We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Best way to make an uncrackable passphrase, using What3words
Options
Comments
-
km1500 said:remember, if you consider an offline dictionary attack (eg someone is trying to get into your encrypted word document) then a three-word password is equivalent to a three-character password
you should not use words you should use random letters and numbersNo, a three word password is not equivalent to a three character password.There are about 100 characters that the average person will use (at most 255).There are tens of thousands of words that What3Words uses.Therefore we are talking about at least50,000 x 50,000 x 50,000 combinations.In fact, What3Words has 57 TRILLION different 3m squares on its map of Earth, so that's how many combinations there are - then add on the extra, simple passphrase that you add to the end, and you have an uncrackable password.0 -
IvanOpinion said:theoldmiser said:The most important thing in a passphrase is its length, not using 'Capital letters, numbers, and symbols', like you so often hear.So a passphrase such as"responded impressed licks Theoldmiser444"is uncrackable due to its length.
There are still weaknesses in your suggestion though - the biggest of which is that you have had to write something down. You could strengthen the password by interjecting characters between the words (symbols or (e,g,) the 4th letter of the previous word) and adding random mixed case e.g. resPondeDPimpreSseDrliCks@Theoldmiser444$$.
Alternatively you could mangle the words e.g. resPimpRlicKondeDesseDs@OldTheMi444ser (makes it a bit more difficult though).
These will cause a dictionary attack to fail and are as good as random characters with the added advantage of memorability and less of an issue if written down.Show me a website that suggests that any of the What3Words word combinations are easy to crack. You say "measurable in days or weeks."Passwordmonster.com doesn't agree with you.For example, "grand inch supper" it says will take 78 years to crack.Dictionary attacks become more and more time consuming the more words you use.There is no weakness whatsoever in writing a password down. If you can remember more than two or three of your passwords, then you are either a genius, or your passwords are too short to be secure.You don't have to mingle the words, you just have to use MORE of them. There is no need whatsoever to make your passwords as complicated as you have suggested.You act as if a 'dictionary attack' is some kind of magic that doesn't become incredibly more time consuming to complete every time you add just one word.I showed you how to make uncrackable passwords, and proved it with Passwordmonster.com."potato bucket visit Theoldmiser444" 24 trillion years to crack."nodded judge mild Theoldmiser444" 387 trillinon years to crack.Or try"potato bucket visit Theoldmiser444" - centuries to crack"nodded judge mild Theoldmiser444" - centuries to crackOr try"potato bucket visit Theoldmiser444" -It would take a computer about 9 tredecillion yearsto crack your password
"nodded judge mild Theoldmiser444" - It would take a computer about 9 tredecillion yearsto crack your password
Or try
https://password.kaspersky.com/
"potato bucket visit Theoldmiser444" - Your password will be bruteforced with an average home computer in approximately... 10,000+ centuries"nodded judge mild Theoldmiser444" - Your password will be bruteforced with an average home computer in approximately... 10,000+ centuries
0 -
SteveJW said:I look round the home and use three names I can seeFor example at the momentFriendshipsCoffeeGeralgineAdd the time and a couple of special symbols, so end up with$FriendshipsCoffeeGeralgine1040#Wonder how long that would take to crackThen use a password manager to store my passwordsSteve
Steve, you don't need to use the numbers or special symbols, it's much easier and more secure to just add a few more words.
1 -
SteveJW said:I look round the home and use three names I can seeFor example at the momentFriendshipsCoffeeGeralgineAdd the time and a couple of special symbols, so end up with$FriendshipsCoffeeGeralgine1040#Wonder how long that would take to crackThen use a password manager to store my passwordsSteve0
-
The other reasons for not using special characters are thata) It makes your passphrase impossible to remember - if the passphrase is long enough to be uncrackable, andb) it makes it more likely that if you write your passphrase down (by hand), that you won't be able to read the special character in the future.Using a password manager is 'putting all your eggs in one basket'.For example, LastPass was hacked:Nobody is going to hack into your physical address book, which is sitting on your desk, or on a bookshelf, or which you hide inside another book, etc. I have searched and searched online, and I can't find a SINGLE case of a burglar stealing somebody's password book from their house, and then using the passwords to steal from them.(Of course, most people don't write their passphrases down, because the idiotic advice we read everywhere is "don't write your passwords down", without any reasons given. So most people's passwords cannot be uncrackable, precisely because they have to memorise them, and thus they end up making short, insecure passwords, and they reuse them on different sites (which I agree is a bad idea), because who can remember 200 different passwords?If you have to use a passphrase at work, you can still write it/them down - I am presuming you don't need more than two or three passphrases, so write them down and store them on a card that you keep in your wallet. If you lose your wallet, you'll know that you've lost it, and then you can contact your I.T. department immediately and get them to reset all your passwords. Or store them on a small card that you keep on your keyring.But for home use, where you probably scores of different accounts, writing down passphrases is the best thing to do - it means you can make passphrases that are so long (and therefore so secure) that you can't remember them. It means that you don't need to reuse passphrases on different websites.Now, obviously passphrases for some websites that you visit are much more important than for other websites:1) Banking, email, Paypal, Ebay, Amazon, Facebook, Twitter, and anywhere else you can buy things. These websites need your most secure passphrases. If you log into your email every day, you will soon learn your passphrase by heart, if it uses my method.2) Forums and everything else - maybe your passphrases here don't need to be so secure - but you only have to add another word or two to a three word phrase to make it uncrackable - if it isn't already uncrackable. So why bother? Just use the method I described in my first post for everything, write down all of your passwords in an address book, hide it on a bookshelf if you want to (burglars aren't going to steal books when they break into your house), or just under a cushion, then get it out when you are on the computer. Simple.
0 -
Even Microsoft give bad advice:"Easy for you to remember but difficult for others to guess."This is the sort of confusing and unhelpful advice that billions of people are given all the time."Or just a hint...
Rather than writing down your password, consider writing down a hint that reminds you of what the password is. So if your password is "Paris4$pringVacation" you could write down "Your favorite trip." "
If you can remember most of your fifty or more passphrases like that, then the passphrases probably aren't any good in the first place. Note how it uses the dollar sign instead of an 'S'. All unnecessary.
0 -
km1500 said:remember, if you consider an offline dictionary attack (eg someone is trying to get into your encrypted word document) then a three-word password is equivalent to a three-character password
you should not use words you should use random letters and numbers3 -
It's not worth anybodies time trying to reason with the OP he doesn't listen
His last thread on this very subject got deleted cause he told the world how he sets his passwords up and therefore making himself very vulnerable to being hacked
This thread will probably go the same way to protect the OP3 -
I think my post was a bit confusing in that I did not make it clear I was talking about password length
so for example supposing you have decided that you want a 15 character length password
then it is much better to have 15 random characters than say three 5-letter words
0 -
km1500 said:I think my post was a bit confusing in that I did not make it clear I was talking about password length
so for example supposing you have decided that you want a 15 character length password
then it is much better to have 15 random characters than say three 5-letter words1
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards