Creating more secure passwords

[paieye]

We are regularly told to take more trouble over passwords, if we want to make them more secure.

A recommended formula is to use (1) both capital and small letters, (2) numerals that are not in some obvious sequence such as 12345, &c. and (3) punctuation.

In the last week, I have had occasion to attempt to put this into practice with 2 credit-card sites. Both of them rejected my proposed passwords until I eliminated the punctuation.

I have just now used the formula to change my password for a 3rd website, this time with complete success. The website ? DeliaOnline.

 

[IWT]

Yes, I've come across quite a few sites where one would expect high levels of security, only to find limitations on number of characters, punctuation and even in one case the rejection of the ampersand (&).

I use 1Password - there are other good apps too - and it allows you to choose recognisable words arranged in a way that still creates a strong PW and is more easily remembered. This can be combined with whatever numbers mean something to you.

Delia Online, eh? My wife would be impressed. Though I suspect our North American friends might be in the dark about this lady.

Ian

 

[Rod]

For my personal passwords, like Apple ID, iTunes, Admin password I like to use memorable passwords that are difficult to guess but easy to remember.
For this I find phrases are best eg I like 6 fish or we have two cars. There are many variations of these phrases eg WeHave2Cars. They are memorable and fulfill the major requirements of a secure password, they have 10 or eleven charterers comprised of upper and lower case letters and a number.
For site passwords I prefer to use a password generator like the free Doorman app which can be tailored to suit the site requirements, number of charecters, special characters, symbols, upper and lower case letters and the number of characters.
I then use a password manager to remember them. Currently Enpass because it's free, all my information is locally stored and shared and no subscription required.

 

[paieye]

Thank you both, but am I to take it that you consider that using punctuation does not make a password any more secure ? By the way, I do not need to keep any record of my passwords or to use an application that will create them for me, because I have devised a formula that enables me always to know what the password will be for the site in question. But I do like using punctuation !

 

[chscag]

You've already posted this over in the MacRumors forum. Good luck with your formula.

 

[paieye]

My apology !

 

[Rod]

Password creation and storage is always an interesting topic and I dont get to MacRumors Forums much so I had not read your post about your formula paieye.
As for punctuation, i think there may be some sites that will not accept special characters like commas, full stops, semicolons etc so I tend to steer away from them as a rule.
I am interested in your "formula" but unless you are applying some sort of algorithm then I am assuming you are using a code or "rule" and surely that means that if one password can be obtained then all the others can be worked out as well.

 

[paieye]

I am interested in what you say about permitted punctuation. If commas, semi-colons and full-stops are not permitted, what punctuation is likely to be permitted ?

Yes, I use a formula that is easy to remember and apply. You are therefore right in saying that someone else might divine the formula and use it to hack into all of my websites. However, there are different layers of logic involved, so that, all though I accept that my system does not give complete security, I think that it does give at least improved security. In any case, I am only an "ordinary" user,with no very interesting websites, and it must be highly unlikely that anyone is going to waste time over me. Yes, I have had my email hacked in the pre-improved-security past,but all that happened was that everyone in my address-book received a silly message.

Am I right in thinking that these password-management-applications create completely random passwords ? If so, can they be securely stored and easily retrieved ?

Tha

 

[paieye]

Sorry, I got cut off -- I wanted only to thank you for your interest.

 

[ferrarr]

Yes, password manager applications store the passwords and are easily retrievable.

 

[Rod]

Regarding the punctuation allowed I'm really not sure. I have heard of the odd instance where punctuation was initially accepted as a password then refused to work requiring a new password which is fine accept in the case where the old password is required to create a new one.
Most sites suggest that a password be comprised of no less than 8 characters and that at least one should be a number. Because the use of special characters and punctuation is sometimes refused I have set the preferences of Doorman to 10 characters, unpronounceable, no special characters and it does the rest.