Passwords - Basics

With all due respect, I think the first part of that password ("hdysan?") is an acronym for "How do you spell a name?" or "How do you sleep at night?".

 

As such, I would NOT recommend using it as part of a password because it is too obvious and easy for hackers to figure out.

 

Good luck!

The crux of the problem is that Hackers can just try possible combinations, ad infinitum.

 

If they were limited to 10 attempts, that method would be toast.

With all due respect, I think the first part of that password ("hdysan?") is an acronym for "How do you spell a name?" or "How do you sleep at night?".

 

As such, I would NOT recommend using it as part of a password because it is too obvious and easy for hackers to figure out.

 

Good luck!

Absolutely Amazing!!   You are correct.  I did in fact create that sample just the way you found.  

Like I said, I have never used that password.  And I thought that it would look like a nonsense string that nobody would be able to guess.

That was the point of my query: In theory, given limitless resources and time, NO password is 100% secure. Rather, on a more practical level, is there anything to be gained from inventing a load of gibberish as compared with a random selection of single syllables? The advantage being that the latter should be easier for a human to memorize whereas the hacker's computer is just confronted
with a bank of keys and all possible combinations within a given time limit for experimentation.

Keep in mind that the use of strong passwords is but one layer in security.
 
Security is all about layers and not depending on any one solution, technology or approach to protect yourself from cyber-criminals as I explain here (Post #14). 
 
Many of the newer types of malware are designed to steal passwords and logins to banks, credit cards, board forums and similar other sensitive web sites before encrypting data as I explain in Section 8 Answers to common security questions - Best Practices (Post #1)

Attackers can use ransomware to download a password-stealer component to harvests all usable usernames and passwords from an infected system and send that information to its Command and Control (C&C) server. The Qilin ransomware group uses a tactic that deploys a custom stealer to steal account credentials stored in Google Chrome browser. FTCODE Ransomware has the ability to steal passwords from popular browsers such as Firefox, Chrome, Explorer and Microsoft Outlook.

Once the attacker gains administrative access remotely to a target computer they can create new user accounts or use a user not logged in to do just about anything.

Such is the might and complexity of malware included in # 20 that the user (myself) is confronted with that I am tempted to throw away the PC in favour of quill and parchment.  As it is I put my faith in one of the more prominent security packages (in my case Bitdefender) and rely on them to do the necessary. As well as trying to avoid some of the more obvious pitfalls myself. As an extension of these thoughts I have always fought shy of storing passwords and sensitive data in the cloud (in a PW manager) in spite of all the assurances about xxx encryption that are routinely trundled out. There seems to be always some clever whiz who has figured out how to get round Fort Knox security.

Yes, cyber-criminals are very innovative
 
I tell folks who ask....The only 100% Internet safe Windows-based computer is the one still in the box, in it's original package, unplugged and buried in a closet. Then, it is only prone to dreaded dust bunny attacks.

 

Since that is not an option for most people, the next best thing is to follow best practices for safe computing.

I have always fought shy of storing passwords and sensitive data in the cloud (in a PW manager)

There are offline password managers that you can use locally.  Unfortunately, if malware gets on your system, it might not protect you completely either.  You can push the envelope by using hardware key authentications, which malware can't keylog, unlike your master password.  Some argue that malware can still read from the unencrypted memory or use process injection, but I believe these are rarer than the more common browser password manager attacks, and the less common 3rd-party password manager attacks.

 

Password managers help primarily with 1) password strength and no-reuse 2) phishing (via URL matching) and 3) convenient features.  If you don't need the last two, you can use a password notebook and a random password generator to help with 1.  Use 2FA everywhere you can.

Edited by Dill2046, 21 March 2025 - 09:49 PM.

Interesting. My layman's view is that if the passwords are not online in the first place (under the mattress instead) then it's going to take quite a lot of resource to hack them. Key logging is I suppose a loophole. 2FA I'll take note of that

Whenever I create passwords for my various online user accounts, I always use a random complex mixture of 22 uppercase letters, lowercase letters, numbers or digits, and symbols or special characters, as often as possible.

I NEITHER use any duplicates, NOR any similarities consecutively.

However, I did NOT quite as easily figure out what the second part of that password ("oammf!is!") is an acronym for, and I used Startpage, so that part is too clever for me as a home user, so good job and well done!

..., ...

However, I did NOT quite as easily figure out what the second part of that password ("oammf!is!") is an acronym for, and I used Startpage, so that part is too clever for me as a home user, so good job and well done!

If you made your determination or guess on the first part, and watch enough T.V., you might brake through to the second part.  HINT:  a commercial advertisement.  

Sounds like you are a dab hand at crossword puzzles.
What I am wrestling with is whether
using something like feggarkivdih34=2 is any less secure than complete gibberish. I typed the syllables as they came into my head; I can recognize the (3 letter) components in a way that a computer would only get by running all possible combinations. With a bit of thought I could probably make mine a bit more memorable without making it easier to hack.

Thank you, and Okay, I will think of the second part of that password with that hint when I get back onto my desktop-only computer during the daytime on Saturday, but I happen to NOT watch a lot of T.V. and sometimes, I try and manage to help my mum (79) with crosswords as well.

And to strengthen your password, you could, for example, add some more uppercase letters and an extra syllable to make it 22 characters long, etc.

Good luck!

Edited by midimusicman79, 22 March 2025 - 12:39 AM.

Okay, I tried to think of the second part of that password with the hint, but I could NOT figure out what commercial advertisement that acronym is for, and NEITHER Startpage, NOR Brave Leo AI could help, so I am clueless.
 
However, trying Brave Leo AI was an interesting experience, and the conversation lasted for 14 posts back and forth, so I wish I could have included it here. Still, a forum rule says that "AI-generated posts are not allowed."

Edited by midimusicman79, 22 March 2025 - 02:57 PM.

Interestingly, within a couple of minutes, I just created a new password according to my previously mentioned personal random algorithm for one of my online user accounts, which is a password that I will NOT disclose here for security reasons.

And upon testing it on the various password checkers, I was awarded with these results:

UIC Password Strength Test: "Very Strong. (With ALL of the addition points and NO deduction points.)"

Security.org: How Secure Is My Password?: "It would take a computer about 95 nonillion years to crack your password."

Password Monster: How Secure Is My Password?: "Very Strong. Time to crack your password: 10 hundred trillion trillion years. Review: Fantastic, using that password makes you as secure as Fort Knox."

Bitwarden: Password Strength Testing Tool: "Your password strength: strong. Estimated time to crack: centuries."

NordPass: Password Checker: "Password: Strong. Time it takes to crack your password: centuries."

Kaspersky: Password Checker: "Your password is strong."