P@s$w0rdz: Generating Passwords

Quotes | Memorable or Typable: Passcode: Generate; Change | Passphrase: Generate; Change |
Complex and Pastable Character Sequences |
Other Generation Methods

Quotes

• How do you come up with a secure password to protect yourself against hackers?...
  Just make it the last 10 digits of pi.
• Enter password: 'snowflake'...
  Confirm password: 'snowflake'
  Error, your passwords are not alike.
• I had to reset my password, chicken,... to have a capital in it.
  It's now chicken kiev.

Memorable or Typable Passcodes & Passphrases

Generate Memorable Passcode (PIN) for Phone, Tablet

• Phone: 8+ digits; avoid obvious sequences/patterns; e.g., Kanye West: '000000';
  The Police Can Probably Break Into Your Phone: phone-hacking tools typically
  exploit security flaws to remove a phone's limit on passcode attempts and then
  enter passcodes until the phone unlocks. Because of all the possible combinations,
  a six-digit iPhone passcode takes on average about 11 hours to guess,
  while a 10-digit code takes 12.5 years; NYT; 10/21/2020
• Tablet -- or phone with larger screen/keypad: 5+word passphrase (see below),
  or 24+ alphanumeric with punctuation
• watchOS: up to 10 digits
• Fingerprint or facial recognition is convenient,
  and may be an acceptable risk (see Passkeys:Biometrics), if you:
• have a strong PIN/passcode
• have an appropriate timeout requiring periodic PIN/password re-entry
• limit login attempts or enable auto-erase
• For a high-profile target, a resourceful criminal might use a fake fingerprint,
  contact lens or disguise -- or cut off a body part -- to trick the scanner.

Generate PIN: PM

• Note: Password Manager (PM) generator interface may vary
  depending on version of 1PW and OS,
  e.g., previously, Mac app and browser extension were different.
• I created a dummy "TEST PASSWORD" 1PW entry
  so that I could easily generate & copy passwords.
• 1Password : PIN / PIN Code: # of digits [above: iPad; on right: Mac]

Generate PIN: OS

• macOS: System Preferences > Users & Groups >
Password > Change Password > "key icon":
Password Assistant: Numbers only [on right: Mac]
• iOS: If using iCloud Keychain, it's possible to set a Strong Password
  when creating a new web account; how strong? how easily edited/replaced?
  Apple: Automatically fill in strong passwords on iPhone

Change PIN for Phone, Tablet

• And: Settings > Location and Security > Screen Lock:
• Pattern: drawing pattern; weak, if simple
• PIN: 8+ digits
• Password: 24+ alphanumeric
• iOS: Settings > Passcode > Change Passcode >
Passcode options: [on right: iPhone]
• Custom Alphanumeric Code: e.g., iPad: 5+ word phrase or 24+ characters
• Custom Numeric Code: e.g., iPhone: 8+ digits
• 6-Digit Numeric Code: (weak)
• When travelling or leaving device unattended, there's no 'Lock Screen' command (like macOS)
  that forces a passcode prompt upon next wakeup. Some options...
• How to Hard Lock an iPhone to Prevent Unauthorized Biometric Access
  for Face ID equipped iPhones: Press and hold the Power button and either Volume button
  for about 2-3 seconds; OSXD; 9/1/2022
• ~4 unrecognized fingerprint attempts: use a different finger from the ones used to train Touch ID.
• Power down iPhone/iPad, restart.

Generate Memorable Passphrase for Computer, Password Manager, etc.

