111

Creating Strong Passwords

111 diamonds

Logogogo.

  • 31,142
    Views, 31 today
  • 218 Comments
  • 16 Favorites
  • Flag / Report

Get Embed Code

Forum:
HTML:
Link:
avatar
PMC
Level 66 : High Grandmaster Crafter

Go here to reset your password



Recently, there has been an issue with passwords being compromised from third parties, and because many people use the same password for a multitude of services, their passwords on Planet Minecraft and other places was compromised as well. This danger to our member's accounts and their password security has resulted in the current need for a password reset on all members of the site. This tutorial is primarily designed to help you create a strong password that you can remember without the aid of software, though that will be included as well at the end.

First, before we work on making strong passwords, let's look at what makes a password strong. There are 3 things that make up strong passwords; length, complexity, and uniqueness. Lets take a look at these one at a time.

Length - Longer is better


Password length is very important. Most websites require that passwords be 8 characters or more now. One reason for that is because as computers get faster, it becomes easier to break people's passwords. Right now, it is possible to break every possible password of 8 characters or less on a Windows account in 6.5 hours. That may sound like a long time, but that would be like breaking the passwords of every Minecraft account that is 8 characters or less in 1 day. That is not just 6.5 hours to find each password, that time is finding all passwords that are 8 characters and having access to potentially millions of accounts. For this reason, having just a short 8 character password is not an option.

Complexity - The spice of life


The second property of a good password is complexity. Passwords are generally limited to the 95 printable characters on the keyboard, which is great, because that is a lot of options. Most people do not realize that there are actually 4 groups in that set of 95. You have 26 lower case letters (a-z), 26 uppercase letters (A-Z), 10 digits (0-9), and the remaining characters are the special characters and the space (!@#$%^&*-_=+`~<>?,./;':"[]{}|).
Most passwords suffer from the problem that characters from all 4 groups are not used in creating passwords. The password "password" for example, really only has 26 possible characters at each place, making it much easier to guess (there is lots of nasty maths involved in that which will not be shown here). Changing the password to include uppercase characters like "Password" is slightly more secure at 52 characters, and adding a number is even better at 62 with "Password1". The best passwords come from using all 4 groups to make a password that looks like gibberish, but is easy to remember, like "P4sSw0rd?!". Most people will be able to tell that it looks like the word 'password', but a computer will need to check all 95 characters at each place to get that password.

Uniqueness - You are unique


The last part in creating a strong password is uniqueness. The chances of creating a password that nobody has ever thought of are not generally good unless they are personal (include something about you in the password), but what is more important is that your passwords for 2 different services are not the same. What this means is that you will need to remember a large number of different passwords to different sites, which can be a pain, if you don't do it properly. Since we have covered what is needed for passwords, lets work on making one.

There are 2 different methods for making strong passwords that we will look at. The first will be creating a password that is very complex for security, and the second involves creating a very long password for security. Lets get to the password making.

Password of Infinite Complexity


To create a secure and unique password for every site that you will be able to remember, I will teach you the method that I use. First, you need to pick a word. This word should be a longer word (at least 8 characters, though more is better). For our example, we will use "minecraft" as our base word. "minecraft" is a terrible password because it is all lowercase, so lets make it stronger. For the next step, we are going to use awesome Haxor skillz to make the password look like gibberish to the computer while still being something that you can read.
First, let's add some capital letters to our password and change it. "mineCraFt" is a better password than before, but we need to change it even more.
The next step will be to replace some of the letters with numbers. The easiest way to do this is to pick numbers that look like the letter that they are replacing (0 for o, 3 for e, etc.). Our new password of "min3CraF7" looks much better, but we can do more.
Our last step for our base phrase is to add some special characters. This can be done similar to the numbers by picking things that look similar (replace o with (), i with ;, etc.), or not. We will do both and come up with a final starting chunk of "m!n3Cr@F7_".

