Minecraft Blogs / Article

Creating Strong Passwords

  • 39,462 views, 3 today
  • 128
  • 29
  • 219
PMC's Avatar PMC
Support
Level 100 : Transcendent Cake
24,557

Go here to reset your password



Recently, there has been an issue with passwords being compromised from third parties, and because many people use the same password for a multitude of services, their passwords on Planet Minecraft and other places was compromised as well. This danger to our member's accounts and their password security has resulted in the current need for a password reset on all members of the site. This tutorial is primarily designed to help you create a strong password that you can remember without the aid of software, though that will be included as well at the end.

First, before we work on making strong passwords, let's look at what makes a password strong. There are 3 things that make up strong passwords; length, complexity, and uniqueness. Lets take a look at these one at a time.

Length - Longer is better


Password length is very important. Most websites require that passwords be 8 characters or more now. One reason for that is because as computers get faster, it becomes easier to break people's passwords. Right now, it is possible to break every possible password of 8 characters or less on a Windows account in 6.5 hours. That may sound like a long time, but that would be like breaking the passwords of every Minecraft account that is 8 characters or less in 1 day. That is not just 6.5 hours to find each password, that time is finding all passwords that are 8 characters and having access to potentially millions of accounts. For this reason, having just a short 8 character password is not an option.

Complexity - The spice of life


The second property of a good password is complexity. Passwords are generally limited to the 95 printable characters on the keyboard, which is great, because that is a lot of options. Most people do not realize that there are actually 4 groups in that set of 95. You have 26 lower case letters (a-z), 26 uppercase letters (A-Z), 10 digits (0-9), and the remaining characters are the special characters and the space (!@#$%^&*-_=+`~<>?,./;':"[]{}|).
Most passwords suffer from the problem that characters from all 4 groups are not used in creating passwords. The password "password" for example, really only has 26 possible characters at each place, making it much easier to guess (there is lots of nasty maths involved in that which will not be shown here). Changing the password to include uppercase characters like "Password" is slightly more secure at 52 characters, and adding a number is even better at 62 with "Password1". The best passwords come from using all 4 groups to make a password that looks like gibberish, but is easy to remember, like "P4sSw0rd?!". Most people will be able to tell that it looks like the word 'password', but a computer will need to check all 95 characters at each place to get that password.

Uniqueness - You are unique


The last part in creating a strong password is uniqueness. The chances of creating a password that nobody has ever thought of are not generally good unless they are personal (include something about you in the password), but what is more important is that your passwords for 2 different services are not the same. What this means is that you will need to remember a large number of different passwords to different sites, which can be a pain, if you don't do it properly. Since we have covered what is needed for passwords, lets work on making one.

There are 2 different methods for making strong passwords that we will look at. The first will be creating a password that is very complex for security, and the second involves creating a very long password for security. Lets get to the password making.

Password of Infinite Complexity


To create a secure and unique password for every site that you will be able to remember, I will teach you the method that I use. First, you need to pick a word. This word should be a longer word (at least 8 characters, though more is better). For our example, we will use "minecraft" as our base word. "minecraft" is a terrible password because it is all lowercase, so lets make it stronger. For the next step, we are going to use awesome Haxor skillz to make the password look like gibberish to the computer while still being something that you can read.
First, let's add some capital letters to our password and change it. "mineCraFt" is a better password than before, but we need to change it even more.
The next step will be to replace some of the letters with numbers. The easiest way to do this is to pick numbers that look like the letter that they are replacing (0 for o, 3 for e, etc.). Our new password of "min3CraF7" looks much better, but we can do more.
Our last step for our base phrase is to add some special characters. This can be done similar to the numbers by picking things that look similar (replace o with (), i with ;, etc.), or not. We will do both and come up with a final starting chunk of "m!n3Cr@F7_".

Now that we have "m!n3Cr@Ft_", we can make this password unique (which is vital in case one of the accounts get's hacked). An easy way to make a password unique is to use something about the site that you are logging in to to remember the unique portion. For logging in to Planet Minecraft, we might use "PMC" to start with our unique bit, but use "FB" for FaceBook so that both passwords come out as "m!n3Cr@Ft_PMC" and "m!n3Cr@Ft_FB" respectively. It is even better if you make the password super long and use "m!n3Cr@Ft_Pl@||3tM(", which still looks like "Minecraft Planet MC".
Most people say that you should never write your password down, but for this it is only half true. The first part of your password ("m!n3Cr@Ft_") should be memorize and/or tattood directly on your brain. The rest of the password can be safely written down (for example just write planetminecraft.com -> Pl@||3tM(, facebook.com -> FB, etc.)

