The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

choosing a password

Discussion in 'General Discussion' started by gazbee, Apr 25, 2010.

  1. gazbee

    gazbee Registered

    Joined:
    Apr 23, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    when I try to choose a memorable password, I often get messages that it's too short or not enough different characters, or it's based on a dictionary word.

    the password generator gives me things like MLq_b6h+6Bq;

    My web server is not fort knox, and a password like that is just inconvenient.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    The following statement alone tells me that you actually need a random password:

    "My web server is not fort knox, and a password like that is just inconvenient."

    If your server does not have sufficient security hardening and protections in place to otherwise stop brute force attacks and nothing to prevent exploit once logged into the server then anyone guessing or otherwise gaining your password would have free reign to make other exploits.

    The point is that I would recommend a long binary password and make that recommendation even more so if your server isn't properly secured in other areas as I suspect may be the case with you per your comments.

    If you really are intent on using a password from memory then here is a couple of hints and tips for you:

    - you can replace the letter 'o' with 0, 'l' or 'i' with 1, 'e' with 3

    - Append some number you will remember to the word you choose

    - Add a punctuation mark like !, $, %, ^, *, or something to the end

    So if your password were going to be "lemon" then you might do something like the following:

    'lemon' becomes "13m0n"

    Append a number you can remember and punctuation ....

    "13m0n42!"

    The resulting password you could still remember and yet be substantially stronger than just simply using plain dictionary words as your password.

    For your "root" login, I would advise still making that one very long and totally random. I usually used 16 characters or greater and then keep those passwords stored someplace safe -- I use a very heavily encrypted drive myself. It is important "root" not be brute force guessable so I would avoid using what I said for those. With that said I know some will ignore that and try to make their "root" easy anyway ...

    For your regular Cpanel accounts, you can use the methods I described above. If you feel really compelled to use the same for your root then you might want to choose 2 different words to remember and repeat the whole process:

    "lemon" and "orange"

    "13m0n" and "0rang3"

    "13m0n42!" and "0rang342!"

    So your finished password is longer and looks more like:

    "13m0n42!0rang342!"

    Complex, more randomized, yet memorable to be able to type. It is not something I would wholeheartedly recommend but is "better". ;)
     
  3. gazbee

    gazbee Registered

    Joined:
    Apr 23, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    good idea...

    out of interest.


    those that use a less memorable password, like one cpanel recommends
    g0O?VUSN+L3%

    what do people tend to do with a password like that? or one like that with upper and lower case characters..

    take out a bit of paper from their trousers, read the password and spend 10sec typing it in? And with elite typing skills, getting it character perfect 19/20 times. Infact, that's a long password to have in short term memory, they'd have to look at the paper, read a few characters, enter them.. read some more, enter them.

    No doubt such a typer would be the type to memorize it. Would they commit themselves to memorizing say 5 super tough passwords. But for less important things, use a fairly standard basic one, or a few.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There are a number of password manager programs out there and Firefox has some password managing extensions available too ....

    As for myself, I need to keep track of hundreds of long random passwords so I simply have a plain password file that is strongly encrypted using one encryption method that is stored on an
    encrypted drive using another encryption type using Truecrypt

    All I need to do when I am actually using my computer is just simply cut and paste the appropriate password as needed ;)

    (Incidentally, the reason for the encryption and other measures I didn't mention is to prevent compromise in the unlikely event someone were to access my laptop --- lose it --- etc)

    You could also program your browser to "remember" your password if your computer is reasonably safe from access though I personally don't recommend doing this even if you are the only one using the computer due to keylogger trojans, external exploit possibilities, etc.
     
  5. gazbee

    gazbee Registered

    Joined:
    Apr 23, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    well, it's easier if you're using one or two computers everywhere(e.g. just your laptop)..others carry a usb hdd or usb key.. Going out with wallet keys and usb key..

    I guess your truecrypt password isn't a long random type password.. ? ;-)
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You might be interested in KeePass

    Actually it's completely binary from a hardware key. ;)
     
Loading...

Share This Page