Now that we have "m!n3Cr@Ft_", we can make this password unique (which is vital in case one of the accounts get's hacked). An easy way to make a password unique is to use something about the site that you are logging in to to remember the unique portion. For logging in to Planet Minecraft, we might use "PMC" to start with our unique bit, but use "FB" for FaceBook so that both passwords come out as "m!n3Cr@Ft_PMC" and "m!n3Cr@Ft_FB" respectively. It is even better if you make the password super long and use "m!n3Cr@Ft_Pl@||3tM(", which still looks like "Minecraft Planet MC".
Most people say that you should never write your password down, but for this it is only half true. The first part of your password ("m!n3Cr@Ft_") should be memorize and/or tattood directly on your brain. The rest of the password can be safely written down (for example just write planetminecraft.com -> Pl@||3tM(, facebook.com -> FB, etc.)

Long and Strong


Our second method for creating a strong password is to make it really long. While this may sound very difficult to remember, we are going to use a fun method to select random words. There is a password method called Diceware that uses rolling 5 dice to select words from a list. This list of words is publicly available, but that does not make the passwords weaker.
Essentially you will be making a 5 word (or longer) password that has 7776 possibly combinations for each word. This means that breaking your password, even if someone has the list, would take an insanely long time. To create a Diceware password, you will need at least 1 dice (5 is recommended for simplicity). Roll the dice until you have 25 numbers and write each number down as you roll.
When you have your list of numbers, group them into groups of 5 and then check the list given at http://world.std.com/~reinhold/beale.wordlist.asc for your number combination. This will give you 5 words to remember for your password. For example, if I rolled 51342, the word would be "rehab". Once I have picked my 5 words I can end up with something like "rehab m rein ascend mitts". While that looks like a terrible password, it takes 26+33 characters to break because of the lowercase letters and spaces. This means that there are 25 characters, each with 45 possible characters for a total of way too many possible passwords.
Remembering this type of password is a little different, and it may be harder to make it unique, so we will use the previous method of making the password unique by adding another word. If we add PMC to the end of that password for "rehab m rein ascend mitts PMC", it becomes even more secure. Remembering the 5 random words would probably be as difficult as remembering "m!n3Cr@Ft_", and so writing it down should follow the same rules, only write the unique portion of the password down.

Using Robots


Now that we have 2 shiny ways to make passwords that you can store in your brains, there is one last option for secure passwords. This option is getting robots to do it for you. What I mean by this is having software create and store passwords that are actual nonsense and mean nothing. These passwords are secure because they are meaningless, but they are not something that you will be able to remember and type. Creating strong passwords that you can remember is something that I consider more important, but using a piece of software like KeePass can help generate strong passwords if you are not worried about remembering them from one computer to another. There is proper information about those on their websites.

Remember, Long is strong, and Complex is best. Test the password that you come up with at http://www.passwordmeter.com/ and http://howsecureismypassword.net/ for a general look at how difficult it would be to crack without you telling someone what the password was.

If you have any questions, please ask your friendly SuperMods Zaralith the Destroyer or #BlameParil

Go here to reset your password

Tags:Article
Credit:Zaralith, Paril

More Blogs by PMCView All

Posted 2013-09-04 15:29:42
by PMC
Posted 2013-05-10 16:53:37
by PMC

Comments :

Join us to post comments.

1 - 50 of 218

PizzaPenguin_
Level 13
Journeyman Cake
June 24, 2014, 10:23 am

It says that My_Pa$$w0rd_1$_R3ally_G00d would take 88 nonillion years to crack.
gg

Thelegojedi123
Level 24
Expert Geek
February 16, 2014, 5:59 am

I think I got it...My new password is qwerty.
THANKS! :D

Hakno
Level 24
Expert Pixel Painter
April 25, 2014, 1:34 pm

So happy with my new password, 1234! I'll always use "remember my password" from now on so i don't forget it!

Tooper_Man
Level 20
Expert Mage
December 31, 2013, 3:55 pm

It would take 5 sextillion years to crack my password, and it only has letters :P

Destroyer256
Level 29
Expert Modder
May 31, 2014, 12:49 pm

If a hacker has access to the PMC database, he could read it. Cracked in a few minutes...

Tooper_Man
Level 20
Expert Mage
December 31, 2013, 3:59 pm

Also copy and pasted one of my blogs an it said it would take infinite years :D

Jiloacom
Level 16
Journeyman Scribe
December 31, 2013, 1:20 pm

m1n3cr@f7_PMC would take around 6 million years I think it said.

Blackbelt11
Level 2
Apprentice Explorer
June 20, 2014, 11:40 am

26 million years.

