Create an unbreakable password-the art of a password is to find a balance between security and usability

class= "Post_content" itemprop= "Articlebody" >

The two aspects of a good password are security and availability: One is good to remember, and one is hard to crack. How to balance?

Every time there is a major security breach on the Internet, I have to consider this issue. When Heartbleed vulnerabilities occur, the only effective client-side response is to change the password immediately after the service of all your accounts has been patched. Well, today, I also change my password on various websites, but this is definitely not a long-term solution.

I was thinking that one day hackers would be black to my head, and one day, I would have to spend time and energy on all the most commonly used passwords to be replaced.

I hope you have the same idea as me.

Of course, if you're already a "Master of cryptography" that uses some sort of cryptographic system to generate and keep unique, random, and unbreakable passwords, then I salute you--about 8% of the world's users know and use the system, and they never reuse a password.

And 92% of users can't find an effective solution, everyone wants to create a unique password, but the result is that your password may already exist with some hackers in the password dictionary.

How can you really create a completely random password, but also when you need to remember, to effectively awaken memory? I have summed up some experience, perhaps you want to know.

Unbreakable Password

The longer the password, the harder it is to crack. You should consider a password of at least 12 digits;

Fields to exclude: name, place, all the words that may appear in the dictionary;

Mix: Randomly change the case, disrupt numbers and spelling, and change the pinyin of the word.

By adhering to these three principles, you can make your passwords significantly more difficult to crack in the face of even the best hackers, even if their strategy is strong enough for you to understand.

Computer security expert Bruce Schneier shows us how the current password cracking technology is evolving:

Crackers can use different dictionaries, such as English words, names, foreign words, phonetic patterns, etc. as the root of the password, two digits, dates, symbols, etc. as collateral. Cracking process can also add a variety of common letter symbol substitution, such as $ for S, @ for a, 1 for L, and so on. This hack strategy can quickly break around 2/3 of the world's passwords.

Adobe encrypted all passwords with a single key, causing the entire password database to be violently cracked, leaking about 150 million user passwords. Let's take a look at some of the common password results that are leaked:

123456
123456789
Password
Admin
12345678
Qwerty
1234567
111111
Photoshop
123123
1234567890
000000
abc123
1234
Adobe1
Macromedia
Azerty
Iloveyou
Aaaaaa
654321

If you are interested in the security of your password, there are many online password detection tools on the Web to detect security, such as Onlinedomaintools. This site can show you the security of passwords, through a variety of ways to crack the time required.

The translator used his usual 16-digit password to test the results of this

As you can see, my password uses standard PC computing power brute force cracking takes about 31 billion years to crack, and it takes about 310,000 years to crack through all the computational power of a medium-scale zombie network.

The article authors cite the random password: Bre7e$ret98:!az, the fastest crack speed still need 2 billion years.

four ways to help you create an unbreakable password

The most important problem in using random passwords, despite their high security, is that they are too difficult to remember. If you're sitting in front of a computer and completely randomly typing a character, it's hard to crack, but you can't remember it either.

A relatively workable solution, then, is to use a password that looks slightly random, or to use a character that has a specific meaning for you, but to crack the software that has never been seen in the dictionary.

Bruce Schineier Method

Bruce Schneier The idea of a cipher as early as 2008, and until today he still recommends it: find a sentence and turn it into a password.

This sentence can be any sentence, can be a good memory for you personally, or have special meaning. Find each word in a sentence, and then indent the words by one letter, and then combine them into a single cipher in a unique way. Let me give you an example:

Woo! Tpwontsb--woohoo! The Packers won the Super bowl!

Ppupmoart@o@tgs--please pick up to toasty O ' s at the grocery store.

1tubuupshhh...imj--i Tuck button-up shirts into my jeans

W?ow?imp::ohth3r--where Oh Where is my pear? Oh, there

Electrum Wallet Method

If you know Bitcoin, play with Bitcoin, maybe you know how the "password-address" of the wallet came into being. Electrum is a bitcoin wallet service that can be converted to a 12-word mnemonic for the user's Bitcoin wallet address through a hashing mechanism. Like the following image:

This mnemonic, also known as Pass Phrase, provides a new way for users to create a password: instead of using a random string that is difficult to remember, it is better to spell a long sentence with a bunch of words without a combination of meanings.

