A method to make a super strong,easy to remember password

[rasenove]

Wrong! Dictionary attack uses whatever dictionaries you give it to use. It doesn't have to use words.

I know that, but How can a dictionary.txt have the same special chaseate combenation that my password has?
 
And pls reply my post on hide files on windows.

[Deque]

Length matters most after all.
(Don't quote this out of context )

Daemon already mentioned xkcd, but there is also the explanation why, so I post it here:

[Rogo032]

very interesting and helpful

[paroalto]

have u read " Mandiant_APT1_report"?This paper mentioned a Chinese hacker "DOTA"，the guy use keyboard based pattern as password ,such as "!qaz@wsx".
keyboard based is insecure

[Mordred]

Actually statistically speaking any password that you can conscientiously remember is not secure.

More info: http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory

[relax]

just a question... how many here actually has a 30+ char long secure password?
I don't...

[Mordred]

I doubt anybody has that. I have a 25 char password only for my encrypted external drive and my encrypted local partition, but that's about it.

The whole point is that you don't have to memorize the password, so it can be 30 chars with no issues. I found the idea quite nice, although I'm worried about it's practical implementation because of the differences between each persons subconscious mind.

[Deque]

just a question... how many here actually has a 30+ char long secure password?
I don't...

I have, but I use KeePassX. So no need to remember it.

[lucid]

I have, but I use KeePassX. So no need to remember it.

I use that as well, but I have often wondered about how secure it actually is. I mean all it takes is cracking one password and then boom, there are all you super secure passwords to all your super secure government documents..

[Kulverstukas]

KeePassDroid is a very good port of KeePass for android. Your password DB is much safer on the phone than in the computer.
I use it all the time as I have hundreds of different passwords... can't remember them all.

[an4rch1]

I could had sworn that I read a similar method that the OP had suggested from some old school text document that's a part of 1000 + hacker package :/


I think it was something to do with encrypting harddisk drives and the author used a string of words to make a common phrase or sentence in 1337 5p3ak.

[Deque]

I use that as well, but I have often wondered about how secure it actually is. I mean all it takes is cracking one password and then boom, there are all you super secure passwords to all your super secure government documents..

I think it is more secure than using weak and the same passwords all over on the web. The problem is that you can't do anything if the forum you are using is insecure, because the admin is a moron. But you can protect the password that you use for your keepass database.
I can not keep so many passwords in my head that I will take a different one for each website, which means without keepass one hacked website would be enough to get my credentials for other sites too.

If someone managed to get and crack your keepass database, he might as well have installed a keylogger or have stolen other stuff from your computer. You will be fucked up either way - no matter if you use keepass or not.
But I doubt that cracking the keepass database is possible in a realistic amount of time if your password is a secure one and is only in your head.
The alternative to not using keepass and having save passwords all over in the web would be writing down all of them on paper. In that case someone only needs to get that paper. So I rather have one long password in my head. You won't get it, even if you cut my head off.

[lucid]

Just to make myself feel better I recently moved my keepass database onto a flashdrive instead of having it on my computer.

I think it is more secure than using weak and the same passwords all over on the web. The problem is that you can't do anything if the forum you are using is insecure, because the admin is a moron. But you can protect the password that you use for your keepass database.
I can not keep so many passwords in my head that I will take a different one for each website, which means without keepass one hacked website would be enough to get my credentials for other sites too.

If someone managed to get and crack your keepass database, he might as well have installed a keylogger or have stolen other stuff from your computer. You will be fucked up either way - no matter if you use keepass or not.
But I doubt that cracking the keepass database is possible in a realistic amount of time if your password is a secure one and is only in your head.
The alternative to not using keepass and having save passwords all over in the web would be writing down all of them on paper. In that case someone only needs to get that paper. So I rather have one long password in my head. You won't get it, even if you cut my head off.

There is always the link Mordred posted to think about...