TheOfficialNano
Level 58
Grandmaster Wolf
November 22, 2013, 8:59 am

2 billion years :/

SwedenCoders
Level 1
New Miner
November 16, 2013, 9:01 am

It would take a pro hacker to take 100 years before he has my account

zonduke
Level 1
New Explorer
November 6, 2013, 4:15 pm

It would take 30 years to crack my code.

DanielPlaysMCAVS
Level 12
Journeyman Dragon
November 6, 2013, 11:31 am

A kid will NEVER break my password.

DanielPlaysMCAVS
Level 12
Journeyman Dragon
November 6, 2013, 11:29 am

My passwordwould take 3 years to break.

TerraLaborro
Level 1
New Explorer
November 3, 2013, 4:40 am

My usual approach to passwords (i.e. I already knew it was crap) said it would take 39 days to crack. My updated approach would take 25,000 years to crack. Change is good lol.

Mister_Fix
Level 31
Artisan Electrician
November 1, 2013, 8:34 am

***DEAR READERS OF THIS BLOG POST***
Why do we care how strong your password is???? ._.

Jiloacom
Level 16
Journeyman Scribe
December 31, 2013, 1:21 pm

Oh, you'll care when your banking account is hacked.

Mister_Fix
Level 31
Artisan Electrician
December 31, 2013, 1:36 pm

No like, people are posting comments about how strong their password is, totally useless info.

Jiloacom
Level 16
Journeyman Scribe
December 31, 2013, 1:40 pm

Okay, I get it now.

Ex Editor
Level 2
Apprentice Crafter
October 2, 2013, 12:10 am

"Make "incorrect" your password so when you forgot your password, the internet will tell you "Your password is incorrect"

Hahahha. Had anyone ever done this?

RustyTurkeyBrain
Level 27
Expert Electrician
September 22, 2013, 11:05 am

My password would take 39 days xD

lone_warlock
Level 1
New Explorer
September 30, 2013, 2:26 am

How cute. Mine would take 4 years to crack.

ConnorW
Level 2
Apprentice Modder
June 20, 2014, 11:50 pm

Ha, cute. Mine would take 1 billion years to crack.

PizzaPenguin_
Level 13
Journeyman Cake
June 24, 2014, 10:26 am

How cute. Mine would take 802 vigintillion years to crack. Don't know exactly what that means, but it sure sounds like a lot.

RustyTurkeyBrain
Level 27
Expert Electrician
September 30, 2013, 6:41 am

There seems to have been a misunderstanding. I was emphasizing how weak mine is, and you're just rude.

Willgiscool
Level 3
Apprentice Explorer
September 11, 2013, 4:17 pm

it would take about 3 hours to find out my password

RustyTurkeyBrain
Level 27
Expert Electrician
September 22, 2013, 11:05 am

That's really, really bad. :/

Maggie Makes Skins
Level 14
Journeyman Pony
October 5, 2013, 11:09 am

If you knew me personally, you could guess my password in 3 seconds flat xD

RustyTurkeyBrain
Level 27
Expert Electrician
October 5, 2013, 11:50 am

Is it your second name?

Maggie Makes Skins
Level 14
Journeyman Pony
October 5, 2013, 12:38 pm

No, it's the title of my favorite song which I'm not gonna say (;

Javi_San_Power
Level 38
Artisan Blockhead
September 11, 2013, 1:36 pm

For my passwords I open up notepad and bang on my keyboard randomly and BAM theres my new password then I copy and paste it and save it, anyone else do this ?

Snail_Forever
Level 1
New Explorer
September 8, 2013, 11:56 am

One thing that has worked for me is thinking of the title of a game, book, TV series, etc. that is long and then replacing all the vocals with numbers.

For example let's say I like the Hunger Games so my password could be something like
#hUng3rg4m3s#

(Not my actual password BTW XD)

Scyrous
Level 1
New Miner
September 6, 2013, 11:44 pm

I think ''TheClockThatTicks'' is a pretty good password right? I use it for all my accounts and I never got hacked.

I was obviously joking, never tell your password to anyone.

