Thanks! I changed my password to correct horse battery staple

A small tip that works to trip up script kiddies is to include escape characters like ;

Snowden said it right. Don’t think of passwords as words, but more like sentences or phrases.

I recently discovered you and your channel. Great stuff! I have been binge watching all of your content (both old and new) until late into the night. Subbed!

Damn, that Octopus stole my lunch Monaaaaaaayyyy....

everytime i see ur vids i learn soo much its incredible... you are not like the other youtubers that just show up with the solution and mumble for 9.55 minutes.

Well this is how my old Computer Science teacher taught me to do it, and now I am gonna teach you all. You start with a sentence, a nice and long one, but one you really like and will always remember. 1.) Furthermore, I am of the opinion that Carthage should be destroyed now you take the first letter of each of these words 2.) F,IaototCsbd Already wonderful we got a special symbol even, now you need an extra rule, his favorite was the @ symbol and when it was said so 3.) F,IaototCsbd@146bc (source: wikipedia, dude trust me) Now you got a password that literally no one can crack and you can remember. might even use the first part of your favorite song, the sudo password for my HTPC was video killed the radio star.

I just recently came to your channel. Even though most of the things goes over my head. With a lil patience, a normie like me can use some of the simple advices you give like this one. THANK YOU.....

I really appreciate your content, thank you.

That punch line at the end 😂😂😂😂😂

I used to have the same password or variations of it on all my accounts. I started using a password manager a few years ago. Best decision ever. I tried to get one of my friends to do the same, and they got hacked.

One of mine is a combination of English, Spanish and Nahuatl (Aztec language) words. It sounds complicated but if you grew up in Central Mexico, like me, it's not hard to remember. Those three languages are all over the place. Not to mention most Nahuatl words you can't really find online, you learn via word of mouth. Or knowing weird aztec names for things.

came here to hear kenny say "chungus" i'm satisifed

Man, You are one of the treasure I found in YT... i wish i could do more for you in return rather than just watch you without AdBlocker... Creators like you deserve better. ❤️❤️

I love how you keep talking in first person when talking about how a hacker would go about cracking passwords.

Always funny how often supposedly smart people in fiction have terrible passwords. eg Ozymandias in Watchmen. A notable exception was in Doctor Who where the eleventh doctor uses the reasonably secure four-rare-words method for his password.

my master password is uncrackable

I'm a bit late to the party here, but... Even common words work if you just use a couple more. A single new common word added to your password, according to your metric, increases the cracking time by a factor of 10 000, assuming secure hashing. I'd say that's about the same as changing from common words to uncommon words (from 10k dictionary to 100k seems reasonable). Even six common words is not that difficult to remember, and it's a hundred million times harder to guess than four common words. I personally used diceware to choose my master password's six words (plus one random obfuscating symbol somewhere in there). My password is basically 32 die throws (over 82 bits of entropy) in a row (I actually used a real die here), encoded in a way that's pretty darn easy to remember. Yeah, the diceware dictionary has a little less than 10 000 words in it, but since I have six of them that doesn't really matter. Mathematically, increasing the exponent generally trumps increasing the base.

Use a key file and/or security key to secure the database with 2FA. Then encrypt and backup the key file in case you need to access the database without the security key. Also could encrypt and backup the seed to the security key challenge-response so that you can recreate the key if you lose it or break it. Then use a separate database to create a strong master password for the main database. A hacker would need your master database, then get either the key file or seed backup and decrypt it, then your other database and password to that database in order to get the password for the master database. It’s kinda redundant but it’s like locking a key in a safe and locking that safe’s key in a safe.

I think it would be a good idea to select words from multiple languages, as in "libertatum jahannam beylerbeyi vodka sushi" the cracker would need 5 dictionaries for 5 different, unrelated languages. Most people don't know multiple languages, but you probably know at least a few words from other languages. I don't know Arabic, Latin, Russian or Japanese, but I could come up with these words.

