Volkon, on 01 February 2013 - 07:52 PM, said:
Use a common word, shake it up a bit, bang, strong password. One I've retired from the past was H@ll0w33n for example. Easy to remember, complex to crack.Better yet is to stick two unrelated words together and do that. Gr@p35h@rk (gr@pe shark) is catchy and easier to remember than it looks.
The problem is, these brute-force algorithms take these things into account now because they're so common. It would not take too much longer to brute H@ll0w33n than Halloween. All they have to do is let the program know some very common substitutions. @ or 4 = a or A, 0 = o or O, etc. These substitutions are almost always vowels. Basically, brute force programs know about 1337 speak and know how to get around it.
On another note, when a person is "forced" into using a number for their password, the vast majority choose 1. When "forced" to add a special character, the majority choose !. These statistics make it pretty easy for brute-force programs to effectively attack.
Anyway I didn't want to go off on a big thing here. Just trying to help
Evans, on 01 February 2013 - 12:51 PM, said:
Hmm, as useful as that sounds, isn't such a program susceptible to hacking? I mean I expect the most assaults to my electronic information to come from the web. As such a little notebook with all your passwords, which you can still put aside in a discreet place, cannot be accessed by the usual suspects. How safe is a program like KeePass against those who have a real interest in getting your information?
It's true that storing all your passwords on paper leaves them available to friends or family, or whoever can reach them, but it isn't very hard to put them in a secure place and if you don't mention the existence of such a document, who would go through your private stuff looking for it. Furthermore, who would have the chance of doing so? I don't know who tries to access my pc from over the internet, but I do know who I let into my office room.
No, you're right. It's going to be different for people, depending on their situation. If you have really good control over your office room and never flash those papers near a window, you'll probably be perfectly safe. Unless you happen to get a keylogger on your computer. Then typing those passwords every time would be a risk.
Whereas, using a program like KeePass where the passwords are never typed out would be more secure against a keylogger but less secure against someone gaining access to your database file. But if you use a strong master password and enable a key file (which you might keep on a USB drive), you are pretty damn safe from that. Even if someone got access to your master password and your database file, they could still not open your database without that key file.
You can check out some tips and cool information here: http://www.geeksengi.../keepass-2.html