First of all, write 12 random words, or even write a slightly meaningful sentence, as long as this sentence by search engines can not be found, such as:

Pantry Duck cotton ballcap tissue airplane snore Oar Christmas log puddle.

So if you throw these 12 words into the test machine, even if you use a botnet, it will take about 238378158171207 * 10 of 123 years to break.

PAO method

Computer scientists at Carnegie Mellon University suggest using a cryptographic mnemonic called "man-action-Object" (Person-action-object,pao) to create and memorize high-intensity passwords. This approach was paid attention to in the Joshua Foer's book "Walking With Einstein's moon".

The PAO method is probably like this, I give an example:

Find a picture of an interesting place (Zhongguancun)

Find a picture of someone or a celebrity you Know (Liu)

Imagine this man doing something in this place. (Liu sells computers in Zhongguancun.) Liu Qiangdong sells consolidator in Zhongguancun)

Selling computer--sells computer--selcom

Done, now that you have a random 6-bit password, depending on your password requirements, you can design more than 2-3 scenarios, creating passwords of different lengths.

The meaning of the PAO method is also to create a random password, but the way is novel and easy to use: People's memory of the image is more profound than the memory of words.

pronunciation and muscle memory method

I have developed a method of generating random passwords myself, and I personally like this method very much. This approach is related to pronunciation and muscle memory:

Find a password generator.

Generate at least 20 passwords at least 10 bits long, including numbers and letters at least

Iterate over the generated passwords, find some sounds similar to the word structure, find the passwords that are barely able to pronounce them, and can probably write a short sentence, such as

Drenaba5et (been Enaba 5 e.t.)

BragUtheB5 (Brag you V5)

Tap into a text document the password that you think you can print. Knock repeatedly and probably write down the speed and ease with which each password is typed with the keyboard. You need to find the easiest one to hit, because this is the easiest to get familiar with your hand muscles, which is your pronunciation & muscle memory password.

Ultimately, regardless of which method you use, you will have to replace all your registered websites and services with this one after another. This is a process you can't escape, but in this process you will become familiar with the code, which is random and can be remembered by repeatedly tapping the keyboard.

's not over yet! The next thing you need to do is

What I'm about to say will probably offset the enthusiasm of most of the friends who have seen here to change their passwords: Yes, never reuse a password.

I understand you, it's hard enough to create and remember a random password, every site has to recreate a password? Most people register at least 10 kinds of online services, whether they are social networking sites, mailboxes, and instant messaging software.

For my own part, I have been registering on a new website or service almost every day for work reasons, that is, I have to create and memorize 30 new passwords every month. One day my brain will explode ...

The task before me: Remember every unique password, and each site uses a password, landing time can be entered quickly, do not forget the password ...

This is the conflict between security and usability. Fortunately, there are always some simple ways to take it.

Register a password management tool

The easiest way to do this is to find a password management tool to manage passwords, such as LastPass or 1Password. The Password management tool does nothing but store passwords, but there are some that can help you generate random passwords.

That means the only password you need to remember. is actually the password of the password management tool ... And many of the best password management tools can be well integrated with browsers and even mobile devices, and the data stored in the tool is encrypted at the highest level.

Therefore, in any case, I would recommend that you use the Password management tool, whether you do what I've just said about the password generation method, or if you're still using your password in your own way, password management tools are the most convenient partners-except when you try to log in with a strange device.

dedicated, not too waste of memory

You can use random passwords on important Web services, such as microblogs, micro-letters, Facebook, Twitter, Gmail, payment tools, and other less important things, such as online shopping and ordering software that you often use.

Of course, someone cracked your simple password, and then on Baidu to send you buy the interest of dolls record is not very good ... So, local conditions.

Local conditions

As a result, you can still use a unique, highly random password for each registered Web service, and then remember the passwords of those commonly used sites and leave the other passwords to the password management tool.