I feel like having a decent password is good but using an authenticator with your main password manager is way more important.

A good idea for a video is to talk about hashes and its relation with security and maybe some Linux examples

Yametez, octo-san, don't take my banku no pin

13:38 All of a sudden, the overfocus of this channel on privacy makes a hell lot of sense...

Can you do a video on encrypting disk ??

an md5 hash of my normal password for accounts that are valuable to me is good enough for normies such as myself

I just keep making combinations I can remember until the Ubuntu installer tells me I'm in the green

Great content with a lot of humor though. Damn, I can't stop laughing at 13:38

Dumb question: If I speak multiple languages, would using words/phrases/symbols from each be more secure? I'd assume hackers aren't all native english speaking only. But on the contrary I've done something similar to that and some websites won't let me back in because their backend doesn't know how to handle such symbols I'm guessing.

I really enjoy your content, thank you!

Mental should just give us all a superstrong password we can all use

The ending was pure gold

Humorous and informative video 😄

i guess i just have a good memory because for passwords/phrases I really need to be secure I dont follow any guideline I just literally randomly mash the keyboard for a good 20 or so characters and then permanently memorize the result on the spot, and type it from memory every time I have to use it again. The longest one I've used was 36 random alphanumeric characters, but I think that's really overkill. I never store or write this I only memorize, even though I change them relatively often as well I usually remember all of them for years after I replaced them. a few times i have had to think for a minute for some but I have never forgotten any when I needed them.

7:50 the password is good, even against dictionary attacks with the attacker knowing the exact word count! There are like 10^3 common words and those are four random words which means that there is 10^12 possible passwords (= 40 bits of entropy). Since your password manager you use uses argon2 (< 100 hash/second if configured properly) there is no way that anyone will crack it ever.

11:30 Plot Twist: He revealed his master password

Oh, fun fact: medieval world of occult used curses and random nonsense from multiple languages (from low German to Aramaic) as spells and incantations. I think in some cases it was a sort of cypher or literal trolling (they loved memes and taking a piss at everything and everyone for some reason. Medieval monks would probably frequent 4chan today). Try it out yourself.

Will foreign characters work? Is multilingual gibberish a viable option? Because I guess that some good ol’ French mixed with Arabic can be pretty hard to crack when you take all the points you gave in the video.

I made a sentence about my personal information which I will never forget, used the first litters and numbers with punctuation (e.g., 'Lmni,RtvaJRLaKNCoNt12t1,4,3.') for my pass manager then use complex randomized generated passwords. A good suggestion could be the first sentence/paragraph of your favourite book (which you own) and the ISBN

Thank you for this video, it was very helpful.

Hey this vid is almost like a reply to my comment in the last vid =D

The worst thing about "how to make a password" video is that it also feeds into password cracking dictionaries. Still, this video is pretty good for at least introducing the idea of "making up your own word." What are people's thoughts on even a slight marrying the two concepts? The one thing that always bothers me about the correcthorsebatterystaple is that it doesn't even try to use caps or punctuation. "Correct horse, battery: staple." requires little mental effort to manipulate and yet can deter a dictionary attack by chance in case they hadn't accounted for extra characters. Technically it's not 10,000 ^ 4 as so much as now 20,000^4*(50? 100? Whatever the size of the padding characters could be)^4 at least.

So just make my password ebonics?

one of your best videos

CHUNGUS!

Randomly generated pass phrases are pretty good

13:38 ;))

If only password policy allowed for some passphrases instead of requiring special character mixed case spaces invalid

I just bash my keyboard, and reset my password every time i need to login.

wow thats a great password ! im going to use it

5:20 I see you too are a man of high culture

is my password ******** good?

can you make a video of how to deal with the situation of: a 1080p monitor with a 4k one in a desktop enviroment? the downscale with xrandr is awful.

