On machines or systems where things are a bit sensitive, I sometimes thro= w in an alt-character. Something like these... Alt-157 =3D> =A5 Alt-154 =3D> =DC Alt-787 =3D> ‼ Hold down the Alt key, type "157" on the number pad, release the Alt key.= These characters don't fall within the character sets that most (any?) = brute-force password crackers check, therefore they will never be cracked= =2E = Test it to be sure it works through all methods that you'll be accessing = that system though! Sometimes, it's just not easy or possible to enter t= hose characters through some OS'en or terminal emulators. :) > = > From: Jeffrey Pyne > Date: 2003/05/14 Wed PM 02:32:32 EDT > To: "'plug-discuss@lists.plug.phoenix.az.us'" > Subject: RE: Passwords coming out of my ears > = > On Tuesday, May 13, 2003 10:41 PM, foodog wrote: > = > > For secure passwords, two suggestions to start with: 1, = > > learn to write in 1337 (Leet), 2, choose a passphrase = > > and misspell it in leet. Combine those techniques with = > > a host-specific prefix or suffix and you're on the road = > > to using good passwords. > = > I do something pretty similar to this. I take my base 37337 password (= e.g. > "I love pie." =3D=3D> "! 1Uv p!3."), and prepend the first character of= the > hostname or domain name in lowercase and postpend (?) the last characte= r of > the hostname or domain name in uppercase. So my password to www.hotmai= l.com > (if I had one) would be "h! 1Uv p!3.L", and my logon to appserver would= be > "a! 1Uv p!3.R". So, you would have a different password for every web = site > or host, but you'd really only have to remember one. > = > I used to feel good about this scheme until I read on l0phtcrack's site= : > = > "Consider that at one of the largest technology companies, where policy= > required that passwords exceed 8 characters, mix cases, and include num= bers > or symbols... = > = > * L0phtCrack obtained 18% of the passwords in 10 minutes = > * 90% of the passwords were recovered within 48 hours on a Pentium II/3= 00 = > * The Administrator and most Domain Admin passwords were cracked" > = > So what is a "good" password, really? Does anyone have an example of a= > password that would not be easily cracked by a tool such as l0phtcrack?= > = > ~Jeff > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > =