News:

Don't forget to visit the main site! There's lots of helpful docs, patches, and more!

Main Menu

How to create and manage your passwords

Started by Wingard, November 07, 2009, 09:40:35 PM

Previous topic - Next topic

Wingard

This is a guide, it will tell you how to create and manage a hoard of insanely powerful passwords.

Requirements:
KeePass
A USB thumb drive (optional, kind of)

There are a variety of methods to create a strong password. A common method is to take a phrase that you know well such as Shakespeare's: "To be or not to be, that is the question." Take the second letter from each word so that you get the sequence "oerooehshu". From here, alternate letters with similar numbers and symbols to create the passphrase "o3r0o3h5h^".  Now, alternate the leftover letters between lower case and upper case to arrive at "o3R0o3H5h^". After this, consider appending the name of the high school that Beavis and Butthead went to, following the same basic rules. "highland" > "h1g#l@n}" > "H1g#L@n}". Combine the two and you you arrive at the password "o3R0o3H5h^h1g#l@n}". Finish it off by adding a whitespace every three characters to end with "o3R 0o3 H5h ^h1 g#l @n}". Further buffer the password by adding tildes before and after each three character block to get "~o3R~ ~0o3~ ~H5h~ ~^h1~ ~g#l~ ~@n}~" The final password is incredibly strong but has a mnemonic device that makes it somewhat easy to remember. (Of course, you use the name of the street you grew up on or could turn every third letter into a number or symbol or go three then two, any system that you can feasibly keep track of).

If you're like the average, normal person, you probably have a lot of passwords for your email, bank account, ssh accounts, etc. Remembering 50+ character passwords for all of these would be incredibly difficult, if not impossible. That's what KeePass is for.

KeePass can create and open databases containing many different passwords. Since it's open source it has a nice variety of associated plugins, and in this exercise I'll be referencing a plugin that guesses at relative password strength. Create a unique password using similar guidelines as has been already been elaborated upon. Our example password of "o3R 0o3 H5h ^h1 g#l @n}" creates a password that is assumed to be approximately 135 bits. KeePass relies upon the very secure SHA-256 encryption algorithm, and a strength of 135 bits ought to be enough to stump even advanced government agencies. Maybe your own inventive password is even stronger despite being shorter since mine relies upon very stringent patterns. The 135 estimated by the keepass plugin ought not to be taken too seriously, since there are a variety of attacks that could show my own is predictable enough to be substantially lower (but I would imagine that it's in fact more than what the KeePass plugin rates it as). Use your password as the master password and create a new kdbx database. You now have a way to store passwords that are even crazier!

Find a program or website that generates passwords that are fairly random. I'm fond of this website. Set the password length to an absurd amount like 50, and hammer every character on your keyboard in as random a pattern as possible into the box labelled "additional entropy". Generate 10 or so passwords, pull random strings of varying lengths out of different passwords and add those into the entropy box in random positions. Feel free to remove characters and add extra characters with the keyboard. Perform this operation several times. The reason for this is that entropy is limited by factors like common load times and processor/operating system/program capabilities (for instance, a 32 bit environment is only capable of 32 actual bits of entropy, and random human input has common patterns based on motor skill usage). Once you are fairly certain that the entropy ought to be deviant enough from common human and common computational input, push the generate button one more time to produce 10+ different strings of 50+ random character sequences.

Open a notepad, and copy one of the lines into it. Replace characters in the string with small pieces from other strings, adding random characters and white spaces while deleting other small pieces. This ought to create a password with a ridiculous length and of sufficient randomness to make it absolutely impervious to brute force attacks or otherwise. Flip over to the KeePass window and add a new database entry in an appropriate category for your new password. Copy your brand new 50+ random character password into the new entry.

Congratulations, you've successfully made an insane password.

Your database file should be stored on a secured flash drive (encrypted with TrueCrypt if you're a real masochist).

Much love to Famicommie for basically this entire post(he made the whole example password paragraph). Thanks, Fami <3

Zhs2

Wow. Remind me to switch all of my passwords, especially considering I use the same ones for everything...!

Also, I'm tired. I swear I read "Keep Ass" somewhere in there. o_o

Wingard

Update, lol.

I figured I would give you something that will aid in backing up your passwords file to a flash drive. This assumes you know where your flash drive is mounted(what the drive letter is for Windows, you should know what I'm talking about on linux).


Windows Batch script:
(Assumes flash drive letter is F)
@echo off
copy "C:\dir\of\your\dbfile\" "F:\"
echo "Done!"


Linux shell script:
(Assumes mount dir is /usr/mount/usb/)
#!/bin/sh
cp /dir/of/your/passwordfile/ /usr/mount/usb/


Hard stuff.

Wingard

Okay something else to add.

If you are a user of Firefox there's a handy addon called Lastpass out there that can import your keepass database(after it's exported to XML) and save your passwords for stuff encrypted rather than plaintext, such as with the vanilla Firefox Login Manager. Remember to delete the .XML DB dump after you import it into lastpass, it has all of your passwords completely decrypted in it!