Password security

There is a discussion at www.sevenforums.com/system-security/179818-w-7-security.html about safe (strong) passwords but the thread is marked as solved. So I post my reply I wanted to give in a new thread here.
All these rules for composing safe passwords are rather bothersome. The whole problem of a safe password can be solved in an easier way than composing one yourself by sticking to a whole set of rules, then obtaining its safety rating with one of the many password testers and possibly having to compose a safer password if the first one was miserable. And one thing about those password testers. Very often different testers give different safety ratings for the same password. So then what? It's all a bit too much in practice.
An easier way is to get a password online (don't frown) from Gibson Research Corp at **Home of Gibson Research Corporation**. Click on "Services" when you have downloaded their site and have a look at the sub-sections referring to passwords. Read it. Everything is secure and it is a very reputable company. One of the sub-sections referring to passwords generates a unique password just once for you and never again. 64 Characters but you can take a string out of that and cut down the length. You can then always test it with one of the password testers, preferably 2 or 3 to see whether or not the safety ratings are the same. It is easy but do some work and read what Gibson is writing about this whole issue. There are also some videos you can watch. Have fun.

Nice reminder.
Thanks.

I use keepass for windows. It's free and it generates passwords if you want them. It also save an encrypted keepass file that you can put on a zip drive so you always have your passwords. Great open source program. Downloads - KeePass

FranzB changed all his passwords to 'incorrect'...

So whenever he forgets, the computer will remind him,"Your password is ... incorrect".



Having a complex password is just the first step. Having a different password for each site, especially banking, credit card, bill payment, e-mail, etc. is just also important.

What I like about the GRC https://www.grc.com/haystack.htm and Password Strength Checker is the ability to create a strong password that is something I can actually remember and type correctly! In one environment, we had to change passwords every 30 days. A password cracker was used to ensure we used strong passwords. More often than I liked, it took me two or three times to get the password right.

I did some fiddling around with passwords and checking them with Microsoft's
password checker and the password strength checker mentioned above by Corrine (maybe the one by Microsoft is safer since it uses an https connection but let's not become totally paranoid).
I took Gibson Research's password generator and took strings of 11-12 characters out of the generated passwords. Then i took passwords easy to remember, e.g. 1?(timpfi)2 being this is my password for internet. Amazingly enough the latter are just as secure as the strings taken from the password generator when tested for strength and of course much easier to remember without having to look them up and then type them. It makes you wonder. Even !(NoNonsense)? was a strong password.

Hi, FranzB.

What I find the Password Strength Checker good for is illustrating how increased character variety (i.e., 1?(timpfi)2 penalized -10 for having too many consecutive lowercase Letters). Even though those sites don't retain the information, personally, I use them for general password testing, not for my actual passwords.

You are very correct about using something easy to remember. Look how easy this is to remember: *1C@tAnd2D0g$*. It is "very strong" at the Password Strength Checker, would take 1.57 thousand trillion centuries for an online attack according to GRC but, due to length, is only rated "strong" at the Microsoft Password Checker.

Add a few characters and *W3haveIh1C@tAnd2D0g$* becomes Best at Microsoft and Online cracking would supposedly take 10.40 million trillion trillion centuries according to GRC.