ElEcTrIkWoLf476
Level 23
Expert Dragonborn
September 6, 2013, 1:43 pm

The reason why that site says so-so trillion years to crack is because it glitches out when you type a sentence as password

MineCraftatron85
Level 34
Artisan Steve
September 5, 2013, 6:15 pm

Some idiot was on a server saying: "Type 'pass=(your password)' and get diamonds. Luckily and hopefully nobody was dumb enough.

logan10598
Level 44
Master Taco
September 8, 2013, 11:17 am

lul

abcdefgih9
Level 46
Master Enderdragon
September 5, 2013, 9:10 am

This is a really good guide for people who have bad passwords or have been hacked.

ctowncrafter
Level 18
Journeyman Spleefer
September 5, 2013, 6:02 am

in 2012, the 2 most common passwords were, password and 123456... people really?

PocketChaser
Level 8
Apprentice Engineer
September 5, 2013, 3:53 am

I Just Calculated My Password Cracker's Working Time To Crack My New Password:

It Said 99x99x99x99x99 Billion Years.

Im Like *MidFing* JOKE

But It Seriously Did It. XD

Thanks For The Blog Post!

KJ_BuildingTeam
Level 24
Expert Geek
August 13, 2013, 4:01 am

What is the max charcher limit on PMC?

zombspider
Level 1
New Network
July 31, 2013, 4:13 pm

Alright no one could ever guess my password.... its bubble.... OH SH** damn! Gawd Im stupid

Ririguy7
Level 8
Apprentice Archer
July 26, 2013, 8:04 am

Lol it said "It would take a desktop PC about Infinity years to crack your password" Ohh yeah

MasterofBananaz
Level 52
Grandmaster Programmer
July 10, 2013, 3:22 pm

The best passwords are sentences.
Would anyone try to guess this as a password:
"I like to play the piano while eating hot dogs." Would they? It is extremely long and easy to memorize.

IceCream_Sundae
Level 22
Expert Lumberjack
June 26, 2013, 1:39 pm

Computers actually try long confusing passwords like Awz21@rPQrs.. A string of words like this: theyellowcanary is harder for a computer to crack (I mean this for computer hacking systems, not if a real person is trying out passwords (noob)) because they cannot tell there are words in there... I'm not saying long, weird ones with symbols, lower and upper case ones don't work, just that long, easy-to-remember but still complicated are good too!

elli3ds
Level 1
New Network
May 30, 2013, 11:42 am

PopTartNyanCatRemix(REMIX)1001,,100.1U377EJJuw88.---w-_-_-_-]][[///i]

RobCo
Level 2
Apprentice Explorer
May 27, 2013, 7:39 am

Actually, a long password is better than a short, complicated one...
Relevent KXCD:Ã http://xkcd.com/936/

schockie
Level 1
New Miner
May 14, 2013, 9:30 am

wtf is this for a fail hax language

LattyJohn
Level 35
Artisan Modder
May 11, 2013, 7:36 am

lol anyone else see anonymous?

Never_Say_Nether
Level 11
Journeyman Dolphin
June 1, 2013, 10:06 am

By Anonymous, you mean the mask which represents Guy Fawkes?

IceCream_Sundae
Level 22
Expert Lumberjack
June 26, 2013, 1:40 pm

I can't resist...

Remember, remember, the 5th of November,
The gunpowder treason & plot,
I know of no reason,
Why the gunpowder treason,
Should ever be forgot.

ElEcTrIkWoLf476
Level 23
Expert Dragonborn
September 6, 2013, 1:35 pm

A wild piece of 5h!7horror story appeared

IceCream_Sundae
Level 22
Expert Lumberjack
September 8, 2013, 3:12 pm

You know your memory is fried when you were about to respond to the post above, then see that you wrote it yourself (you/your being me)...

ElEcTrIkWoLf476
Level 23
Expert Dragonborn
September 8, 2013, 4:59 pm

lelelelele

Smasher200
Level 42
Master Grump
May 10, 2013, 6:00 pm

It would take 12 trillion years to crack my password on a desktop. I don't think I'm safe enough.

DMB2121
Level 41
Master Narwhal
June 13, 2013, 12:37 pm

Challenge excepted. JK xD

MicroBloc
Level 3
Apprentice Miner
April 4, 2013, 6:37 am

ANONYMOUS[size=10pt]? [/size]

doom_w0lf
Level 9
Apprentice Cake
April 3, 2013, 6:29 pm

48 quintillion years to crack the alphabet :P

maddfree80
Level 3
Apprentice Network
March 16, 2013, 8:20 am

well my password is less then 8. but if the sight does the "it needs to be 8 or more" I add 2 different numbers at the end. like lets say my password is "password" (but its 6 letters not 8) and the sight goes you have to have 8 letters blah blah blah. I add "22" at the end and that's how I get through it.

_Nemesi5_
Level 14
Journeyman Pokemon
March 12, 2013, 1:44 pm

[center][size=36px]32 sextillion years to find out my password[/size][/center]

evanto90
Level 3
Apprentice Modder
April 3, 2013, 12:48 pm

Might not want to put your password in that website...... they can record them.

Smasher200
Level 42
Master Grump
June 13, 2013, 2:13 pm

How do you know?

JamesTheAwesomeDude
Level 23
Expert Farmer
March 3, 2013, 7:59 pm

As for password storage, particularly for randomly generated (aka "spam" passwords,) most (if not all) major browsers offer some sort of synchronization service that syncs passwords.

Firefox has Firefox Sync. Allows you to choose what gets synced, and what goes to which computer. All info is encrypted in storage on the Mozilla servers, and during transfer to/from your devices.

Chrome has "Chome Sync" or something like that. Same everything as Firefox sync, plus you can also sync with Chromium (which, if you're an open-source nut like me, you have.)

Opera has something, but since I don't use it, I can't remember what. I think it has something, however.

MYRYX
Level 24
Expert Caveman
February 9, 2013, 5:49 am

ok?!!

RedstoneCreeper100
Level 1
New Crafter
January 9, 2013, 2:18 am

(17 char password)
Gets me 100% on passwordmeter and 39,000,000,000,000 years in howsecureismypassword.net.

UltimateRecursion
Level 43
Master Blob
January 21, 2013, 7:24 pm

But divert every CPU core, every RAM module, every.... cooling system -. - .... on Earth to cracking your password, then:

Maybe 8.9 billion years.

Raichu_613
Level 30
Artisan Pokemon
May 12, 2013, 10:41 am

:D

fakyar
Level 1
New Miner
January 3, 2013, 10:48 pm

Guys because of this ... I can't get my account back for 3 days... Whenever I send to reset password (cuz I forgot it) It says that is SUCCESSFULLY send it, but I don't receive anything in email. I receive all passwords are 9AM my time (gmt+1) and they all already expired, I'm making even a youtube video to show you guys. I also sent email to board administrator (but ofc no answer)

sigurd4
Level 58
Grandmaster Toast
January 7, 2013, 5:17 am

you dont need to reset your password, its just recommanded. when logging in you can choose a option to stop that notification from appearing (opt out). when you click that, pmc will ask for your username and e-mail adress. type in both and you can sucsessfully log in!
:)

sigurd4
Level 58
Grandmaster Toast
January 7, 2013, 5:18 am

oh nevermind just click this link: [color=rgb(37,37,37)]http://www.planetminecraft.com/activateoriginalpassword/[/color]

Cold
Level 17
Journeyman Pirate
January 2, 2013, 5:26 pm

Just no....

ihascake11224
Level 1
New Miner
January 2, 2013, 3:41 pm

WHAT THE HECK! This is the worst idea EVER!!! I had to stick to my old password because I COULD NOT EVEN REMEMBER!!! i DON'T THINK THEY NEED TO BE THIS HARD. Like really think we should have the freedom to pick our password as long as its something personal. I mean, really, Why can't we decide our password? I mean, I don't wanna be rude, but i don't like this idea. my NEW password was a bunch of random numbers and letters. Can't you atleast think about doing passwords like "Ilikegrandma'scookies" or something. like, i just think thay could atleast be more simple! please atleast fix that! I mean, my point is, please make the passwords more simple. just a little?

SoulStealer
Retired Moderator
Level 26
Expert Toast
January 2, 2013, 8:36 pm

You can "[size=10pt]Opt Out[/size]" you know?

http://www.planetminecraft.com/activateoriginalpassword/

ihascake11224
Level 1
New Miner
January 6, 2013, 4:53 pm

I kept my old password...

1 - 50 of 218