Make an Easy to Remember Hard to Guess Password

by GenAap in Circuits > Computers

4140 Views, 22 Favorites, 0 Comments

Make an Easy to Remember Hard to Guess Password

3D MD5.png
Hash_passwordwithsymbol_howsecure.png

I have encountered many ways to make a password more secure. I'm sure you have heard some of these suggestions too, this includes adding numbers and symbols, more characters, capital and lowercase letters, and bla bla bla bla. But how do people remember these? Well they do things like use the first letter of each phrases like "Mary Had A Little Lamb". But that isn't secure to do for each website, so there must be a different phrase for each website you commonly visit. Then, after visiting enough websites we have to install a password manager, but when logging on when on another computer it doesn't work and the whole thing becomes such a hassle. I want a way that works anywhere, is fast, and most of all, effective. So I used something called MD5 Hash encryption. This method takes minimal memorizing and effort on the users part, its fast, simple, and most of all effective. Nothing needs to be downloaded and it works anywhere. Sound too good to be true? Read on.

Why MD5?

xkcd_password strength.png

If you just want to get to the method, you can skip this, but if you are interested in why I chose to use this method, read on.

MD5 Hash Encryption is an outdated method to store passwords on a computer's hard drive so that hackers cannot read them. It generates a string of 32 (seemingly-but-not-really-random) numbers and lowercase letters, called a hash, from another string that the user puts in. The cool thing is is that no matter how many times a user puts puts in a string, the same hash will always come out, but change one small characteristic, like a single letter or even just the case of a letter, and the whole thing changes. It also has the special property of being non-reversible. This means that even if a talented hacker has the hash and knows the algorithm, he/she cannot get the input.

So why is this outdated? Well, in today's modern world 32 characters is not enough. When someone puts in a string longer than 32 characters the algorithm loops over and starts reusing hashes. When this happens it is called a collisions, and because of the age of the MD5 algorithm, some of these collisions are known. Think of it like playing a game and you get the super-duper high score and it goes from 9999999 to 0000000. There are better and newer hash generators out there like SHA-1, but for our purposes, MD5 will work just fine.

Brainstorm

Brainstorm.png

Come up with some ideas for passwords. The number one priority here is how easy it is to remember. You can chose the weakest password in the book (or rainbow table ;) ) and it wont matter.
Thing to remember

1. If you find adding spaces make it easier to remember, do it. Otherwise, then leave the spaces out.

2. Don't capitalize, it is easier to remember.

3. No need for symbols here, keep it clean.

Open Up a Hash Generator

MD5 Hash Generator.png
Hash_password.png
Hash_passwordpaypal.png

Go to the following website
http://www.miraclesalad.com/webtools/md5.php

and type your password into the box. Avoid pressing "enter" as it will change the result. Also make sure there are not undesired spaces before or after your password. The string of characters displayed below is your new password.

Want to change the password for a different website? To make it easy to remember, just type in the name of the website right after your password.

For example.

passwordredit

passwordpaypal

passwordinstructables

passwordevernote

You can see below that the entire hash generated is completely original, without having to remember a different password for every website, you just have to remember one small password and be able to read the name of the website in the address bar.

When copying the password be sure to avoid highlighting anything outside of the password. Adding extra spaces, line breaks, and characters will mess it up.

But What If I Can't Remember That Website?

Hash2_password.png
Hash_password.png

Don't worry. Like I said in step one, the MD5 hash generator works anywhere. This is regardless of where the algorithm is being run. Just Google "MD5 Hash Generator" and you will be presented with a page full of options. The picture above shows the word "password" encrypted on www.md5hashgenerator.com.

So How Strong Is It?

password_howsecure.png
Hahs_password_howsecure.png

Well this is all fine and good, but how strong is the password? Just take a look. In the red picture I typed in the word "password", and as you can see, it would be broken very quickly. After running it through the hash generator, I plugged it in, resulting in a breaking strength of 501 nonillion years. That's 501 thousand billion billion billion years.
If you want to try this out for yourself the website can be found at howsecureismypassword.net

That's Not Strong Enough!

Hash_passwordwithsymbol_howsecure.png

Ok, ok. I understand if you are still a bit twitchy about someone breaking your password. To remedy this, chose a symbol on your keyboard and add it to the end of the password after it has been sent through the MD5 Hash Generator. As you can see this changes the time it takes to crack from a measly 501 nonillion years to a beefy duodecillion years. Let's compare.

Old password

Is Instantly cracked

New Password

501000000000000000000000000000000 years to crack

New+1 Password

1000000000000000000000000000000000000000 years to crack

That is quite an improvement.