Minecraft / Blogs

Creating Strong Passwords



Get Embed Codes

Level 71 : Legendary Crafter

Go here to reset your password

Recently, there has been an issue with passwords being compromised from third parties, and because many people use the same password for a multitude of services, their passwords on Planet Minecraft and other places was compromised as well. This danger to our member's accounts and their password security has resulted in the current need for a password reset on all members of the site. This tutorial is primarily designed to help you create a strong password that you can remember without the aid of software, though that will be included as well at the end.

First, before we work on making strong passwords, let's look at what makes a password strong. There are 3 things that make up strong passwords; length, complexity, and uniqueness. Lets take a look at these one at a time.

Length - Longer is better

Password length is very important. Most websites require that passwords be 8 characters or more now. One reason for that is because as computers get faster, it becomes easier to break people's passwords. Right now, it is possible to break every possible password of 8 characters or less on a Windows account in 6.5 hours. That may sound like a long time, but that would be like breaking the passwords of every Minecraft account that is 8 characters or less in 1 day. That is not just 6.5 hours to find each password, that time is finding all passwords that are 8 characters and having access to potentially millions of accounts. For this reason, having just a short 8 character password is not an option.

Complexity - The spice of life

The second property of a good password is complexity. Passwords are generally limited to the 95 printable characters on the keyboard, which is great, because that is a lot of options. Most people do not realize that there are actually 4 groups in that set of 95. You have 26 lower case letters (a-z), 26 uppercase letters (A-Z), 10 digits (0-9), and the remaining characters are the special characters and the space ([email protected]#$%^&*-_=+`~<>?,./;':"[]{}|).
Most passwords suffer from the problem that characters from all 4 groups are not used in creating passwords. The password "password" for example, really only has 26 possible characters at each place, making it much easier to guess (there is lots of nasty maths involved in that which will not be shown here). Changing the password to include uppercase characters like "Password" is slightly more secure at 52 characters, and adding a number is even better at 62 with "Password1". The best passwords come from using all 4 groups to make a password that looks like gibberish, but is easy to remember, like "P4sSw0rd?!". Most people will be able to tell that it looks like the word 'password', but a computer will need to check all 95 characters at each place to get that password.

Uniqueness - You are unique

The last part in creating a strong password is uniqueness. The chances of creating a password that nobody has ever thought of are not generally good unless they are personal (include something about you in the password), but what is more important is that your passwords for 2 different services are not the same. What this means is that you will need to remember a large number of different passwords to different sites, which can be a pain, if you don't do it properly. Since we have covered what is needed for passwords, lets work on making one.

There are 2 different methods for making strong passwords that we will look at. The first will be creating a password that is very complex for security, and the second involves creating a very long password for security. Lets get to the password making.

Password of Infinite Complexity

To create a secure and unique password for every site that you will be able to remember, I will teach you the method that I use. First, you need to pick a word. This word should be a longer word (at least 8 characters, though more is better). For our example, we will use "minecraft" as our base word. "minecraft" is a terrible password because it is all lowercase, so lets make it stronger. For the next step, we are going to use awesome Haxor skillz to make the password look like gibberish to the computer while still being something that you can read.
First, let's add some capital letters to our password and change it. "mineCraFt" is a better password than before, but we need to change it even more.
The next step will be to replace some of the letters with numbers. The easiest way to do this is to pick numbers that look like the letter that they are replacing (0 for o, 3 for e, etc.). Our new password of "min3CraF7" looks much better, but we can do more.
Our last step for our base phrase is to add some special characters. This can be done similar to the numbers by picking things that look similar (replace o with (), i with ;, etc.), or not. We will do both and come up with a final starting chunk of "[email protected]_".

Now that we have "[email protected]_", we can make this password unique (which is vital in case one of the accounts get's hacked). An easy way to make a password unique is to use something about the site that you are logging in to to remember the unique portion. For logging in to Planet Minecraft, we might use "PMC" to start with our unique bit, but use "FB" for FaceBook so that both passwords come out as "[email protected]_PMC" and "[email protected]_FB" respectively. It is even better if you make the password super long and use "[email protected][email protected]||3tM(", which still looks like "Minecraft Planet MC".
Most people say that you should never write your password down, but for this it is only half true. The first part of your password ("[email protected]_") should be memorize and/or tattood directly on your brain. The rest of the password can be safely written down (for example just write planetminecraft.com -> [email protected]||3tM(, facebook.com -> FB, etc.)

