This is what happen..! RSS

This is the personal web page of Bernard Bolduc.

I write about stuff that I find cool. This is my own opinion, nobody else. I might write about security, tech and gadget. Take every thing with a grain of salt.

DISCLAIMER

I don't tell you to hack your employer, but you may find information that might help you. This is for educational purpose. If you can do it, you probably need to fix it. If nobody tell you how it's done, how can you fix it. This is why I may write about it.

Archive

Jun
21st
Sun
permalink

Password security

I had a talk lately about password.  People are asking me, what are good password?  Well let me tell you how I create my random password that I use.  I have 3 rules to create them.

  1. It needs to be longer than 8 chars.  10 chars is a sweet spot.
  2. It needs to contain numbers, extended chars and letters.  All of those!
  3. Extended chars and numbers need not to be use to end the password, some of those chars needs to be in the middle of the password.

With those guide lines, you need to make a password.  The best password are those that are not words.  They are easy to crack with a dictionnary attack.  Even if you change some letters for numbers.  Like l33t speeking.  Well I hate to pop your dreams, but now, almost everyone knows that trick.

When I took my CHFI class, we came to conclusion that the best password are made from a phrase.  Something that has a meaning to you but not others.  Lets try this.

Lets say that I ate a KFC at lunch time, it was good, I had a great meal.  My pass phrase could look like this:  “I love kfc, f**k the world!”  With a pass phrase like that, my password would look like this:

i<3kfcftw!

Ok, I got an extended char at the end, but I do have one in the middle, so it doesn’t count.  I got a number, and this password is not a dictionnary word.

It’s easy like that.  Keep in mind that remembering a phrase is quite easier than remembering random letters and numbers.

Comments (View)
blog comments powered by Disqus