How to Create a Perfect Password! This is the Scientific Method

By Philip Perez,2012-03-12 10:24
230 views 0
How to Create a Perfect Password! This is the Scientific Method

About the password, many people created casually, or just do a simple thinking. After you read the following text, perhaps you will doubt about that I may have used a fake password!

Principle is very important, but the skillisuseless.

First, for different account types to design a different password strategy

1. Account type

First, we can easily divide accounts into two categories: important accounts and general accounts. Classification is to develop a password strategy, because these two types of account password requirements are different. This classification is not absolute, you can consider by yourself, such as facebookyou canplace in important categories.

Important account refers to personal privacy or property involved:

Bankaccount, social security,Paypal,mobile phone pin code...

General account refers to various forums, social media, product authorization, etc.:

Facebook,twitter, WIFI, broadband

2. The basic principles of password strategy

Different accounts use different passwords!

If use the same password, once lost,all account password is necessary to change, is clearly unsafe.

At present, the personal password is most likely to be leaked in a situation is - hit the library. In short, you are registered with the site A, but also registered the website B, C ... results C site unfortunately loopholes, hackers have collected the username and password information, and then hackers use this to try to visit the site A, B , Try to bulk landing other sites, get a series of users can log on. This is actually very common and you must treat it carefully.

The higher complexity of the password, the more secure

The complexity of the password does not mean that the password looks longer and more disordered the more secure, but refers to usecombination of digital + letters + symbol, do not underestimate a symbol, the form of this mix will greatly improve the violence Difficulty. Violence crack has another called exhaustion, refers to a test password, one by one until find the real password so far.

For example, a password that is known to be Four digit and all consisting of numbers, there are probably 10000 combinations, so a maximum of 9999 times will find the correct password. If you add some symbols, you can greatly improve the possibility of password combinations, so can effectively prevent violence crack. The real break through the violence to break the personal password is not much, but in any case, to improve the complexity is always good.

As far as possible to facilitate memory

You may have dozens Account, if different accounts using different passwords, how could you remember so many passwords? Do not worry!First,you shouldthink about whetheryou need to remember so many passwords. According to our account type, we can use different password storagemethods, forget the password is cannot be tolerated.

3. Password policy for important accounts

This type of account password is generally only allowed to use numbers, such as banks, paypal, usually these accounts do not worry about being cracked, they have a preventive mechanism, people can`t enter password after Several wrong attempts. Therefore,Complexityisnot very important.

Important passwords need to match those factors:

Easy to remember

Mind to remember, at the same time to write in a notebook to keep, to prepare for contingencies

No obvious law

Do not use birthday, 111111,123456,000000 such a public password. The more disorder, the less likely guessed. Of course, there is absolutely don`t use same password withGeneral account, remember different accounts use different passwords,this`sthe basic principles.

4. General account password strategy

In fact, we often use this type of account, but the memory is not the first one at here, we can do a password table, you can use it when needed. The general type of account password to be relatively independent and high complexity can be. The security of the password table, we willdescribe in detail later.


As mentioned earlier, for preventing collision library, account password need to be independent of each other.

High complexity

Network accounts is easily cracked by violence, so the higher the complexity, the better

Second, building and saving the password according to their own strategy

The best password is nothing more than easy to remember,but not easy to guess, how to do it? Now I will share some skills to build passwords.

1. How to improve complexity and disorder

Mix up Numbers, letters, and symbols.

Changing characters to Variant words to improve the complexity of the complex, such as my name Leon,you can write as 1E0Nthe following table can refer to the deformation, of course, and youcan set your own deformation table.

The original character

Variant words



















By the exchangingof letter and digital symbols, a sentencethat easy to remember will become a garbled password:

Another examplepassword --> P@$$w0rd

This is a simple and easy way.Do you think so?

2. How to make the password independent of each other

Usuallyif you want to use an app,you should register an account first, at this time creatinga passwordtemporarily is obviously more difficult. If you have to use Commonpassword and application name and symbol combination, it`s ok but also it is relatively easy to be seen through, and these accounts Usually not important, in fact can use UUID.

UUID called Universal Unique Identifier, you can understand as a string of random characters, generally, it contains 32 hexadecimal numbers, UUID can be generating by many methods, some site can generate a lot of UUID, when you needed, the possibility of very lowthat randomly generating two UUIDs repeated,so you can rest assured that use.While how to remember so many"gibberish"? That`s anlittle case, please look at it.

3. How to store passwords and memories

Obviously, the complexity and memory of the password is inversely proportional. You may not have the most powerful brain, to remember so many independent passwords is very difficult, this time will use some tools and techniques, and here,we make the focus on the password table.

Important account password saved in a notebook, the general account password can be encrypted in network notes.

Usually the password of Important account have a Low complexity, and Not many in quantity, you can keep it in mind, while you need also prepared a notebook in home.

Spartan password

Spartan password is a kind of password stick, it`s a tool that used to change the alphabetical order of the message, by a processed leather wrappedwith some message around a wooden composition. In ancient Greece, It`s used for recordingand delivering military message. In short, it is only valid when someone according to a law to select a specific location of the characters, other words is used for interfere with the invalid characters.

For example:


The law of Reading:K GAW I BRX L QOP L CSD K VRG I ASD N GBH G

Decrypted:K I L L K I N G

Derived method

After reading the Spartan password,do you feelingenlightened. When I am saving some message in the clouds, I will do like that, because only know their own effective cipher text, so even if the notes were hacked, it does not matter. Everyone can create a kind of their own effective string, such as the following accounts, may be the last string of characters is valid, or only the third character is invalid, in addition to you, no one can understand the law.





Third, the summary

About account classification

You should make sure the account and password independent of each other, and preventone password corresponding to multiple accounts - effectively prevent "hit the library"

By adding characters to increase the password complexity, the best capital, lowercase, numbers, symbols bothimportant account passwords saved in a notebook, and keep it in your mind.

General account can saved in the cloud notes, encrypted notes and then encrypted - using "Spartan password"

Prepare some random password as backup, such as using UUID

Finally, I want to tell you why I do not use the unofficialpassword management tools, such as KeePass, LastPass, 1Password. The reason is nothing more than inconvenience and no trust, based on the local password management tool is not convenient, the cloud`s cross-platform equivalent to their own password to a company's server, that will not makes me feeling safe. If a company has mastered the accounts of so many people, it will inevitably be grouped hackers.