How to come up with a password that is difficult to crack. A simple and secure password - collective creativity

We often say in the site's step-by-step instructions that passwords need to be created strong, long and complex. But what does all this mean in practice?

Let's understand the topic of creating strong passwords right now and learn how to create good passwords that attackers cannot crack.

Let us immediately note that none of the following tips provides 100% protection against hacking or theft. There is simply no such method in the world that would guarantee accurate protection against fraudsters!

If hack professionals want to get your password, they will do it, but strong passwords can weed out some newbies and non-specialists, complicate the task of hacking your account and greatly spoil the nerves of attackers, and therefore there is still a point in good passwords.

How do scammers find out your password?

There are several ways to obtain your secret password:

1. Simple theft, theft, password theft:

• through special programs
• over the Internet,
• through fake websites
• through fake programs,
• through access to your computer or the sheet of paper on which you write down passwords,
• finally, through blackmail, torture and interrogation (the latter is a joke, of course, but some girls actually use these methods to extract their boyfriends’ passwords in order to control their correspondence!).

Often these scammers can disguise their goals as completely harmless, for example, you are asked to provide your profile login information in order to enter the program or to confirm your registration or unlock your profile.

2. Social engineering. The essence of the method includes a logical approach and analysis of your person, identifying your personal information (year of birth, names of loved ones, passport details, telephone numbers, names of relatives, names of pets...).

3. Simple search through dictionaries. The simplest and stupidest way, which still manages to crack simple passwords consisting of dictionary words, popular combinations like 123456789 or abcdef or qwert. Here, a program with a built-in dictionary is actually launched and dictionary combinations are searched.

4. Brute search. Similar to the previous method, but includes all possible combinations in general. The system tries any values, and the fraudster hopes for luck that some options may coincide.

Considering the speed of such search (about 100,000 or even 1,000,000 combinations per minute), the probability of a match is quite high.

How to create/come up with a good password

A strong password should:

a) consist of letters and numbers;
b) have 8 or more characters;
c) contain both uppercase (lowercase) and lowercase letters;
d) include symbols (not alphanumeric characters);
e) do not coincide with any dictionary word (in all languages).

To quickly create a good password, we would advise taking a memorable phrase or expression that has nothing to do with you and typing it without spaces in the English layout.

Along the way, it is necessary to dilute this phrase with simple symbols and numbers, but in such a way that it is illogical. After this, all that remains is to replace a few lowercase letters with uppercase ones, and the job is done, a good password is ready. But all this is easier to understand with examples.

EXAMPLE of creating a good password #1

Step #1

Let’s take the same phrase “strong password”, type it in the English keyboard, and get “yflt;ysq gfhjkm”.

Step #2

Now we remove the space between the words and replace a couple of lowercase letters with capital ones, we get “yflt;ysQgfhjKm”.

Step #3

Now let’s add a couple of numbers, for example, at the beginning and end of the phrase, we get “2yflt;ysQgfhjKm1”

TOTAL: our password has 16 characters, there are uppercase and lowercase letters, there are numbers and symbols, there are no dictionary words! This is a good and strong password that is easy to remember using the phrase “2STRONG PASSWORD1” (only without a space in the center).

EXAMPLE of creating a good password #2

Step #1

Let’s take the following phrase “peace be at home”, type it in the English layout, and get “vbh ljve”.

Step #2

Now let’s remove the space between the words and replace a couple of lowercase letters with capital ones, we get “vBhljVe” (replaced the 2nd from the left and 2nd from the right letters in the phrase).

Step #3

Now let’s add numbers, for example, at the end of the phrase, we get “vBhljVe21”.

Step #4

Let’s complicate the passphrase with some symbol, but not between words, but after the first letter, to make it illogical, we get “v~BhljVe21”

TOTAL: our password has 10 characters, there are uppercase and lowercase letters, there are numbers and symbols, there are no dictionary words. This is how the phrase “peace at home” turns into a cool and complex password for us! And it's easy to remember.

The more illogical and unusual your password creation techniques are, the more secure it will be!

It’s so easy to create a complex and reliable password that will protect your profile well from simple hacking. It is worth remembering that different passwords must be created for different sites, and all of them must meet the above requirements.

If you ignore these tips, use simple combinations, personal data or dictionary words, the same passwords everywhere, don’t be surprised at your profiles being hacked, we warned you….

And under no circumstances enter passwords on sites or programs that raise even the slightest doubt! After all, it’s easier for an attacker to steal your password than to guess it.

A simple and secure password - collective creativity

• Information security

After reading a lot of related literature and looking at a ton of habratopics (links to interesting ones are given at the end of the article), I decided to summarize the information about the main methods for generating a strong and memorable password.

Let me start by saying that I myself use the wonderful program KeePass to generate and store my passwords. Its functionality is quite sufficient for all my modest webmaster needs. Its main disadvantage is the fact that it also requires you to remember one master password. Therefore, all this fuss around coming up with a password also concerns me and all the happy owners of the KeePass program or its analogues, because... You still have to come up with one password.

Let's talk about hacking methods

1. Method of logical guessing. Works on systems with a large number of users. The attacker tries to understand your logic when creating a password (login + 2 characters, login in reverse, the most common passwords, etc.) and applies this logic to all users. If there are many users, very soon a collision will occur and the password will be guessed;
2. Dictionary search. This type of attack is used when the database with hashed passwords is leaked from the server. It can be combined with the replacement of letters (typos) or with the substitution of numbers/words at the beginning or end of a word as a prefix or suffix. Dictionaries typed in the wrong keyboard layout are also used (Russian words in the English layout);
3. Searching through a table of hashed passwords. An advanced method for cracking passwords, when the hashes have already been generated and all that remains is to find a match in the database for the hash to match the password. It works very quickly even on weak machines and leaves no chance for owners of short passwords.
4. Other methods: sociotechnics and social engineering, the use of keyloggers, sniffers, Trojans, etc.

Password strength

1. Password length (the longer the better), for advanced cases it is recommended to use a 15-character password;
2. Absence of dictionary words and parts of common passwords in the password;
3. Lack of templates when creating a password (by template I mean a logical algorithm for generating a password, for example: “Med777vedev”, “12@ytsu@21” or even “q1w2e3r4t5”);
4. Stochastic sequences of characters from various groups (lowercase, uppercase, numbers, punctuation marks and special characters);

How do people remember their passwords?

1. Domain names interspersed with login (“gooUSERglcom”, “UmailruSer”);
2. A certain standard phrase that is attached to the domain (“passgoogleru”, “passhabrahabrru”);
3. A common word interspersed with significant numbers and other characters (“ ”, where 32167 is a cheat that summoned 5 black dragons in Heroes of Might & Magic);
4. Russian words in English layout (“,k.lj

   One foreigner, who was an eyewitness to such a procedure, left the following testimony: “The executioner beats so brutally that with each blow the bones are exposed. So it's

   (the person being punished) is torn to pieces from the shoulders to the waist. The meat and skin hang in shreds.”

   Many died from this. Everything depended on the individual characteristics of the body, as well as on the force of the blows. Some withstood 300 blows, and some fell like a sack after the first blow. If the executioner felt sorry for the person being punished, he could hit him weaker (sometimes for a bribe). Otherwise, he could have beaten him to death.

   In the era of Peter the Great, punishment with a whip was called “trade execution.” She was often appointed for political crimes in combination with branding.

   “Guilty!”

   Punishment with batogs was considered much lighter. The latter were thick sticks or rods with cut ends. Batogi were often used - to extract taxes and arrears, to beat serfs and subordinates. Sometimes the court ordered beatings with batogs - for theft, perjury, disrespect for the royal family... So, a clerk was punished with batogs, who, when drinking to the health of the sovereign, did not take off his headdress.

   The execution took place like this. The person was placed face down on the floor or on the ground. One of the executioners sat on his legs, the other sat on his neck, clasping it with his knees. Then each of them took two batogs and beat them on the back and below the back of the victim until they decided to stop the punishment or until the bars broke. At the same time, it was forbidden to strike the stomach, thighs and calves. Also, during the execution, the person being punished had to shout the word: “Guilty!” If he did not scream, then the punishment continued until he screamed and admitted his guilt.

   Through the gauntlet

   More cruel was the punishment with spitzrutens - flexible rods about 2.1 meters in length and less than 4.5 centimeters in diameter. They were used mainly to punish soldiers. This was called “running the gauntlet.” The method of punishment was borrowed from the Swedes and was introduced by Peter I in the Russian army in 1701. The person punished for this or that offense was stripped to the waist, his hands were tied to a gun, which was turned towards him with a bayonet so that the unfortunate man could not evade reprisals, and he was escorted between two rows of his comrades lined up to his right and left. Each soldier had to hit the offender on the back with a spitzruten. The regimental doctor followed the beaten person, counting the blows so that the punished person would not be marked to death or maimed.

   “Teachings” for children and women

   Children's punishments were “blessed” by the famous “Domostroy”: “... but also to save through fear, punishing and

   teaching, and when to beat.” Children in Rus' were usually flogged with rods. A rod was a bundle of rods used to strike the soft parts of the body. They could punish with rods for any offense, and this punishment was applied not only by parents or educators, but also by school teachers - for example, for negligence in teaching. Sometimes girls were also flogged.

