What’s the deal with passwords?

--Originally published at TC2027 – Blog will Tear us Apart.

Passwords, oh passwords. The keys to our everything, definitely a pain in the arse.

This is my approach on the defense/user side of passwords, if you’re interested on the attacking approach, read Miss F’s post.

I’m sure we’ve all heard hundreds of times how insecure our passwords are, every year or so, another security blog or company sends in their updated new rules and minimal security measures, but as today, there are some basic principles.

  • Never use your name, birth date, security number, house address or telephone numbers. Neither your past ones, or a family ones
  • Never use sequential numbers. 123456Seven sucks, (ping me if you got that reference)
  • Never use words like “password”, “admin”, “qwerty” as a password. Please.
  • Never repeat passwords. Really, that’s just dumb.
  • Keep them long. Try to use at least 12 characters.
  • Add capital letters and symbols.
  • Do not share them, lass.

I know it’s kinda complicated to remember every password ever, so here I gathered some password making techniques.

Prefix-Suffix method.

I used to give a middle school digital crash course, and normally I used this method of password making. I call it the prefix-suffix method, this method is great for memorizing complicated-ish passwords and becomes an easy way to never use the same password. It’s great for defending against brute force attacks, and might help a little with dictionary attacks. Here are the steps:

  1. Choose the name  TV show, movie, character, song; anything you really like, the obscurer the better. For example, the name of a semi-obscure Jedi master: Plo-Koon.
  2. Now grab that name and scramble it in a way you can easy remember, give it a little twist, add some l33t, you name it; just keep it easy to remember, here’s with our Jedi: P1O^Kunn (Notice that I even misspell it). This
    Continue reading "What’s the deal with passwords?"


--Originally published at TC2027 – Blog will Tear us Apart.

So, I’m starting this blog from scratch, fresh out of the [wordpress] oven. Initially, the purpose of this blog is to become an active participant of Ken Bauer‘s #TC2027 security course, be ready to read a lot about the topic.  Now, this blog wont be exclusive to the topic I’ll be talking about different topics, so don’t worry.

I’m was not quite sure to reveal my identity, but as i’m linking this to my personal twitter account, it was going to be just matter of time to lose that privilege.

I really don’t have much to say at this point, so relax, be patient with my writing skills and enjoy the ride.

P.D. My twitter interactions are most of the time in Spanish. Perdón.