I recently came across an interesting article on Irongeek.com (which itself is a pretty interesting security site that I'll probably add to my list of news feeds) entitled, "ALT+NUMPAD ASCII Key Combos: The α and Ω of Creating Obscure Passwords." The author suggests the idea of using non-standard (ie, not defined on standard keyboards) special characters as part of your password. It's common knowledge that adding special characters to your password greatly increases the difficulty of guessing or brute forcing the password. This extends the idea by adding normally hidden (and often unthought of) characters to the mix. So, while something like abCD1234%^&*
might be a good example of using special characters in a password (though obviously you'd want something more random than that sequence), consider this password: äßÇн²¶╔¥¢
. I'd love to see the password cracker that can crack that one. :-)
Of course, as the author mentions there are downsides to this. Increased complexity notwithstanding, its strength is also its main weakness; these are non-standard characters, and as such not all applications and operating support them in the same manner (or at all). While this may work great as a Windows user password, for example, it may not be possible to use it as a Linux user password.
Regardless, it's still an interesting concept that deserves some attention. Check out the article for more details on the subject, as well as a tutorial and reference charts for entering special characters. The Wikipedia article on Windows Alt keycodes (also referenced in the article) is another good resource.
Re: How to Create Truly Obscure Passwords
Ummmm, that's only a 10 character password, dictionary\brute force can crack that alot easier than a passphrase with alot more characters.....and are you actually going to remember the password or more likely put it into a text file/post it on your desktop or wallet/drafts in your Outlook Inbox?
Better practice is to use a very long passphrase.
Here's a good article: http://geodsoft.com/howto/password/cracking_passwords.htm
Re: How to Create Truly Obscure Passwords
The example I provided wasn't meant to be a textbook example of a perfect password. Obviously there's more to choosing a good password than the difficulty of the characters, and two such considerations, as you rightly mentioned, are length and how easy it is for the user to remember. The point of the post was that including such characters in your can and will greatly increase a password's resilience against brute-force and dictionary attacks. I did not mean to imply that this was the only factor to consider. :-)
That's a pretty cool link, though. Thanks for sharing.
Edit: By the way, I just clicked the link for your name. Do you run NT Compatible? I used to reference that site very frequently back when I moved over to Windows 2000 (and then XP) from 98SE. Very handy. If so, thanks for all your work on it over the years!
--
http://www.legroom.net/
Re: How to Create Truly Obscure Passwords
Nope, just a lowly moderator @ NTCompatible. Been there since the beginning. :)
I love your Uniextract program. I maintain my own PC Game Compatibility List (seperate from NTCompatible's) and test compatibility between NT4/2K/XP/2003/Vista, your tool is very handy.