Long and Strong

Our second method for creating a strong password is to make it really long. While this may sound very difficult to remember, we are going to use a fun method to select random words. There is a password method called Diceware that uses rolling 5 dice to select words from a list. This list of words is publicly available, but that does not make the passwords weaker.
Essentially you will be making a 5 word (or longer) password that has 7776 possibly combinations for each word. This means that breaking your password, even if someone has the list, would take an insanely long time. To create a Diceware password, you will need at least 1 dice (5 is recommended for simplicity). Roll the dice until you have 25 numbers and write each number down as you roll.
When you have your list of numbers, group them into groups of 5 and then check the list given at world.std.com/~reinhold/beale.wordlist.asc for your number combination. This will give you 5 words to remember for your password. For example, if I rolled 51342, the word would be "rehab". Once I have picked my 5 words I can end up with something like "rehab m rein ascend mitts". While that looks like a terrible password, it takes 26+33 characters to break because of the lowercase letters and spaces. This means that there are 25 characters, each with 45 possible characters for a total of way too many possible passwords.
Remembering this type of password is a little different, and it may be harder to make it unique, so we will use the previous method of making the password unique by adding another word. If we add PMC to the end of that password for "rehab m rein ascend mitts PMC", it becomes even more secure. Remembering the 5 random words would probably be as difficult as remembering "[email protected]_", and so writing it down should follow the same rules, only write the unique portion of the password down.

Using Robots

Now that we have 2 shiny ways to make passwords that you can store in your brains, there is one last option for secure passwords. This option is getting robots to do it for you. What I mean by this is having software create and store passwords that are actual nonsense and mean nothing. These passwords are secure because they are meaningless, but they are not something that you will be able to remember and type. Creating strong passwords that you can remember is something that I consider more important, but using a piece of software like KeePass can help generate strong passwords if you are not worried about remembering them from one computer to another. There is proper information about those on their websites.

Remember, Long is strong, and Complex is best. Test the password that you come up with at http://www.passwordmeter.com/ and http://howsecureismypassword.net/ for a general look at how difficult it would be to crack without you telling someone what the password was.

If you have any questions, please ask your friendly SuperMods Zaralith the Destroyer or #BlameParil

Go here to reset your password

Credit:Zaralith, Paril

Comments : 220

Join us to post comments.

Show Comments

1 - 50 of 220

  • RomejanicDev
  • Level 63
  • High Grandmaster Programmer
  • January 24, 2015, 12:34 am
My password is so dope, all I have to do is slide my finger on the keyboard from a to enter, and voila!
  • RageLokiCat
  • Level 17
  • Journeyman Pony
  • September 7, 2014, 6:13 am
This post makes me sad for this reason: xkcd.com/936

You're teaching everyone completely wrong, because the computer doesn't know to just test for letters, or letters and numbers, or whatever it is you have in your pass.
It says that My_Pa$$w0rd_1$_R3ally_G00d would take 88 nonillion years to crack.
I think I got it...My new password is qwerty.
  • Hakno
  • Level 46
  • Master Architect
  • April 25, 2014, 1:34 pm
So happy with my new password, 1234! I'll always use "remember my password" from now on so i don't forget it!
  • Tooper_Man
  • Level 25
  • Expert Mage
  • December 31, 2013, 3:55 pm
It would take 5 sextillion years to crack my password, and it only has letters :P
  • alvulnax
  • Level 37
  • Artisan Dragon
  • May 31, 2014, 12:49 pm
If a hacker has access to the PMC database, he could read it. Cracked in a few minutes...
  • Tooper_Man
  • Level 25
  • Expert Mage
  • December 31, 2013, 3:59 pm
Also copy and pasted one of my blogs an it said it would take infinite years :D
  • Jiloacom
  • Level 11
  • Journeyman Scribe
  • December 31, 2013, 1:20 pm
[email protected]_PMC would take around 6 million years I think it said.
  • Blackbelt11
  • Level 3
  • Apprentice Explorer
  • June 20, 2014, 11:40 am
26 million years.
2 billion years :/
It would take a pro hacker to take 100 years before he has my account
  • zonduke
  • Level 1
  • New Explorer
  • November 6, 2013, 4:15 pm
It would take 30 years to crack my code.
A kid will NEVER break my password.
My passwordwould take 3 years to break.
My usual approach to passwords (i.e. I already knew it was crap) said it would take 39 days to crack. My updated approach would take 25,000 years to crack. Change is good lol.
  • Mister_Fix
  • Level 31
  • Artisan Electrician
  • November 1, 2013, 8:34 am
Why do we care how strong your password is???? ._.
  • Jiloacom
  • Level 11
  • Journeyman Scribe
  • December 31, 2013, 1:21 pm
Oh, you'll care when your banking account is hacked.
  • Mister_Fix
  • Level 31
  • Artisan Electrician
  • December 31, 2013, 1:36 pm
No like, people are posting comments about how strong their password is, totally useless info.
  • Jiloacom
  • Level 11
  • Journeyman Scribe
  • December 31, 2013, 1:40 pm
Okay, I get it now.
  • Ex Editor
  • Level 3
  • Apprentice Crafter
  • October 2, 2013, 12:10 am
"Make "incorrect" your password so when you forgot your password, the internet will tell you "Your password is incorrect"