• For some devices and accounts, a strong but easily 'typable' password
  (all lowercase, numerals) may be desirable, e.g.,

• 
  

  Wi-Fi router access for your guests
  (or provide scannable QR code)

• Netflix streaming credentials via keyboard menu on smart TV
• During system startup, login to user account,
  system services, e.g., iCloud (AppleID),
  or app, e.g., Dropbox,
  -- before password manager is accessible
• A few web sites block autofill or paste
  (supposedly to increase security?)
  -- thus requiring manual entry of credentials,
  via typing or clicking onscreen keyboard,
  e.g., treasurydirect.gov.
• It's difficult to think up a long, unique
  passphrase yourself -- use a generator
  to avoid common phrases, lines from poems,
  movie titles, Bible quotes, etc.
• e.g., "correct horse battery staple"
  [on right: XKCD cartoon]

Generate Passphrase: Diceware

• Diceware -- or diceware-like generator in PM or OS
• Roll 5 dice to select a word from a list of 7776 (6⁵) words in some language,
  e.g., English word list (EFF discussion); lists in other languages.
• Repeat to add another word.
• Stop when phrase is long enough.

Generate Passphrase: PM

• 1Password: Memorable/Words: # words, separator, etc.
  [on right: iPad; below right: Mac]
• Optional: to increase strength even more, customize generated words,
  e.g., mixed case, digits, punctuation*, misspellings,
  reversals, acronyms, invented words, other languages;
  *hackers already anticipate simple 'leet' substitutions like $ for S, 1 for L, etc.
  if including 'unusual' chars (accented, foreign, etc.) ,
  check availability / compatibility / keyboard for cross-platform use,
  e.g., unlocking password manager on different devices

Generate Passphrase: OS

• macOS: System Preferences >
Users & Groups > Password >
Change Password > "key icon"
  [on right: Mac]
• > Password Assistant : Memorable
  note: missing in newer macOS versions? [below right: Mac]
• Longer phrase: generate & concatenate two!

Change Passphrase for Desktop Computer

• macOS [see screenshots above, right]
• macOS: (apple) > Lock Screen to require a password immediately,
  e.g., if leaving computer or travelling
• Understanding macOS lock screen options ApIn; 5/7/2023
• Win: Settings > Accounts > Sign-in Options > Password > Add/Change

Complex (Pastable) Character Sequences for Web sites, Apps

Generate Sequence: PM

• 1Password: Random / Characters:
  # chars; symbols; numbers/digits
  [on right: iPad, Mac]
• "Avoid Ambiguous Characters" omits easily confused chars: 1 / I, 0 / O;
  useful for typable passwords [available only in some versions?]

Generate Sequence: OS

• iOS: see Apple: Automatically fill in strong passwords on iPhone
  (using iCloud KeyChain)
• macOS includes a Random option with its Password Assistant:
• macOS: System Preferences > Users & Groups > Password >
Change Password > "key icon": Password Assistant :
Random: length (31*) [on right: Mac]
• *for longer password: generate & concatenate two!
• Your OS may offer to generate and store passwords for a browser, e.g., Chrome, Safari,
  and maybe sync securely online, e.g., iCloud Keychain
• This can be convenient (and free), but generally not as secure
  or full-featured as a dedicated password manager,
  especially if your device/computer has a weak password
  -- or you've left it logged in when you step away!

Other Generation Methods

• Physical methods can take time;
  simple substitutions easy to crack;
  e.g., Wikipedia: Secret decoder ring [images on right]
• 'DiceKeys' Creates a Primary Password for Life with One Roll
  new kit leaves your cryptographic destiny up to
  25 cubes in a plastic box -- cute, but unnecessary; Wired; 8/21/2020

• 
  

  Use this Rubik’s Cube-style device to create ultra-secure
  computer passwords video: The Ultra Password Cube; 4/24/2018

• App/site -- how random? options? dictionary size?
  risky if it surreptiously logs the new passwords; these sites might be ok:
  webfx.com;
  random.org;
  privacycanada.net;
  xkpasswd.net (based on XKCD cartoon: correct horse battery staple);
  privacycanada.net;
  Molis Hai

• 
  

  "crosspassword" -- a term I coined as a joke);
  free-form crossword-like "2-D password" puzzle created from a passphrase [on right]
  as a "password" it's weaker than original 1-D passphrase, i.e.,
  less random due to "crossings" of entries; the clues give away the words! ;-)