|
Finding a good master password |
Back to Overview |
A short password can be easily revealed by a brute-force attack, where the attacker tries every combination of letters until your password is found. The master password should have 8 letters at least, but our recommendation is 12 or more letters.
A single letter correponds to 6 bits, and a 8-letter password corresponds to 48 bits. Today it takes a very long time to test 2^48 passwords, but computers are getting faster. A password with 12 letters corresponds to 72 bits, which means, that you need 2^24 more time for a brute-force attack. If, for example, a 8-letter password can be cracked in one month, it would take over a million years to crack a 12-letter password.
OK, it is important to memorize the master password, but don't use words like "elephant" or "Madagaskar" or "Stevenson". The reason is, that all these words can be found in dictionaries. To avoid the long processing time of a brute-force attack, many hackers just use a dictionary of about 100,000 words instead of trillions of letter combinations. Such an attack is a matter of hours, and your password is revealed.
Be aware, that the attacker might have some knowledge about you. The attacker might know your family, or the attacker might know, what projects you are working on. Or the attacker might have stolen your computer and creates a dictionary of all words found at your hard disk. For this reason names and dates of friends, pets, family members and colleagues are a very bad idea to use as a master password.
Use all keys your keyboard has. Mix small and capital letters, use some digits and don't forget special characters.
Taking care of all these rules results in passwords like "It'snh,nhbu,auos". How to memorize such password monsters?
Your question is fully understood. But there are some tricks:
Find a sentence, which you can memorize very well. Then, abbreviate it. For example the sentence "Imagine there's no heaven, no hell below us, above us only sky" gives the monster password from above.
Maybe you know a route with all street names very well. For example your way to school or your way home from work. Take from any street the first and last letter, and for every turn left or turn right you choose a special character.
OK, if you like to use "normal" words, use them. But use at least three of them and combine them with special characters. Example: "Thus/quote_the-raven"
Do you have better tricks for strong passwords? Share them with us, we will include them with the next version of the program.