Hidden wifi hacking machine experience
There are always problems with passwords. How complex should it be? How long does it need to be? You have a lot of accounts and you definitely cannot remember all the unique passwords you set for them. Plus, you need to change passwords every 3-6 months, it is crazy. So let’s look at what can be done to properly manage your passwords.
Let’s create a sample password. Start with a capital letter. Let it be small no more than 8-10 char. Use a simple word connected to you, like your dog’s name. The last two char should be a number with increment at every password change. Bam! That’s actually the most used password by people in a company.
Nice huh? The funny thing is that people won’t increment by 2 or 3, they won’t decrement the numbers at the end. Just i++ ;)
Eg: Fluffy12 becomes Fluffy13
That is not too secure. Let’s make this bigger, more complex, and remember it. What if we don’t use words… but sentences? Like:
Sun Is Shining Pretty Good Today
Let’s add some number between words:
Sun 12 Is 12 Shining 12 Pretty 12 Good 12 Today 12
Wow that is big and hard to brute force but easy to remember. If we know another language we can switch a word. Like Good is Spanish: buena DECREMENTING the numbers and we got:
Sun 12 Is 11 Shining 10 Pretty 9 Buena 8 Today 7
Sure if someone knows the algorithm then you will have some problems, but this is a good start. Don’t worry, it will be fast to type. Now let’s take a look at password managers of each type. Remember there are many more.
A much better thing to do is to use a password manager. They generate passwords for you, they remember it you need just to copy paste them. I usually separate 3 types of password managers.
These type of password managers don’t store passwords anywhere. They will generate the same password from the same input. They are the most secure ones in my opinion. The only problem is that for every password you need to remember different things. There is no error message, the password will be generated you need to try it to tell if you generated the right password or not.
These type of password managers stores the passwords locally in an encrypted file The good side is that you only need to remember one thing i.e the master password. You do not depend on the vendor’s servers. The bad side is that you need to have the password file/database with you every time you need it. They can be stolen and brute forced so you need to have a strong password encryption for them. If you lose the file or the hardware dies and you don’t have backup then you lost all your passwords FOREVER!
Same as the local storage ones but the company providing the software/application will store your password. Good side is that you will not need to access the password file with you every time. You can have your password every time everywhere. The bad side is that the company may be able to see your passwords. You depend on their servers and availability to have your password back. If they have a breach then you can be a part of that breach too.
This application is mostly in category 1 with “No Storage”. It will not store password anywhere. You can generate it on the fly everywhere anywhere. Let’s take a look:
You can download the app for IOS Android.. now I will just use the web. They ask for identity. You can enter anything, but remember them. This is how this app generates the pass for you. I entered: strik1r strik1r and used v3.
On the next page you can enter which site/app you want a password for like: google, facebook, wifi. Then the type of the password and the number of iterations. If you entered the same as me you should see the same result.
If everything’s the same: username pass version sitename iteration passtype then the generated password will be the same.
Keepas is an open source free password manager which stores the password in your local filesystem. It needs only a master password or a keyfile. It has a lot of unofficial ports including android and iphone ones.
Looks and feels like a database manager app. Because it is basically that. Works great as it should.
Password Level: Totally Paranoid
Ok so password managers are really good and makes our life easier. But we want to get more secure. We don’t want to instantly lose access in case out password manager is compromised.
First thing we can do, is to add a little something to the password generated by the password manager. Kinda like salting. There are a lot of ways to extend the password. The easiest is to add the site name after the password. For example masterpassword using str1ker like above will get the password rexc pef rinkime gog for google. Adding a little extra, this case the site name and I have the password :rexc pef rinkime gog google or google rexc pef rinkime gog You can add sitename or username or your little pasword too. Same with every type of password manager.
This is a good concept. Use two or more password manager to create one password. By that I mean something like create the first half of the password with master password, the second with Keepass. Basically the “salt” will be generated with another password manager. Although this is a really good and secure option, this can be complex and have multiple points of failure. Let’s see: Generate a password with masterpassword: rexc pef rinkime gog
Password generated with Keepass: X*SqDJAq>9HR
Final result: XSqDJAq>9HRrexc pef rinkime gog OR rexc pef rinkime gogXSqDJAq>9HR
What if we make it a little bit easier and generate a password to log in to the other password manager which will create the password for the desired site? That would basically reduce the complexity level. We would basically use one password manager at the end.
We are so obsessed with passwords. We are creating apps to manage them, creating devices for double factor authentication. What about usernames? Most people will find one or two username and that is it. It is much easier to find someone when the person uses the same username on every page. What can we do?
In case you use a good password manager, then you can simply generate a random username for different sites. We don’t need to remember them. Let’s See for example Master Password. We can use the site’s name to generate username. Let’s enter with the credentials above. Using googleu as sitename and Basic for the type, it will generate SNq48HFm. This will be my password. googlep and type phrase will give my password: ne holca caq hufejva In case it is too complicated, we can always use an online generator like
The best way, is to use someone else’s username. Just get a lot of common usernames and use a random generator to select one for different websites. Or better. Most username is a first name first letter + last name. Like John Anderson will be janderson. Bumm easy. So let’s grab every common first name and every common lastname and pair the first letter of the first names with the last names and we are done.( btw for the first letters, use the English alphabet…)