Best way to make an uncrackable passphrase, using What3words

IvanOpinion

@poppellerant, @outtatune, good advice about using an offline password manager, this may suit some people.
I should be clear that generating and remembering 16+ A/N passwords is not an issue for me ............... usually!!

double_dutchy

PHK said:

...do you want your information sold on the dark web? Strangers reading your emails? Contacting all your contacts with phishing that looks like it's coming from you?

That's just some of the things that can happen with weak password security.

Hello thanks for replying.

No I don't want those things happening....but my point was about the relative chances of my passwords being broken against fraudulent access to my cards/accounts facilitated by other means. I haven't seen anything to convince me that the risk of the former is anything other than miniscule.

I have read that some people suffer serious injury getting out of bed in the morning, but I don't personally take any steps to mitigate such risks because I believe the odds of it happening to me are vanishingly small.

zagubov

Not trying to hijack the thread but do many sites let you use spaces as a "special character"?
Password security checkers put passwords with spaces into the trillion-year crackable range. 

flaneurs_lobster

zagubov said:

Not trying to hijack the thread but do many sites let you use spaces as a "special character"?
Password security checkers put passwords with spaces into the trillion-year crackable range. 

Most of the major online services (Google, Microsoft, Amazon etc) have no problem with spaces WITHIN a password but don't allow them at the beginning or end of the password string - it's for implementation reasons, it's really hard to validate (at least for a human) when a space is appended to a string of characters. It's pretty standard to strip spaces from the beginning/end of character data inputs (not just passwords) in most online interactions. 

The financial institutions that I have accounts with have a range of rules about the character set that can be used for passwords, NatWest Group, for example, only allow alphanumerics so space wouldn't cut it. Others (annoyingly) use a subset. Wouldn't be at all surprised if most exclude space.

I've just checked a couple of password manager's generator options, neither include space in their "special characters".

It's not obvious (at least to me) why a space character would be more secure than, say, an underline or percent sign.

outtatune

Keepass allows you to choose (or exclude) spaces in generated passwords.

theoldmiser

outtatune said:

Two observations:

1. Since correct horse battery staple became a common password strategy brute force attackers will routinely target those as part of the attack on the encrypted password file, so a three word phrase from a list of even 10000 potentials will not last long, unless you then start swapping $ for s, adding digits and symbols, etc. And once you start doing that, you're going to need a password manager anyway, so you might as well do it properly and get the password manager to create proper strong random strings.

LOL. I explained very clearly in my original post how to use What3Words to find a completely secure password, we aren't talking about 10,000 potential passwords, we are talking about 57 TRILLION squares on What3Words, without any effort required whatsoever to change one of the squares' three words. 57 Trillion is far more secure than 99.9% of people's passwords.

theoldmiser

poppellerant said:

I won't enter an argument about this, but anybody who thinks a long password which is made up from words is kidding themselves if they think their password is impregnable.  You would need to change the letters in the password to symbols and/or numbers.

For example, changing MoneySavingExpert to |\/|0n3y$8\/1n93xp3rt would make the password far harder to crack.  The time on PasswordMonster increases from a mere 33 hours to 106 billion years.

Anyway, I'll stick to using randomly generated passwords, that can be 50-100 characters to long depending on the website.  If I remember right, my Google password is over 200 characters long - have fun cracking that.

So 57 Trillion different combinations, in What3Words, isn't secure enough? And 57 Trillion to the power of 57 Trillion, using TWO sets of three words from What3Words, isn't secure enough? Seriously?

theoldmiser

John_Gray said:

How long would it take to crack your password?

I cracked it immediately simply by looking at your post, where you have written it down...

That's proved me wrong then! Hilarious.

theoldmiser

SteveJW said:

I usually look around at letters, leaflets etc etc and pick three random words translate a couple of words to a foreign language in Google translate, say Thai and then use the pronunciation words add a couple of numbers and special characters

Yes, anything but use my simple and far more secure method, that anybody can use, with zero effort...

theoldmiser

SteveJW said:

Why not just let a password manager generate passwords for you?

Some websites will not let me copy and paste passwords

I like many people struggle to remember a string of random numbers, letters and characters

I can remember three words even if in a foreign language or phonetic, combined with a year and a couple of special characters

Thank you. This is precisely why using What3Words is by far the best method available - it's easy to use, easy to find a random square in the middle of the ocean, that nobody else is going to find (there are 57 Trillion squares on What3Words!).

Isn't it odd how, when you present a simple idea that should make life better for everybody on Earth who uses a computer, you can always guarantee there will be people on forums who don't understand your SIMPLE idea, misread what you wrote, and then criticise it and claim it can't possibly work, without ever explaining why?