Hahahha. Had anyone ever done this?
My password would take 39 days xD
How cute. Mine would take 4 years to crack.
  • ConnorW
  • Level 3
  • Apprentice Modder
  • June 20, 2014, 11:50 pm
Ha, cute. Mine would take 1 billion years to crack.
How cute. Mine would take 802 vigintillion years to crack. Don't know exactly what that means, but it sure sounds like a lot.
There seems to have been a misunderstanding. I was emphasizing how weak mine is, and you're just rude.
  • Willgiscool
  • Level 9
  • Apprentice Explorer
  • September 11, 2013, 4:17 pm
it would take about 3 hours to find out my password
That's really, really bad. :/
If you knew me personally, you could guess my password in 3 seconds flat xD
Is it your second name?
No, it's the title of my favorite song which I'm not gonna say (;
For my passwords I open up notepad and bang on my keyboard randomly and BAM theres my new password then I copy and paste it and save it, anyone else do this ?
One thing that has worked for me is thinking of the title of a game, book, TV series, etc. that is long and then replacing all the vocals with numbers.

For example let's say I like the Hunger Games so my password could be something like

(Not my actual password BTW XD)
  • Scyrous
  • Level 4
  • Apprentice Miner
  • September 6, 2013, 11:44 pm
I think ''TheClockThatTicks'' is a pretty good password right? I use it for all my accounts and I never got hacked.

I was obviously joking, never tell your password to anyone.
The reason why that site says so-so trillion years to crack is because it glitches out when you type a sentence as password
Some idiot was on a server saying: "Type 'pass=(your password)' and get diamonds. Luckily and hopefully nobody was dumb enough.
  • ObbyRaidz
  • Level 47
  • Master Cowboy
  • September 8, 2013, 11:17 am
  • abcdefgih9
  • Level 36
  • Artisan Enderdragon
  • September 5, 2013, 9:10 am
This is a really good guide for people who have bad passwords or have been hacked.
  • ctowncrafter
  • Level 22
  • Expert Artist
  • September 5, 2013, 6:02 am
in 2012, the 2 most common passwords were, password and 123456... people really?
  • PocketChaser
  • Level 11
  • Journeyman Engineer
  • September 5, 2013, 3:53 am
I Just Calculated My Password Cracker's Working Time To Crack My New Password:

It Said 99x99x99x99x99 Billion Years.

Im Like *MidFing* JOKE

But It Seriously Did It. XD

Thanks For The Blog Post!
What is the max charcher limit on PMC?
  • zombspider
  • Level 1
  • New Network
  • July 31, 2013, 4:13 pm
Alright no one could ever guess my password.... its bubble.... OH SH** damn! Gawd Im stupid
  • Ririguy7
  • Level 11
  • Journeyman Archer
  • July 26, 2013, 8:04 am
Lol it said "It would take a desktop PC about Infinity years to crack your password" Ohh yeah
The best passwords are sentences.
Would anyone try to guess this as a password:
"I like to play the piano while eating hot dogs." Would they? It is extremely long and easy to memorize.
Computers actually try long confusing passwords like [email protected] A string of words like this: theyellowcanary is harder for a computer to crack (I mean this for computer hacking systems, not if a real person is trying out passwords (noob)) because they cannot tell there are words in there... I'm not saying long, weird ones with symbols, lower and upper case ones don't work, just that long, easy-to-remember but still complicated are good too!
  • elli3ds
  • Level 1
  • New Network
  • May 30, 2013, 11:42 am
  • RobCo
  • Level 3
  • Apprentice Explorer
  • May 27, 2013, 7:39 am
Actually, a long password is better than a short, complicated one...
Relevent KXCD:Ã http://xkcd.com/936/
  • schockie
  • Level 1
  • New Miner
  • May 14, 2013, 9:30 am
wtf is this for a fail hax language
  • LattyJohn
  • Level 36
  • Artisan Modder
  • May 11, 2013, 7:36 am
lol anyone else see anonymous?
By Anonymous, you mean the mask which represents Guy Fawkes?
I can't resist...

Remember, remember, the 5th of November,
The gunpowder treason & plot,
I know of no reason,
Why the gunpowder treason,
Should ever be forgot.
A wild piece of 5h!7horror story appeared
You know your memory is fried when you were about to respond to the post above, then see that you wrote it yourself (you/your being me)...
It would take 12 trillion years to crack my password on a desktop. I don't think I'm safe enough.
  • DMB2121
  • Level 45
  • Master Narwhal
  • June 13, 2013, 12:37 pm
Challenge excepted. JK xD
  • MicroBloc
  • Level 5
  • Apprentice Miner
  • April 4, 2013, 6:37 am
ANONYMOUS[size=10pt]? [/size]
  • doom_w0lf
  • Level 13
  • Journeyman Cake
  • April 3, 2013, 6:29 pm
48 quintillion years to crack the alphabet :P
  • maddfree80
  • Level 5
  • Apprentice Network
  • March 16, 2013, 8:20 am
well my password is less then 8. but if the sight does the "it needs to be 8 or more" I add 2 different numbers at the end. like lets say my password is "password" (but its 6 letters not 8) and the sight goes you have to have 8 letters blah blah blah. I add "22" at the end and that's how I get through it.
  • _Nemesi5_
  • Level 21
  • Expert Pokemon
  • March 12, 2013, 1:44 pm
[center][size=36px]32 sextillion years to find out my password[/size][/center]
  • evanto90
  • Level 5
  • Apprentice Modder
  • April 3, 2013, 12:48 pm
Might not want to put your password in that website...... they can record them.
How do you know?
As for password storage, particularly for randomly generated (aka "spam" passwords,) most (if not all) major browsers offer some sort of synchronization service that syncs passwords.

Firefox has Firefox Sync. Allows you to choose what gets synced, and what goes to which computer. All info is encrypted in storage on the Mozilla servers, and during transfer to/from your devices.

Chrome has "Chome Sync" or something like that. Same everything as Firefox sync, plus you can also sync with Chromium (which, if you're an open-source nut like me, you have.)

Opera has something, but since I don't use it, I can't remember what. I think it has something, however.
  • Level 28
  • Expert Caveman
  • February 9, 2013, 5:49 am
(17 char password)
Gets me 100% on passwordmeter and 39,000,000,000,000 years in howsecureismypassword.net.
But divert every CPU core, every RAM module, every.... cooling system -. - .... on Earth to cracking your password, then:

Maybe 8.9 billion years.
  • raichuthink
  • Level 34
  • Artisan Pokemon
  • May 12, 2013, 10:41 am
  • fakyar
  • Level 2
  • Apprentice Miner
  • January 3, 2013, 10:48 pm
Guys because of this ... I can't get my account back for 3 days... Whenever I send to reset password (cuz I forgot it) It says that is SUCCESSFULLY send it, but I don't receive anything in email. I receive all passwords are 9AM my time (gmt+1) and they all already expired, I'm making even a youtube video to show you guys. I also sent email to board administrator (but ofc no answer)
  • sigurd4
  • Level 65
  • High Grandmaster Toast
  • January 7, 2013, 5:17 am
you dont need to reset your password, its just recommanded. when logging in you can choose a option to stop that notification from appearing (opt out). when you click that, pmc will ask for your username and e-mail adress. type in both and you can sucsessfully log in!
  • sigurd4
  • Level 65
  • High Grandmaster Toast
  • January 7, 2013, 5:18 am
oh nevermind just click this link: [color=rgb(37,37,37)]http://www.planetminecraft.com/activateoriginalpassword/[/color]
  • Cold
  • Level 19
  • Journeyman Pirate
  • January 2, 2013, 5:26 pm
Just no....

1 - 50 of 220

Show Comments




© planetminecraft.com