Comments for What's a good password?

tag:ask-leo.com,2011://3/tag:ask-leo.com,2006://3.2799- 2011-12-04T09:02:44Z Comments for What's a good password? Movable Type 4.32-en tag:ask-leo.com,2006://3.2799-comment:62190

Comment from Arobinb on 2011-12-04 Arobinb http://unspecified How do you prevent total loss when your password solution goes belly up.
It seems to me that you really need triple redundancy for that sort of solution. Also if a I do you access data from multiple locations either on an internal network our "the cloud" it needs to be cloud based and is only a good a your network connection.
By the way thanks for a great newsletter. I have been working with networks and computers for 25 years and you are still teaching me new stuff.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2011.

2011-12-04T08:55:11Z

tag:ask-leo.com,2006://3.2799-comment:57694

Comment from Vaidya on 2011-06-21 Vaidya I was using Keepass, until the file got corrupted and I landed in a problem. I will be glad to know how to take back of these facilities, and also move from one computer to another. Thanks.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2011.

2011-06-22T05:23:24Z

tag:ask-leo.com,2006://3.2799-comment:57476

Comment from John w on 2011-06-14 John w If you allow google chrome to remember a password, how secure is that?

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2011.

2011-06-14T16:24:30Z

tag:ask-leo.com,2006://3.2799-comment:55544

Comment from Art1745 on 2011-03-29 Art1745 http://unspecified Most advice I've read suggests not using family and pet names and details. I use presidential initials, a significant year in their term and something specific to the website. For AskLeo it might be HST1948Ask. Password Evaluator says it is Medium and gave it a score of 32 out of 50.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2011.

2011-03-29T17:33:48Z

tag:ask-leo.com,2006://3.2799-comment:53225

Comment from SelfHelp on 2010-12-28 SelfHelp First, I believe if you use Linux and Thunderbird you are much safer. There is a Linux system, Linux Mint 9, that is very easy to install and very user friendly. If you ever make the change you will never go back.
Second, I have not tried this but I just thought of it and it sounds good. Type a very long, very complex line of characters on a sticky note somewhere on your computer. Keep this for future passwords. Then, to set up a password, highlight and copy the desired number of characters from that string. Example, *sFl$B{9o0xY. You would make it much longer. Then copy from that, I$B{ for example and paste it as your password. (For some reason I was unable to copy that and had to type it in.)
When you want to use the password just remember to copy the 4 through the 7th character. Of course, actually make it longer than that. When time to change the password just copy characters 16 through 25 and use that for the new password. As long as that password is in use you can always copy characters 16 through 25 and insert them as password.
I have not tried this. It is just a sudden idea.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-12-28T17:00:24Z

tag:ask-leo.com,2006://3.2799-comment:51390

Comment from Shane Phillips on 2010-10-20 Shane Phillips i use lastpass and u can also go to system preferences,accounts,click on the admin account,click change password,then click on key icon and it will generate a random password. Then u just copy and then paste it into the what ever u are using the password for

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-10-21T02:33:44Z

tag:ask-leo.com,2006://3.2799-comment:51072

Comment from Maro on 2010-10-09 Maro http://unspecified A good password SHOULD HAVE Special characters and mix of upper and lower cases and numbers and can be remembered by te user. Example A@N#a7HhO0hnn 13 characters for a router. It has numeric o and Upper Case of the letter O and ANA with special characters in between

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-10-10T00:40:17Z

tag:ask-leo.com,2006://3.2799-comment:49976

Comment from Michael in UK on 2010-09-01 Michael in UK http://unspecified Terrific article Leo, but I think the comments from robert price and Rocco are also good and reflect my own practice. I create complex passwords, typically 10 to 12 characters, using elements from my personal life that I can then reflect in a password reminder. I use a standard format for each password - even though the actual characters are different each time - and the result is that for each password I can create a reminder which means something to me but nothing to anybody else. I defy you to guess the password which is represented by this reminder: "Gotcha!27(browneyes)"
Believe it or not that reminder does mean something very definite to me, but I bet you'll never guess what the password is, however good a guesser you (or your computers) are. One reason you'll never guess it is I am not on Facebook, and never will be. I doubt whether any avid Facebook user can use this method - too much is known about them by all and sundry (particularly the sundry).

