• Subscribe
  • What is your best advice for creating a good password manually?

    Devanand Premkumar
    52 replies
    I sometimes create passwords with a combination of words. For example "be-kind-and-respectful" is just one such combination. At times "read-one-book-a-day" hits me up as it kind of reminds me of one of my goals that I have planned for myself. I do wonder how do you think is the best way to create a good and strong password manually without the help of any supporting tools like browser manager, password manager, etc.

    Replies

    Ryan Glass
    Entire phrases from books or song lyrics etc. are vulnerable to combined dictionary attacks even if they are very long.
    Devanand Premkumar
    @ryan_w_glass That is true. At the same time, such large lists brute forcing would also be too noisy and it would trigger some alerts, if defenses are properly implemented. Adding to that, such large dictionary attacks would be time consuming as well if the length exceeds a particular value.
    Ryan Glass
    @devaonbreaches you're right on all those points!
    Corina Tataru
    Take a song you know and make a password from each initial letter of every word of the first two verses
    zoli tompa
    @angela_banica Hey, it's a good idea! Thanks!
    Ibán Ríos
    onPASSWORD One
    A couple of years ago I developed a friendly password generator as a side project. Hope it helps! https://onpassword.one
    Sreekanth PM
    use to take ex dob with a some selected word along with.
    Sreekanth PM
    @devaonbreaches regarding security , yeah . i use lastpass to remember all the password. Actualy there is a need for passwordless login.
    Devanand Premkumar
    @sreekanth850 Sounds like a simple idea to use. But question is how secure it is and how can you remember all the passwords that is created using this logic?
    Benoit Chambon
    Write long sentences ^^
    Devanand Premkumar
    @benoit_chambon Molly Bloom's soliloquy in the James Joyce novel Ulysses (1922) contains a sentence of 3,687 words. Wonder if this would qualify as one of your suggestions :D
    Nazim @Koinju
    @benoit_chambon Does this loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo ooooooooooooooooooooooooooooooooooooong sentence work ?
    I randomly slap the keyboard like crazy with holding the shift key sometimes and adding random special chars, the result looks quite cryptic to me
    Devanand Premkumar
    @timz_flowers Wow. That sounds like a pretty unusual and unique password creation strategy.
    @devaonbreaches everything else leads to a weak password
    Ilia Pikulev
    When you were a kid you most likely was making up some names or abbreviations which are still memorable in your head, right? Just pick three of them and combine in any order you want. In the end, you are having different passwords which are easy to remember for you, but not for anyone else :) As a delimiter, you can use for the first one: dash (-), for the second one: hash (#). For example, you can do something like this: Memorable parts: Mat, F1Cup, 12Blond (you pick your memorable parts yourself :) ) Passwords: Mat-F1Cup#12Blond Mat-12Blond#F1Cup 12Blond-F1Cup#Mat 12Blond-Mat#F1Cup F1Cup-Mat#12Blond F1Cup-12Blond#Mat ... Hope that helps :)
    Devanand Premkumar
    @ilia_pikulev My historical memories and words combination will always be super unique to each and every one of us. I think this is novel as well as secure considering the fact it is not expected to be easily guessed or brute forced by sheer number of combination. As long as this is above 10-12 characters in length, I think this is super easy for all to use and remember :)
    Nico Spijker
    You can also substitute some letters with their equivalent number (3 = E) (I = 1) and if the source allows for it add an exclamation mark, question mark or full stop at the end of a sentence in order to secure your pw further
    Shiloh Johnson
    Someone once told me about this comic, which is funny and could be used as a starting point for a stronger password: https://xkcd.com/936/
    Devanand Premkumar
    @shilohjohnson Believe it or not, this is one most used strategy for password selection. Guess that works fine for you as well.
    Yeshaswini
    @shilohjohnson This is great! thanks for sharing
    Anna Avvakumova
    I have several made-up words which I use as passwords with different combinations of figures and capital letters :)
    Devanand Premkumar
    @anna_caine Made up words - your own vocabulary sounds like an interesting idea. Hope the combination of words do exceed at-least 10-12 characters length as a best practice.
    Jaskiran Kaur
    To make a good password I use 1 uppercase letter or if it like 2 words then 2 uppercase letters and rest of them in lowercase , other than I use 1 special character and two numbers
    Devanand Premkumar
    @jaskiran_kaur Curious me on why these combinations?
    Larisa Terekhova
    everything that is simple is always difficult. therefore, I make passwords as simple as possible.
    Devanand Premkumar
    @suheyla_seker Classical password selection strategy. Our fave songs. Super nice :)
    Slava Bobrov
    By the way, regarding the passwords subject. Among the products that are featured today there is Cotter No-Code Passwordless Login by @anthonyharris, @putrikarunia, @albertpurnama and @michelle_marcelline
    Ugo B
    For me the best way to do it manually ... is to do it automatically using a strong password manager :)
    Devanand Premkumar
    @ugo_buyzooka Rules of the game is not to use password manager for this suggestion :D
    Mona Erb
    I usually take a date of birth from someone close and my favorite TV show or Film :)
    Devanand Premkumar
    @mona_erb Special ones close ones always deserve the right attention. TV show or film is looking interesting to me.
    Team Tomato
    Diceware passwords are the way to go for me. Using a wordlist and rolling physical dice to choose the word removes any personal bias from the words chosen. Take a few words and string them together to form a password that isn't too hard to remember. More info about it here: https://en.wikipedia.org/wiki/Di...
    Devanand Premkumar
    @teamtomato7 Diceware password model is used in super sensitive accounts including financial lockers these days. I have also seen this being used in Crypto currency exchanges with a larger set of words as seed for Diceware. Nice to hear that being used as a regular use case :)
    Team Tomato
    @devaonbreaches I like the concept of unbiased randomness and creating a new password is simple if you have a wordlist and physical dice. Lucky for me, I'm someone who plays board games and D&D regularly so I have dice nearby. Maybe even _too_ many dice nearby.
    Scott Teger
    Autonix | Free WiFi QR Code Generator
    Autonix | Free WiFi QR Code Generator
    I use a base plus a site identifier. For each website I tack on a nickname that i'll remember. Example... if my base is "pass123!" when i create a password for ProductHunt i might use "pass123!prodh". Unique passwords for every site so a compromised password isnt useful on any other website, but very easy for me to remember because all i need to do is recall my nickname for the website im trying to access.
    Devanand Premkumar
    @openteam I like the idea but curious on whether you use a base word constantly. For example if your base word is just "pass" predicting your password for PH would be easy as long as someone knows one of your existing password. Wonder how do you handle that?
    Scott Teger
    Autonix | Free WiFi QR Code Generator
    Autonix | Free WiFi QR Code Generator
    @devaonbreaches the base password is a good strong password in its own right. The combination is usually > 16 chars consisting of lower, upper, numbers and special chars. Couple that with I usually dont use the most obvious add-on name. For example with Product Hunt... I probably wouldnt use producthunt or ph (i used SSO via google so doesnt apply but just an example). All that said, im most worried about an automated attack. If you had my base password and you had some time, you probably could get into an account or two on a premium destination.
    Szczepan Serwatka
    @openteam Really nice idea. I will try it!
    Jimmy Jenkins
    I quite often use the well-known name plus symbols, but this is not entirely reliable)
    Devanand Premkumar
    @jimmyjw Well, the idea is simple and easy, but security is questionable. We need to consider that as well :)
    Carlos Leyva
    Prefer to use password managers tbh haha but if I had to, I'd kinda' take the name of a random city I know (little town middle of nowhere mexico) plus some numbers and symbols, or someone's nickname. usually combinations of words in different languages and numbers works as well
    Devanand Premkumar
    @carlosleyva I like your idea about the random city and combination, but the question is how will you identify the password you used to be unique with each service? That is a big question as well.
    Devanand Premkumar
    @carlosleyva True again. Password managers are much secure compared to any password creation models created manually.
    Carlos Leyva
    @devaonbreaches totally! hence password managers are the way to go unfortunately.