Creating strong passwords and keeping them secret.

[deanj20]

Hey CF,

I read a post earlier about someone whose email password was compromised. After a brief Google search, I didn't find any sites that suggested ways to create strong passwords and to keep them secret that I liked. I had been wanting to add a tips and tricks section to my site, and I had some spare time today. Give it a read and tell me what you think: http://jeremydeanonline.com/tips/tips.php

Thanks guys!

 

[jevery]

I've used Password Safe for years now. Small free program that keeps all your passwords safe, (encrypted), with a single password and in one file. It will also generate strong passwords and defeat keyloggers with copy and paste function for passwords. :good:

 

[LTB]

Hey CF,

I read a post earlier about someone whose email password was compromised. After a brief Google search, I didn't find any sites that suggested ways to create strong passwords and to keep them secret that I liked. I had been wanting to add a tips and tricks section to my site, and I had some spare time today. Give it a read and tell me what you think: http://jeremydeanonline.com/tips/tips.php

Thanks guys!

As simple as that is, it's never crossed my mind. Good tip.

 

[Twinbird24]

lol you got 300 passwords from the library computers! How did you install the keylogger? All the computers at the school I go to don't let me run anything not already installed or even access the command prompt.

 

[jevery]

lol you got 300 passwords from the library computers! How did you install the keylogger? All the computers at the school I go to don't let me run anything not already installed or even access the command prompt.

http://www.amazon.com/KeyLlama-4MB-PS-2-KeyLogger/dp/B00169TMRG

 

[deanj20]

lol you got 300 passwords from the library computers! How did you install the keylogger? All the computers at the school I go to don't let me run anything not already installed or even access the command prompt.

Yeah, the network was poorly locked down. I used some software keylogger freebie I found via Google. I don't remember exactly what security was in place - I just remember it was laughably easy to install and hide the logger. I think I was even able to go into the McAffee antivirus that was installed and tell it to ignore the file.

Hopefully they've put better security in place since then (this was like 2002 or so). But I wouldn't be shocked if I was able to do the exact same thing over again. IT guys are a dime a dozen. Good IT guys are hard to find.

 

[Twinbird24]

http://www.amazon.com/KeyLlama-4MB-PS-2-KeyLogger/dp/B00169TMRG

Oh okay, that's pretty cool.

 

[vnsmith]

that's really cool.

 

[jht27]

I've used Password Safe for years now. Small free program that keeps all your passwords safe, (encrypted), with a single password and in one file. It will also generate strong passwords and defeat keyloggers with copy and paste function for passwords. :good:

Jevery, keyloggers also log copy and paste.

 

[tlarkin]

If the library machines ran windows it doesn't surprise me they were easily hacked....

Also, there are l33t speak dictionaries now. So, using l33t speak for your passwords may not be such a good idea. However, combining l33t speak with other forms of creating a secure password is a great idea because it is easy to remember and adds special characters, symbols and numbers to your passwords.

after some searching I found an older post of mine that sort of explains this.

http://www.computerforum.com/148028-psa-how-create-secure-password.html

 

[jevery]

Jevery, keyloggers also log copy and paste.

Hmmm, I don't think the external, (inline), keylogger per my example would because the characters are not generated from the keyboard, but a software keylogger might have that ability. Something to think about.

 

[hyperfire]

I tend to just make a random set of letters, numbers and punctuation that is as long as i can remember, i try to use special characters but i don't like having my passwords saved on a computer. My Anti-virus program also has a virtual keyboard that, in theory, should allow me to stop keyloggers from obtaining my passwords.

 

[fastdude]

I tend to just make a random set of letters, numbers and punctuation that is as long as i can remember, i try to use special characters but i don't like having my passwords saved on a computer. My Anti-virus program also has a virtual keyboard that, in theory, should allow me to stop keyloggers from obtaining my passwords.

In theory. You can be keylogged via the internet or with software too, you know

 

[OverClocker]

thanks for the tip. I have only one password with all my email and banking account. bad bad idea. I tend to forget if i have more than 3.

 

[hyperfire]

In theory. You can be keylogged via the internet or with software too, you know

I know, that's why i put the in theory. I hardly ever use it, only if i'm entering something important. As for the whole internet thing, i use NoScript so i'm good there and hopefully my Anti-Virus software would pick up on a keylogger on my computer.

 

[tlarkin]

The idea is though, is to not install rogue or untrusted (or pirated even) software that when it installs roots your machine. Ideally, if software wants to install something, say a process (or service) that runs in the background and logs keystrokes, it should in theory require installation and authentication. This is where you see things like run as administrator starting to show up in Vista and Windows 7.

It isn't hard to take a largely piece of pirated software and embed some malicious software with in it, or develop a program that seems legit, but is actually malicious.

Always password protect your computer. If you are behind a router, you are most likely running NAT, which by design does not allow remote hosts to connect to your clients inside your subnet. Unless you forward certain protocol ports to certain machines, like ssh, telnet, ftp, and so forth. The idea of getting remotely dictionary or brute force attacked is probably pretty slim.

Just remember to use strong passwords you will not forget, do not install software you know nothing about or is not from a valid source or company, and keep all your security essentials up to date. Really, the weakest link is the user when you get down to most common denominator of security issues.

 

[chibicitiberiu]

Step 1: Download Ubuntu image from Ubuntu.com
2: burn the .iso image on a CD
3: restart the computer with the CD in your CD-ROM
4: When it boots, go into Applications and find GEDIT
5: Bang your head on the keyboard a couple of times
6: There you have your newly generated password. Copy and paste in the website or whatever.
7: Reboot back to windows.

Notepad in windows could do the job, but keyloggers can find out the pasword too.

No keylogger can find your new password, since Ubuntu is a different operating system. You can use a pen and a paper so you don't forget it, and you don't risk saving the file on your computer. Keyloggers cannot log what you write on paper in the real world.

 

[Twinbird24]

I found this website, it will flip letters for you, can be used to help create a stronger pɹoʍssɐd