Using the above principles, how can we design a good password?
Tip 1: Replace characters with ones that sound the same
For example, you can replace the letter e in succeed with the number 1 {note this sounds the same in Mandarin}, so that it becomes succ11d, which is easy to remember and combines numbers and letters.
Tip 2: Replace characters with ones that look the same
For example, you can replace the o in dog with 0 and it becomes d0g. It mixes letters and numbers.
Tip 3: fill with special symbols
For example, the above password d0g is not long enough, so you can add special symbols at the end, e.g. d0g!(!(!(!(!(!(, it will be easy to remember, but hackers will need 12,340 centuries to crack it.
Tip 4: Using Chinese input method
For example, the phonetic input method of the four words "My Password" is the combination of "ji32k7au4a83". At first glance, it is a random combination, but it is meaningful.
Pretty hilarious all around, anyone checked if d0g!(!(!(!(!(!( is in the database too?
>Pretty hilarious all around, anyone checked if d0g!(!(!(!(!(!( is in the database too?
I just checked and... looks like it's not been seen by HIBP:
>Good news — no pwnage found!
>This password wasn't found in any of the Pwned Passwords loaded into Have I Been Pwned. That doesn't necessarily mean it's a good password, merely that it's not indexed on this site. If you're not already using a password manager, go and download 1Password and change all your passwords to be strong and unique.
No, the algorithms are bad as well. Transformed dictionary is hardly any better than dictionary if the transformation isn't unique.
All those annoying rules about required character classes are mainly there to prevent dictionary attacks, but "s3cr3t" is not much of an improvement over "secret" ("s4cr5t" would, because it's not the result of a popular transformation).
Not much of an improvement, but never worse -- unless the function is not injective. You can't argue with Kolmogorov complexity. If the algorithm is secret and has computational complexity it gets better.
Using the above principles, how can we design a good password?
Tip 1: Replace characters with ones that sound the same
For example, you can replace the letter e in succeed with the number 1 {note this sounds the same in Mandarin}, so that it becomes succ11d, which is easy to remember and combines numbers and letters.
Tip 2: Replace characters with ones that look the same
For example, you can replace the o in dog with 0 and it becomes d0g. It mixes letters and numbers.
Tip 3: fill with special symbols
For example, the above password d0g is not long enough, so you can add special symbols at the end, e.g. d0g!(!(!(!(!(!(, it will be easy to remember, but hackers will need 12,340 centuries to crack it.
Tip 4: Using Chinese input method
For example, the phonetic input method of the four words "My Password" is the combination of "ji32k7au4a83". At first glance, it is a random combination, but it is meaningful.
Pretty hilarious all around, anyone checked if d0g!(!(!(!(!(!( is in the database too?