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-09-01T20:34:49Z

tag:ask-leo.com,2006://3.2799-comment:46612

Comment from Rocco on 2010-05-13 Rocco http://unspecified One good way of coming up with a more secure password is to think of a unique phrase you use all the time, and add an address or birth year number on the end of it. For example, one of your favorite phrases is "Life is a bowl of cherries". Take the first letter of each word and you get, "Liaboc". Add a birth year and attach a special character like "!" and you get "Liaboc1963!" for a strong password you can remember.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-05-13T17:34:15Z

tag:ask-leo.com,2006://3.2799-comment:45485

Comment from Charles Myers on 2010-04-13 Charles Myers Using letters and numbers gives 36 choices to use in passwords. Hold the shift key and that gives 36 more. Does holding either the control key, the alt key, or the windows key give even more choices? My question involves the holding of the alt key and pressing numbers, such as 2,4 and 8 which prints the degree symbol or alt plus 1,7,1 which gives the � symbol. Would that be one symbol, 3 symbols or wasted effort? Thank you

It depends almost entirely on where you're using that password. Most will not accept special characters, others might. You'll need to check. My recommendation, though, is that a longer password of random characters in the A-Z, a-z, 0-9 set, perhaps with a few !@#$% included is all you really need.

Leo

17-Apr-2010

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-04-13T17:22:05Z

tag:ask-leo.com,2006://3.2799-comment:42518

Comment from Grang on 2010-01-22 Grang http://unspecified More about safety and passwords http://www.goodpassword.info/

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-01-22T22:34:04Z

tag:ask-leo.com,2006://3.2799-comment:42143

Comment from robert price on 2010-01-13 robert price The problem with complex passwords is our ability to remember them ourselves! My method:

my street address in SF was 767
My name is bob

So, alternating first initials and upper/lower case

MnIb

interjecting my street address of 767

becomes

M7n6I7b

then I repeat it

M7n6I7bM7n6I7b

I only do this for critical things like banking,investments, credit cards, etc., anything that relates to my finances. But the hint is simple:
"bobSFx2"

Even if I'm on the road, I can log on and check the hint. That hint will produce my p/w.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2010.

2010-01-14T03:04:43Z

tag:ask-leo.com,2006://3.2799-comment:38585

Comment from Glenn P. on 2009-10-03 Glenn P. http://unspecified For the absolute ultimate "Last Word" in passwords, read the book "Perfect Passwords" by Mark Burnett. You can snag it on Amazon for under twenty smackers, plus S&H, at:

http://www.amazon.com/gp/product/1597490415

Bottom line: The "Perfect" password will contain all of the following six elements: (1) Randomness in character selection, (2) Length (more than 16 characters), (3) Lowercase letters, (4) Uppercase letters, (5) Numbers, and (6) Punctuation or symbols.

Bottom line: The more of each of these elements you can add to your password, the more secure that password will be!

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2009.

2009-10-03T08:38:51Z

tag:ask-leo.com,2006://3.2799-comment:37533

Comment from Martin on 2009-08-31 Martin In a nutshell a good password is one that is composed of alphanumeric characters. Let me touch on the spot many havent touched; Virues, easy and straight forward passwords are very vulnerable to virues. Make your system secure with a password thats not easy to crack, a combination of alphabet and numeric characters, thats a good password.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2009.

2009-08-31T08:09:11Z

tag:ask-leo.com,2006://3.2799-comment:36300

Comment from John Locke on 2009-07-23 John Locke You can also just use words that don't exist, at least that's what I do.

For example table and chair are normal English words, but Vorlesmit and Garkolnat aren't and then you combine such words and add numbers and special characters to em and upper/lowercase them and you have a password that can't be found in any dictionary; "Vorles@Gark.159!"

no, that's not my password, it's just an example :) (or is it?)

Great technique, but it leaves me wondering if you just managed to post foreign-language profanity on my site. Smile

Smile

- Leo
23-Jul-2009

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2009.

2009-07-23T07:48:05Z

tag:ask-leo.com,2006://3.2799-comment:26293

Comment from Will Bontrager on 2009-03-28 Will Bontrager Great post.

One more viable method of remembering a not-easily guessed password: Use the first or second or last letter of each word in an easily remembered sentence.

Example: "My dog (Spot) is 3 years old!" can be remembered and yields "Md(i3yo" or "yoSs3el" or "yg)s3s!".

Will

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2009.

2009-03-28T16:41:18Z

tag:ask-leo.com,2006://3.2799-comment:26292

Comment from JACK on 2008-06-26 JACK I take my password (say buddy) then encrypt it with a simple cypher. use alphabet go to first letter put b then add say 3 letters and use that letter in password which would be the letter 'e'and so on. be creative. Read Dale Brown "Digital Fortress"

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

2008-06-27T03:49:56Z

tag:ask-leo.com,2006://3.2799-comment:26291

Comment from Julian Adams on 2008-06-24 Julian Adams While "georgeinparis" might be a "bad" password, how long do you think it would take ANYONE to guess a password such as "george423crackers"? A long time, I hope, because I use such passwords.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

2008-06-24T17:15:03Z

tag:ask-leo.com,2006://3.2799-comment:26290

Comment from peter on 2008-06-22 peter but to be honest leo , for developers and programmers especially it's too hard to remember hard guess password every time you register an account in important site or make an account on a script installed on your server etc... , so my advice to wrote your passwords on a paper away from the computer and make this paper save , this is the only solution i see it very safely. " because systems and technologies could hacked or stole , but surely our memories and our mind can't"

thank you leo
http://www.fosdir.com

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2008.

2008-06-23T03:48:48Z

tag:ask-leo.com,2006://3.2799-comment:26289

Comment from Richard on 2007-06-04 Richard The best method I know of to create a password is at http://www.diceware.com
If one is so inclined, it goes over the full mathematics of why it is a secure method of picking a passPHRASE. Just roll some dice, look up the words corresponding with the dice, and there's your password. You end up with a long password, that is truly random, but unlike any other method recommended for passwords, is easier to remember. Combine this with a password keeper like KeePass and you can have all the secure passwords you want.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2007.

2007-06-04T23:41:30Z

tag:ask-leo.com,2006://3.2799-comment:26288

Comment from Leo Notenboom on 2006-10-10 Leo Notenboom Yes, each product key is unique, though the same key may be used in a site license purchase, (and of course, pirated copies). But normal run of the mill purchases should each have a unique key.

fwiw, if my math is right, I believe a 25 character product key with letters and digits has 25^36 possible combinations (approx 2 followed by 50 zeros). While I'm sure not all combinations are used, that's more than enough to cover a measily 5,000,000 :-).

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2006.

2006-10-10T23:36:19Z

tag:ask-leo.com,2006://3.2799-comment:26287

Comment from Martin Vanderkaa on 2006-10-10 Martin Vanderkaa Hello Leo:

First of all Leo, I would like you to know how very much I do appreciate your website. Great and most valuable work, my good man!

I would like to tell you what I have done regarding secure passwords. Often when you buy a program on CD, there is a CD-key (product key) which you must type in before the program will install itself. Usually these keys are HUGE! For example, a Windows Xp product key has no less than 28 characters (dashes included)! I use a CD-key from one of my old programs as password. I made a macro (encrypted) of that key, and it recides patiently in my computer, and I can call it up whenever and wherever I need it. Just a click and there it is! Hence my passwords are all the same.

