• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Good Password Guidelines – How to Make a Strong/Secure Password

April 19, 2006

Views: 39,311

It’s common sense for most people on the hacking side of computer security as we know how easy it is to break a password when it’s only a few characters long or it uses a dictionary word (even if it is postfixed with a couple of digits, a hybrid dictionary attack breaks it pretty fast).

Even more so if you are utilising some decent Rainbow Tables and the RainbowCrack method (time/memory trade-off).

The basics of creating a secure password:

  • Include punctuation marks (,.;), special characters (!#$%^) and numbers.
  • Mix capital (uppercase), lowercase and space characters.
  • Create a unique acronym.
  • Short passwords should be 8 chars at least.

Some potential weaknesses to avoid:

  • Don’t use a password that is listed as an example or public.
  • Don’t use the same password you have been using for years.
  • Don’t use a password someone else has seen you type.
  • Don’t use a password that contains personal information (names, birthdays or dates that are easily related to you)
  • Don’t use words or acronyms that can be found in a dictionary.
  • Don’t use keyboard patterns (qwerty) or sequential numbers (12345).

Once you have a good password it’s equally important to keep your password secure:

  • Never tell anyone your password or use it where someone can observe it.
  • Never send your password by email or say it where others may hear.
  • Occasionally verify your current password and change it to a new one.
  • Avoid writing your password down. (Keep it with you in a purse or wallet if you have to write down the password until you remember it.)

And never label that scrap of paper in any way, write it down on an the back of an old businesscard or something that doesn’t indicate it’s a password.

Don’t give anyone who finds (or gains access to) your purse/wallet any clue of what the password means or what it is related to.

128 bit entropy in a password requires a long randomized passphrase, which wouldn’t be very usable, there has to be a trade somewhere between security and usability.

You can also use online password generators such as http://makemeapassword.com/, the problem with these however, is that they do create strong passwords but they aren’t easy to remember, which kind of defeats the purpose.

Another thing you can do is use something like a password safe to keep all the hard to remember passwords in one place, the one I would recommend is from Bruce Schneier and is actually called “Password Safe”.

Password Safe is an Open Source (free) tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP).

You can find it here:

http://passwordsafe.sourceforge.net/

Any other inputs?

Digg This Article

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Countermeasures



Reader Interactions

Comments

  1. Jeroen says

    April 19, 2006 at 6:39 am

    We (my colleages and I) use longer sentences which can’t be calculated because they are very long, but still easy to remember.

    Example: The name of my kitten is “Tiger”!

    It has a ! and “” and even lower and uppercase characters.

    Still your other rules are very important, don’t tell them to anybody and don’t choose an to obvious sentence. Proverbs work great b.t.w.

  2. Darknet says

    April 19, 2006 at 8:54 am

    Jeroen: Yah I agree, quite a lot of people use the passphrase technique as it yeilds very complex passwords with only a little effort

    Like your examples you can do:

    “My car is red with plate 3456”

    Which would give you the pass Mciswp3456

    Of course must use in combination with the other rules!

  3. Jeroen says

    April 19, 2006 at 8:59 am

    Yes Indeed!

    Another: replace parts of the sentence with numbers

    Example: This 1 is hard 2 crack!

  4. John Preston says

    April 19, 2006 at 10:53 am

    Personally, I prefer ‘KeePass’ as my password safe. It uses AES and Twofish, allows use of a passfile aswell as a password. And because it doesn’t hook into the registry and saves the passwords to a database, you can stick it on your USB stick aswell!

    KeePass Homepage

  5. Ubourgeek says

    April 19, 2006 at 6:19 pm

    I use the previously mentioned passphrase technique, hash it using leetspeek (may be lame but it works) ’cause I’m a Geek, then toss a “special” character and an extra number on either end.

    e.g.

    Passphrase: Did you get four hundred thousand computer viruses?

    Number of words in passphrase: 8

    “Special” Character: ?

    Resulting Password: ?dygfh7Cv8 or 8dygfh7Cv?

    Cheers,

    U.

  6. Darknet says

    April 20, 2006 at 8:05 am

    John Preston: Thanks for that, Keepass looks pretty neat.

    Ubourgeek: Yah that really does make a strong password, it’s good to combine all of the above techniques..end up with something memorable yet very strong!

  7. Richard Harlos says

    April 25, 2006 at 2:34 pm

    My preferred method of password generation is to take a sentence or line from a song and then use the first letter of each word in that sentence/line, putting vowels in one case and consonants in another, finally postfixed with numerals that indicate how long that password is including the numerals, e.g., if the line I wish to use is:

    “You and me against the world”

    My password would be “YaMaTW7”

    The longer the line/sentence, the more difficult to brute-force crack it.

  8. Danilo Cicerone says

    April 28, 2006 at 8:29 am

    Try this passwords generator too:

    http://www.digitazero.org/?p=30

    for testing and fun!

  9. Daniel says

    June 4, 2007 at 9:05 am

    i usually make a simple hash of the site domain and like … my phone number with the shift key

  10. Tara (PassPack) says

    June 4, 2007 at 11:58 pm

    A recent password hacking contest showed that “complexity” actually matters less than length. I just posted about it here:

    Choosing Passwords: Long is Strong

    Jeroen has got the right idea – pass phrases are a best bet.

    Cheers,
    Tara Kelly
    PassPack Founding Partner
    —

  11. Torvaun says

    June 5, 2007 at 7:47 am

    Being a math geek as well as a computer geek, I tend to use mathematical expressions or constants for passwords. ‘e=2.71828’ ‘answer:42’, that kind of thing. Hard to brute force, easy to remember. And of course, being a security minded geek, neither of those is used for a password for anything Internet accessible.

  12. Tara (PassPack) says

    June 5, 2007 at 2:30 pm

    @Torvaun
    That’s actually a good method. Here’s another good one over at Significant Figures that uses molecules: http://www.sciencetext.com/passwords-for-scientists.html

    But still – how do you remember which formula you used on which site? Why not come up with a great master pass for a password manager, and then forget about all the rest.

    Just an idea ;)
    Tara

  13. Torvaun says

    June 5, 2007 at 2:59 pm

    @Tara
    Remembering what I used where is the biggest problem I have with this system, but I’m pretty good at remembering the passwords I use most often. The rest, I just run through all of my passwords until I get the right one.

  14. Tara (PassPack) says

    June 6, 2007 at 9:44 am

    @Torvaun
    You’ve got a good memory then – I’d never manage. Just make sure you have a lot of these passwords though. Ideally you should have a different one for every site. But at the very least, make sure that you have unique passwords fro each banking and email account.

    Cheers!
    Tara

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AI-Powered Malware - The Next Evolution in Cyber Threats

AI-Powered Malware – The Next Evolution in Cyber Threats

Views: 237

Introduction Artificial Intelligence (AI) is reshaping cybersecurity on both sides of the … ...More about AI-Powered Malware – The Next Evolution in Cyber Threats

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 368

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 674

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 596

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 638

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 482

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (230)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,299,254)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,110)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,648)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,694)
  • Password List Download Best Word List – Most Common Passwords (933,536)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,175)
  • Hack Tools/Exploits (673,304)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,194)

Search

Recent Posts

  • AI-Powered Malware – The Next Evolution in Cyber Threats May 21, 2025
  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy