- Do not use words or names found in dictionaries in any language.
- Do not prefix or suffix words or names found in dictionaries in any language with random
characters less than 8.
mary8U3k
6Tdqmydog
etc ...
These can be easily cracked since the randomness is less than 8.
- Do not leave your computer unprotected at any time. Always use a firewall, virus protector (more than one) and spyware/malware scanner (more than one). You
don't want your good passwords and what they are used for stolen by key loggers.
- Do not repeat characters. This reduces a password's randomness
- Do not use leet characters in dictionary words or names.
m@ry (mary)
p0p51cl3 (popsicle)
5p0r+ (sport)
etc ...
- Do not select a known phrase or expression for any acronym password.
|
Strong Passwords generated from Pseudo Random Number Generator (PRNG) algorithms that uses a
random seed (the starting number of the algorithm) will produce a very good password.
It is good in the sense that it will be difficult to guess at and could only be cracked using
a brute force algorithm which is a program that attempts all possible combinations.
In addition passwords are secure when the characters are selected from a large character set and are long.
Bottom line keep passwords random and long (at least 12 characters; not less than 8).
|
We created this web site
- educate internet users on the importance of choosing good passwords that are random, long and selected from a large character set.
- to experiment with new techniques and methods of password creation.
- for fun.
We always welcome your comments and feedback on how we can improve and add new features to our programs.
You can always support our efforts by subscribing to the custom password service.
Thank-you and enjoy!
|
GoodPassword.com uses 100 Pseudo Random Number Generators (PRNGs). Each PRNG is assigned to a user by the last 2 digits of their
IP number. Each PRNG is seeded by a set of random numbers received from random.org, a web site
which generates random numbers from radio waves. The state of each PRNG is what we store in a SQL datatable
for 300 minutes. A crontab script (a scheduled task) runs every 30 minutes to check if any of the PRNG'S state is older than the 300 minutes. If so the state is deleted and thus leaving no trace of how any password was created.
Note:
- The time we set to change the seed to the PRNG can vary since its dependent on the allowance set by random.org. Currently there is a quota of 200,000 bits per day though it can vary.
- We DO NOT STORE IP addresses, User Agent or any infomation accessible from the browser to the password applications' SQL database in order to preserve your anonymity.
|
Leet Passwords are easy to remember acronym passwords generated by combining the first letter of each word, randomly changing the case, and replacing alphanumeric characters with their Leet (1337)1 equivalents, that is characters that look and/or sound the same ( Single ASCII 1337 Characters ). It is essential that the phrase selected is uncommon and known only to you.
By selecting the password recovery feature one will be able to retrieve their password with our password recovery tool in the event of forgetting or losing it. All that is required is the original phrase used to create it. How does this feature work? A cookie is created to remember the pattern taken by the password created from the phrase. Each character extracted from the phrase can have 4 possible states either as an upper case letter, a lower case letter, or up to 2 leet character substitutions. The following example illustrates this process.
My wonderful dog Goldie is eight years old.
A possible password for this is: MWd913Yo
The pattern for this password is: CCcLLlCl
|
C
|
Upper Case Character
|
|
c
|
Lower Case Character
|
|
l
|
1st Leet Character Equivalent
|
|
L
|
2nd Leet Character Equivalent
|
Each time a phrase is created a new cookie is created to remember the password pattern. In instances of more than one password of the same length the password recovery program will display all possible passwords used.
Also note that each cookie is created to expire in 1 year unless you remove it.
Further if one prefers not to use a cookie then simply record the password pattern which is displayed next to the password upon creation.
The Leet equivalents used are defined in the table below.
|