   This method of punishment was applied to children of any class: it was considered useful for the child. In large families, they sometimes held weekly floggings on Saturdays, and often the offspring were flogged not only for actually committed offenses, but also as a preventive measure, “so that it would be discouraging.”

   Before carrying out the execution, bundles of rods were soaked in cold running water. Sometimes the soaking took place in a salty solution, and then the beating caused severe pain. However, scars after such punishment rarely remained. Less often, a rope with knots was used to beat the younger generation, which was used to whip them backhand. [С-BLOCK]

   Women were also flogged, most often with whips or rods. Domostroy prohibited the use of hard objects and methods of beating that could cause injury.

   A peasant woman could be “taught” by her husband - for impudent language, disobedience or suspicion of treason. Serf women and girls could be flogged by order of the landowner. The police flogged women who were illegally engaged in prostitution. But completely official corporal punishment also existed for representatives of the upper classes. Thus, two ladies-in-waiting of Catherine II were brutally flogged for the caricature they drew of Prince Potemkin.

   Even in Catherine's era, an attempt was made to soften the existing system of corporal punishment. In 1785, representatives of the upper classes, merchants of the first and second guilds, were exempted from them. At the beginning of the 19th century, various restrictions were introduced - on the number of blows, punishments for the sick and elderly, and representatives of other categories. But in primary and secondary educational institutions, the rod remained a means of “education” until the 1860s.

   Corporal punishment was completely abolished in the Russian Empire only in 1904. The Bolsheviks put a definitive end to this issue after the revolution, declaring flogging a “bourgeois relic.”

   On the same topic:

   Through the gauntlet and other methods of flogging in Rus' Deprivation of a beard and other most terrible humiliations for men in Rus' What punishments for adultery existed in Rus'

   Requiring registration and use of a password to gain access to your account. E-mail, Internet messengers, personal account of the Internet provider, chats, forums, other sites and this is at a minimum. In this article we will try to figure out how to come up with passwords for all these countless services.

   When registering on a new website, we often stop and think when we see the password entry field. An almost ideal way to create a strong password would be to generate a random password using a special program such as . But such passwords are difficult to remember, which means they need to be written down and stored somewhere. This option is not suitable for some ordinary users. Even if you use a programmatic method to create and store passwords, you will still have to remember some passwords.

   When creating a password manually, you must follow several rules:

   • You cannot use simple combinations of symbols and numbers. For example, passwords 123, 321, 123456, qwerty, asdfg and others are not suitable.
   • Cannot be used when creating a password (names of relatives, pets, dates of birth, phone numbers, addresses, zip codes, etc.). For example, the passwords Masha, Sasha21, Vasya02071988 and others are not suitable.
   • Do not use passwords that can be guessed from a dictionary of popular passwords. For example, the passwords love, cat, alfa, samsung, mercedes, yasterva and others, as well as their variants and combinations are not suitable.
   • Do not use passwords that are less than 10 characters long.
   • The password must consist of upper and lower case letters, numbers and special characters.
   • When coming up with passwords, use your imagination and don’t think in stereotypes. The computer that guesses your password is good at math, but it can't think or be creative.

   There are many ways to come up with a simple and relatively strong password. We will look at one of these methods.

   How to come up with a password

   The first thing we need to do is come up with a key phrase. The ideal option would be a unique nonsense phrase that is easy to remember. For example: space cockroaches. You can also use phrases from not very popular songs and poems.

   • Recording a Russian phrase in an English layout.
   • Write the phrase backwards.
   • Replacing letters with their visual counterparts (“a” - “@”, “i” - “!”, “o” - “()”, etc.).
   • Using the first few characters of each word.
   • Removing paired/unpaired characters.
   • Removing vowels/consonants from a phrase.
   • Adding special characters and numbers.

   You can use several of these methods to turn the key phrase into an almost meaningless string of characters. But, the ideal option would be to create your own unique method of “encrypting” the key phrase.

   For example, using several template methods " " you can get the following password:

   space cockroaches– use the first 4 characters from each word – kosmtara – write in the English layout – rjcvnfhf – write with a capital letter and add special characters and a random number – Rjcvnfhf@955

   As a result, we ended up with a long and rather complex password that cannot be calculated from the personal information of its owner, but can be easily recovered from memory. Having checked the strength of the password using the service, we get the result “very strong”.

   In conclusion, I would like to remind you once again that when coming up with a password you need to use your imagination and the ability to think outside the box. Using this advantage over "dumb" computers, you can create passwords that will be too tough for them.