Long and Strong


Our second method for creating a strong password is to make it really long. While this may sound very difficult to remember, we are going to use a fun method to select random words. There is a password method called Diceware that uses rolling 5 dice to select words from a list. This list of words is publicly available, but that does not make the passwords weaker.
Essentially you will be making a 5 word (or longer) password that has 7776 possibly combinations for each word. This means that breaking your password, even if someone has the list, would take an insanely long time. To create a Diceware password, you will need at least 1 dice (5 is recommended for simplicity). Roll the dice until you have 25 numbers and write each number down as you roll.
When you have your list of numbers, group them into groups of 5 and then check the list given at world.std.com/~reinhold/beale.wordlist.asc for your number combination. This will give you 5 words to remember for your password. For example, if I rolled 51342, the word would be "rehab". Once I have picked my 5 words I can end up with something like "rehab m rein ascend mitts". While that looks like a terrible password, it takes 26+33 characters to break because of the lowercase letters and spaces. This means that there are 25 characters, each with 45 possible characters for a total of way too many possible passwords.
Remembering this type of password is a little different, and it may be harder to make it unique, so we will use the previous method of making the password unique by adding another word. If we add PMC to the end of that password for "rehab m rein ascend mitts PMC", it becomes even more secure. Remembering the 5 random words would probably be as difficult as remembering "m!n3Cr@Ft_", and so writing it down should follow the same rules, only write the unique portion of the password down.

Using Robots


Now that we have 2 shiny ways to make passwords that you can store in your brains, there is one last option for secure passwords. This option is getting robots to do it for you. What I mean by this is having software create and store passwords that are actual nonsense and mean nothing. These passwords are secure because they are meaningless, but they are not something that you will be able to remember and type. Creating strong passwords that you can remember is something that I consider more important, but using a piece of software like KeePass can help generate strong passwords if you are not worried about remembering them from one computer to another. There is proper information about those on their websites.

Remember, Long is strong, and Complex is best. Test the password that you come up with at http://www.passwordmeter.com/ and http://howsecureismypassword.net/ for a general look at how difficult it would be to crack without you telling someone what the password was.

If you have any questions, please ask your friendly SuperMods Zaralith the Destroyer or #BlameParil

Go here to reset your password

CreditZaralith, Paril
Tags

Create an account or sign in to comment.

1
01/24/2015 5:34 am
Level 66 : High Grandmaster Programmer
RomejanicDev
RomejanicDev's Avatar
My password is so dope, all I have to do is slide my finger on the keyboard from a to enter, and voila!
1
09/07/2014 10:13 am
Level 21 : Expert Pony
RageLokiCat
RageLokiCat's Avatar
This post makes me sad for this reason: xkcd.com/936

You're teaching everyone completely wrong, because the computer doesn't know to just test for letters, or letters and numbers, or whatever it is you have in your pass.
1
06/24/2014 2:23 pm
Level 30 : Artisan Architect
PizzaPenguin_
PizzaPenguin_'s Avatar
It says that My_Pa$$w0rd_1$_R3ally_G00d would take 88 nonillion years to crack.
gg
1
02/16/2014 10:59 am
Level 32 : Artisan Geek
Thelegojedi123
Thelegojedi123's Avatar
I think I got it...My new password is qwerty.
THANKS! :D
1
04/25/2014 5:34 pm
Level 56 : Grandmaster Meme
Hakno
Hakno's Avatar
So happy with my new password, 1234! I'll always use "remember my password" from now on so i don't forget it!
1
12/31/2013 8:55 pm
Level 28 : Expert Mage
Tooper_Man
Tooper_Man's Avatar
It would take 5 sextillion years to crack my password, and it only has letters :P
1
05/31/2014 4:49 pm
Level 48 : Master Dragon
Iizvullok
Iizvullok's Avatar
If a hacker has access to the PMC database, he could read it. Cracked in a few minutes...
1
12/31/2013 8:59 pm
Level 28 : Expert Mage
Tooper_Man
Tooper_Man's Avatar
Also copy and pasted one of my blogs an it said it would take infinite years :D
1
12/31/2013 6:20 pm
Level 19 : Journeyman Scribe
Jiloacom
Jiloacom's Avatar
m1n3cr@f7_PMC would take around 6 million years I think it said.
1
06/20/2014 3:40 pm
Level 4 : Apprentice Explorer
Blackbelt11
Blackbelt11's Avatar
26 million years.
Planet Minecraft

Website

© 2010 - 2024
www.planetminecraft.com

Welcome