Today my boss & me had to change some passwords from our main testing server. Since we got little time to decide and no way to write it down, we decided not to use an auto-generated password. Instead, we would build the passwords this way he taught me:
([Word1] combine [Word2]) [Number] [Non-alphanumeric characters]
Word1 and Word2 must be the same length and their length must be greater than 2 and non-alphanumeric characters are encouraged.
For instance, let me show what kind of password I could use for my next project (of course, this is not what I am using: don’t lose your time trying }:^).
- Rafael combine Vargas = RVaafrageals
- Number? Maybe a significant year for me: 1905.
- Non-alphanumeric characters? Let me use # (sharp).
Then we would get a strong password like this: “RVaafrageals1905#”. Don’t write it down in the PostIt (r) next to server!
Q&A
Why should we use this kind of password?
Because, very often, the combination of two words this way results into a passwords invulnerable to dictionary attacks and those evil guys using Hydra will have to wait for long time.
I am to lazy to do this by hand/I would like to create a bunch of passwords this way. Do you plan to release a script that makes our lives easier?
If I have a little free time next week, I will make a Bash script or Haskell function for this. Of course. In the meantime, stay tuned at this post.
P.S: If you use to write down your passwords in a piece of paper, you can write the components before you mix them while someone near you doesn’t know the algorithm. But I do not encourage this.
