in to my standard phrase creating a password just for permies which I can figure out just by looking at the url. So
7andPorSmakesmypswd!

Google would be
6andGorEmakesmypswd!

This way when some site gets hacked, and it turns out they weren't storing passwords encrypted the password won't work on any other site, since they are all a little different. If someone was specifically targeting me they could figure out my pattern but that's really unlikely. Not quite as secure as other methods but I can login to an account I haven't used for years without stress.
 
Burra Maluca
out to pasture
Posts: 12818
Location: Portugal
3828
goat dog duck forest garden books wofati bee solar rocket stoves greening the desert
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Buster Parks wrote: permies.com has 7 characters (not counting the dot com) , and permies starts with a p and ends with an s. The 7, p, and s are mixed in to my standard phrase creating a password just for permies which I can figure out just by looking at the url. So 7andPorSmakesmypswd!



Oh dear. That reminds me of the time I saw a riddle that said something like

They say there is only one thing that all girls want. And that it starts with P and ends in S.



And then I ended up in a second-hand shop in town and found these two fellas and simply HAD to bring them home!
pxxxs.jpg
[Thumbnail for pxxxs.jpg]
 
Posts: 34
16
  • Likes 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On a related note.
333e908a43a347966b60e073999263c3.jpg
[Thumbnail for 333e908a43a347966b60e073999263c3.jpg]
 
I agree. Here's the link: http://stoves2.com
reply
    Bookmark Topic Watch Topic
  • New Topic