Tag Archives: Brute Force

Password Security Tips

Failed Login Attempts Steven

Failed Login Attempts Steven

I don’t claim to be an expert in the field of passwords but I have always followed some basic rules. Rules which a few websites have found causes issues for their systems but more on that later. I was recently discussing passwords with a few people and they were moaning “These days you have to have capital letters, numbers and punctuation and more craziness, different passwords for each site and how do you even remember them all.” to which someone said “I used the same password for everything, a pets name (pronoun) and and a date near enough for them”, it was bizarre. Most agreed that they used a similar formula to the above, so Spot1966 or something. 

The similar formula being a Name or Word followed by a Date, usually Year, which makes it so easy to work out and should a system be compromised which has stored more information you could be in trouble, if they get your password and email its double dodo. This prompted me to write this article with my unique take on the matter.

The above image is the login attempts for my blog, I don’t know what time frame WordFence tracks if its weekly or monthly, but that’s with the login page being hidden, not standard, with captcha enabled and a hidden field. Without those steps it used to be 1,000s of attempts. Password Security is Important.

For the purpose of this article I’m going to assume your password is Password, and show you how to evolve this into something really hard to crack. I wouldn’t recommend using password by the way even with how hard we’ll make it to guess.

Custom Language

I work on a basic set of rules which makes up my own custom alphabet, which incorporates L33t Speak, Text Speak and Abbreviations (Ininitialisms), and mash them into a mnemonic or sorts. I don’t mix and match them as I go, I chose a set of rules and stick to them. Its hard to explain without telling you my exact combination so I’ll give you a character map of sorts, lets start with an alphabet.

Hacker Screen

Hacker Screen

L337 $p34k

A = 4 or @
B = 8 or 13
C = { or (
D = l) or I)
E = 3 or £
H = I-I or l-l (i or L)
I = ! or l (L)
K = I< or l<
M = lvl or /\/\
N = l\l or IV
O = 0 or ()
P = []o or 9
Q = O, or &
R = 12 or l2
S = 5 or $
T = 7 or -l-
V = \/
W = \/\/ or []v[]
X = >< or *

You’ll notice I have used Uppercase i and Lowercase L, or ) and }, other times I have provided 2 different options 4 and @ for A as an example. Choose 1 and stick to it, otherwise you’ll end up confused, and forget your own unbreakable password.  

Password can now be 9@$$VV012I) in full L33t speak or 9a$$w0rd in a sub-set, or P@$$wOrd, thats a capital P and Capital O, like I said pick and choose which letters you want to change, and use them every time. I would suggest 2 vowels and 6 consonants, so in Password I chose AOPS to change, so I would always change AOPS in other words too. 

One issue I had was, one website I used didn’t allow special characters as the first letter, so my password started with an $, it caused so many problems with half the website accepting and half not. The password were so complex not even the system accepted it heheh 😉

Initialisms

This is where the magic happens to take your password to Password 2.0, the next level. These are nearly unbreakable passwords, and they employ an old learning method called Mnemonics and Initialisms, that is a sentence shortened to an Initialism, you should be careful not to let your mnemonic/initialism become an acronym, you don’t want it pronounceable. 

I often chose a quote from a film or a poem, “A rose by any other name would smell as sweet.” for example. This would give you Arbaonwsas (Google this, its known, don’t use it) which is already a bad ass password (but maybe in some word lists), now lets L337 speak it to the next level. 

A rose by any other name would smell as sweet = Arbaonwsas = @rb@0nw$@$ = @12840IV\/\/$4$

Make it as complicated as you wish, you may have noticed I switched from @ to 4 for my letter A, that’s because I chose to use @ for Capital A and 4 for Lowercase a just to make it even harder. Remember your new alphabet, use it. 

Text Speak

You can throw a little Text Speak in too, I generally only use a few pieces, just to mix it up. If my Sentence or Quote has the words Are, You or says OK or similar, I will employ some text speak like:

Are = r
You = u
OK = k

You Talkin’ To Me ? You Talkin’ To Me? = Ut’2m?Ut’2m? = U7’2IvI?U7’2IvI?

Try your own, I always try to not choose something that’s massively popular and go for someone from a film or book I enjoyed and then L33t it, Text It and Mnemonic it up to the next level of unbreakable password. 

Hopefully this has been helpful, I have included some random words below to help you get the idea. 

Angel = @ng3l
Coconut = C0c0nu7
Steven = 573v3N
MobilePhone = M0b1139h0n3
Speaker = $p34ker
Laptop = L4pt0p
Mother = M07h3r
Sports = 5p0rt5
WordFence = W0rdF3nc4
Twitter = Tw177er
WordPress = VV0rd9r3ss
Computer = C0N\9u73r

Really make it as complicated as you wish, take a peak at Ashley Madison Password List and be sure you don’t use similar names.