And if something really bad happens to my beloved puter? There�s always that CD in my box of goodies with my �password�. No need to remember a single thing.

In closing a tiny question: If a company for example sells 5 million copies of a certain program, are all product keys the same or different? Just to be on the safe side, I chose my password from a very, very old program nobody uses anymore, hence that ancient CD has become my �password CD�!

If you wish, please feel free to use this info on your website.

Martin Vanderkaa

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2006.

2006-10-10T23:27:06Z

tag:ask-leo.com,2006://3.2799-comment:26286

Comment from Simon on 2006-10-07 Simon If you want to be *really* secure (if you're storing bank access passwords or something), don't just use Truecrypt on your normal Windows computer (and certainly not on a public computer). Put the Linux version of it on a CD or floppy, get hold of a LiveCD Linux distro (such as Ubunutu), and run Trucrypt from there. The purpose of this is to defeat software keyloggers, spyware, invisible PC-anywhere type software, etc. that someone may have installed.

Also, if you suspect someone could have installed a hardware keylogger on your computer (either by replacing your keyboard with an identical one with a keylogger built on, or by putting a small dongle on the end of your keyboard cable -- yes, it does happen) enter your password with the virtual "on-screen" keyboard using the mouse (most OS's have these to help people who have trouble using a normal keyboard).

And of course, if you're doing this at work rather than home, be aware of the positions of any security cameras or people wandering too close behind. Ideally only do this in a room only you have access to.

Remember, you can never be too secure. You can, however, be too paranoid; for which I reccommend a reputable therapist. Hint: any therapist who asks you to disclose your passwords as part of the healing process is automotically not reputable.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2006.

2006-10-07T17:32:39Z

tag:ask-leo.com,2006://3.2799-comment:26285

Comment from mroonie on 2006-10-02 mroonie http://unspecified If you want to read more about passwords, here's a a blogs that leads to some great articles about passwords and password myths:
http://www.techknowbizzle.com/2006/09/password-myths.html

But back to the discussion, so, what methods can be used instead of passwords? In Korea they're starting to use fingerprints as a form of identification. So intsead of using a password to log in or unlock your computer, you have a built in "digital inkpad" that you press your finger against to gain access to your comp. I don't know how realistic or how soon such a form of security will be implemented in America but it seems like right now the best idea for protection is to use a form of encryption in addition to your password, such as protecting your database of passwords, using applications like Roboform, or accessing secure sites that use encryption for protection. You should also want to also look into encrypting anything else that you might not want others to gain access to, beyond just your database full of passwords. Such as any scans, bank statements, health information, or email that should be protected.
http://seattletimes.nwsource.com/html/personaltechnology/2003209737_ptinbo19.html

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2006.

2006-10-02T22:11:34Z

tag:ask-leo.com,2006://3.2799-comment:26284

Comment from Mike Devlin on 2006-10-01 Mike Devlin http://unspecified One trick I learned from a website is to use the abbreviation for a sentence you can remember. For example: three blind mice, see how they run..
Password: tbmshtr

That's not a bad password, but now we can change "Three" to 3 and add punctuation: 3 Blind Mice (see how they run)
Password: 3BM(shtr)

And that is a pretty secure password. It's easy for you to remember and it's not based on an English word. Moreover, it has the added benefit that if someone happened to see it written out, they're less likely to remember it because it's gibirish. HaX0r 3ng1i$h w0rd$ don't have that benefit.

Also, if I'm about to choose the password for something I care about, I run it through a password strength checker. The best one I've found is at this site: http://www.certainkey.com/demos/password/ (if that gets nixed by the spam filter, google "Certainkey password checker" and it's the first result). Not only is it the strictist checker I've found (no english words allowed), but it gives an estimate of how long a determined hacker would need to crack it. The password above would take aprox. 67,000 days to crack.

]]>

A comment on: What's a good password?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

All content Copyright © 2006.

2006-10-01T22:24:37Z