Phonetic passwords

Soldato
Joined
17 Jun 2007
Posts
9,387
I've been using a password manager recently but still haven't set up a really secure master password.

Does anyone use an easy to remember word but use is phonetically

Simple eg.
DAD
DeltaAlphaDelta

Or would that even if it ran into 18 characters be easy to get through
 
I use a password manager, but nothing phonetic.
The password I use is just a random mash up of all characters, maybe 30-50 characters long.
I think it's possible to remember more or less any password, if you use it constantly, multiple times per day and every day.
I've forgotten complex passwords, that I've not used for ages. If you keep using it day to day, you'll be fine.

My advice would be to write the password in a text document to start with, as a backup.
Once you're used to typing the complete password from memory, delete text doc.
Sometimes it's easier to remember passwords, if your hands move over the keyboard in a flowing pattern and not going from one end of the keyboard to the other end and back again.

Edit:
I'd also recommend encrypting your "C" drive (with a different password).
It's possible to download software, that can reveal passwords in seconds (I'm not sure if that applies to password managers), but definitely to email clients and other software.
Which might make a "complex" password irrelevant, if the drive isn't encrypted and your computer is stolen.
 
Last edited:
For master passwords for a password manager you'll likely benefit from creating multiple passwords conjoined into one.

E.g. use a pass phrase, supliment it with a special characters from another pass phrase and add numbers.

Something like:

This little piggy went to market
serial number off a random box
The quick brown fox

Password then becomes:
thislittlepiggywenttomarket!54896451_TqBf

Also I agree with Marks' last comment - making something "flow" can be good.

Try typing something out really fast in notepad but KEEP all the mistakes you make and use that as your password :)
 
Mine is a muddle but mostly non-english words as that's always a good start - most password dictionaries focus on English words, names etc.

then add two factor authentication.
 
I've used it during training sessions, got people to come up and type in common passwords they use. I point out that it's only based on current desktop tech cracking them - in a years time that could be vastly lower.

Don't think I've had one yet that was more than a week. My current Lastpass on is One Million years and a doddle to remember.
 
I've been using a password manager recently but still haven't set up a really secure master password.

Does anyone use an easy to remember word but use is phonetically

Simple eg.
DAD
DeltaAlphaDelta

Or would that even if it ran into 18 characters be easy to get through

Use upper and lower case letters.
Use the digits 0-9 (not all of them but include a couple)
Maybe use a special character or two like $ and %.
Make the password at least 10 characters long.

Doing this will give approximately 59x10 to the 17th possible combinations or roughly the amount of stars in the galaxy (could be 57x10 to the 17th). The password can be very easy for you to remember it's the possible number of combinations which makes it harder and harder to guess plus case sensitive etc.

Stoner81.
 
Generally I use something I will remember like two words interspersed... then add in an easy number like a telephone number. The below comprises of memory, gigabyte, 0133725712.

m0g1e3i3m7g2o5a7r1b2yyte

And that comes out at 177 quintillion years ;)
 
Last edited:
Use a sentence or sentences, its the easiest way!

The sentence above has upper case, lower case, spaces and special characters. All thats missing is a number :) You can make it more or less complex depending on requirements.

Second point - don't ever type your password into links like the above. Even if it is totally legitimate in nature, you have no guarantee that they have coded that site securely. It may be compromised and harvesting all details typed in there, including the corporate or home IP address you are coming from.

From the corporate IP address you will be able to map back to the organisation name, from there you can enumerate email addresses and username structure. From there you can enumerate linked in for all employees, build your username list and password attack any public facing corporate resources.

Source: Im a pen tester/social engineer/cyberdouchebag.
 
Back
Top Bottom