How to Choose a Password - Computerphile

I just changed one of my passwords today

A password easy to remember is easy to crack. Use a very random one of 12 or more characters. Dont write your username near it on where you write it down. Tape it to the back or bottom of a nearby article. Hide one copy in your wallet for yourself. Passwords can be changed even if you forget the present on. Follow forgot password link.

Google Password Manager will create a very secure password and save it...but many times for me when I logout, reset, try to log back in and cannot, so now I create my own. Works every time.
YMMV

for some reason, i used the barcode from a membership card when i was a kid at school as one of my first ever passwords, and it still sticks in my head to this day
DD220-0000-82211

All my passwords are PASSWORD, but I spell it backwards.

My password everywhere is "X". I'm so boring that no one wants to pretend to be me.

My favorite PW is:..."CPE1704TKS"...but I often use..."NoMoreSecrets"....=))

My Passwords are 300 characters long

Choose a (not favorite song) and use the lines but write them backwards. Maybe even a foreign rhyme.

How many passwords would your grandmother remember after she's been remembering them since computers have been on sale? Thirty years? how many passwords is that now, some people are stuck with fifty every year. Then you're told to change them every six months.

It's one the be really smart about passwords now at the age of thirty, but wait til your seventy and you've rememberd hundreds or thousands of the damned things. See how clever you are when your memory is fading away.

Forty years ago no one had a bloody password and in fifty years you're going to need one to wipe your arse.

"correct horse battery staple" take it or leave it!

I think we should be following the latest NIST standards for passwords.

I need to make a password for Skype...

Pick a random letter. Then starting at that letter, press every key up to the number, then move to the right and press every key down. Back the the first row and up to the starting point. Then hold shift and do it again. For example. de34rfvcDE#$RFVC

What is the thing with symbols? Is the length, so it should not whether it is letters, numbers, symbols?

After the first time I finished this video, I resorted making my passwords with pseudorandom number generator. All I need to remember now is what seed number I used to get the password for that particular account/app.

I believe that writing down your passwords (long and random) and keeping them somewhere safe like where you keep you passport and other documents is the safest way to keep things secure.

Meanwhile some one using pizza123 for their bank account

I love that people think making a password different is just putting the name of the site on the same password they use everywhere.

What about running am attack from the bottom of the list?

For anyone using BASH on linux, this script may help for password creation:

#! /bin/bash

for n in {1..3}
do
echo $(($RANDOM*56329/123985))
head -n $(($RANDOM*56329/123985)) /usr/share/dict/words | tail -n 1
done

I just ran it and got “hafnium’s broken gatepost”

funny you mention a password manager - fast foward to now and not too long ago Last Pass was hacked and passwords they were storing stolen.

🎁👑🧢

🥲

I have created a rule to create passwords, so I don't have a problem of remembering very complicated ones.

Can anyone explain how a brute force will work when most of the websites limit the wrong password attempts to 3?

I thought about using a password manager but I still didnt feel safe using one, i just stuck to my own and recently, last pass has gotten hacked into. Nothing against password managers but I'd rather have my safety at my own hands than someone else's.

Delete your account out of shame lol

A good trick other than relying on words is using a sequence that seems random but has an easy to memorize typing-pattern on your keyboard.

This all comes naturall after a while in "the matrix" xdddddd

Let me guess... The password at the thumbnail is "password"?

I swapped to password manager the same day after watching this video, to be honest. :D Anyway, another cool idea, following the rules discussed in this video: if english is your second language - mix the words in english and your mother tongue. Now hackers would have to use two times bigger dictionary (english and your mother tongue), stick a random symbol in one of the words and hackers can kiss your password goodbye until quantum computer era comes.

I've used phrases generated both my manager and diceware on a strength checker. Says that it would take centuries if not decades, depending on the words + things that sites require.

Thanks for your wisdom Tobey Maguire.

So 30 plus character password is uncrackable?


hierodulamajusculahyllusdiadariplexipuspaykulli

Memorise a short sentence. Make it weird and thus memorable. Add symbols And numbers. Include some uppercase letters.

For example

MyBOSSlookslikeJAYZ$$727589

what if you are kidnapped and they torture you???

Forgive me if Ive missed the point but I don't see the difference yet between password manager and writing them all down except of course, the paper written list can be seen be others .

LastPass hacked! I didn't know they were online (never used them)
I thought the best password managers were ones kept local on your equipment. if lastPass etc gets hacked, there is great incentive to crack them, however a short personal file on a PC/phone should be far less interesting (unless your a celeb etc.)

QUESTION: Many (most?) website give you three attempts at your password. Is defeating the “brute force technique” that easy? If so, is the BFT still a thing?

Right so... make a password so good that you'll forget it

You could have taught us that changing a 4 for an A or 0 to an o is called LEET.

2016 but still relevant
also until they manage to actually extract passwords data from my brain, they are a staple authentification method over "body-external factors" like body recognition, GPS location etc

using rare/personnal/or even proper names, like people or some yugioh card name, or a gun name, some uncommon, yet things you're familiar with (mostly thinking about video game-related strings tbh), but things which are personnal to you are the best imo. This is what the "secrete question" is about on some sites

How about passphrases? long passphrase like "Is_a_nice_night_tonight"