I had a question about password cracking attacks. If I as a web developer implement attempt limits on my sign in, doesn't that eliminate a hackers ability to do a dictionary attack or brute force it? After X number of attempts the account becomes locked, so not only can they no longer make any more attempts to login, but it won't matter if they do some kind of ip spoofing to "reset" their attempts, because the account internally will be locked until the true user goes through an authorization unlocking process.

i came up with a method that allows the most simple passwords ever, but it's a bit awkward to use atm, need better software support. you simply hash your password with a slow hash

When your school's SSO doesn't let you use half of the special characters visible on the standard US keyboard

The real big brain move would be using non English words.

I sometimes use whole lines from national anthem lyrics. Probably shouldn't say this but I'm not a POI anyway.

not that I'm an expert but I'd suggest that it's even better to simply find a list of 100,000 words and randomly pick four or five of them. Picking character names or brand names sounds very social-engineer-able

Password; "Coitus et medicamentum et petra et volvere" Latin; Sex and drugs and rock and roll. Not going to forget that one.

13:47 oh damn.... I found that funny but I think I'm gonna have to remove that from the playlist on my channel now 💀

I like this video a lot

this video is TOP V!

Gotta change kakarot to Ultra Instinct Kakarot, since Tournament of Power!

what about PINS? I use those on my password manager but idk also (fingerprint and face)

Create Strong and easy to remember password in bash : $: read -s pass; echo $pass | md5sum | tr '[AaNnTt]' '@' | base64 | tr '[EeHhLl]' '#' | cut -c -25 this is just an idea/example, YOU SHOULD MAKE YOUR OWN VARIATION(DO NOT COPYPASTE THIS!!!) you can change md5sum to any other hash generator (e.g. sha256sum) tr '[AaEe]' '@' changes some characters to make your pass indecryptable (at least harder to decrypt) cut -с -25 gives you only 25 first characters from the output (you can set it from 1 to 40 )

6:28 Paypal has a password length limit.

I've been using a password manager for a while now. At what point do you change it's password? I assume It's also the time to change all the passwords within the manager. Every year or two? I don't have TikTok installed on my phone but I've recently learned that it saves your clipboard every couple of seconds (even in the background) afaik there's nothing stopping other apps from doing so also. Is it wise to split your accounts in two .kbdx files? i.e. for life-ruining and everything else. Maybe even append a string to the passwords so that if your clipboard gets stolen it doesn't have the string needed to crack your pw.

I feel like long German words (for example Lebensabschnittpartner) are pretty useful basis for password

My password on social media is an easy one but hashed. Since its hashed again by the database, will be hard to know what is my password. The least strong unhashed password which is actually strong for most people is to log in on my computer. Well... now is less stronger since you all know, but is yet quite strong. Hahah

Protip: use neologisms and intentional spelling errors (make sure they're fun, cringy or otherwise emotionally engaging to reinforce the neural pathways, have some fun with wordplay, make it a whorse) and mix languages, even within words. You don't have to be a poliglot to be able to do this, it can even help you learn a language if you change the password regularly (I know, weird technique but what works...)

13:38 oddly specific

Who would have thought being fluent in an obscure language would be so useful?

Which password manager do you recommend? 2FA worthwhile or a meme?

I was scared that my password is going to be brute forced or social engineered, I literally just closed my eyes and randomly typed things and included randomly holding down shift. And I forced my self to remember this 15 characters long string, which I did. And I “reverse” hashed with one of my failed hashing programs that expanded the key into 125 characters instead of hashing it. Which I made sure outputted consistently, and imported only the bare minimum of libraries. AND, I flashed the binary into a atmega microcontroller that looks like a normal usb to input the password by showing itself as a HID to any computer while haing specific gpio ports shorted. I use it as my homemade homemade keypass. I even modified the key to be successfully recognized as input method on android phones and ipad by modifying some libraries. When I can’t short any gpio ports, the key simply opens a notepad program on the current system and writes the whole binary of the program that I wrote, and automatically run it asking for any string input, which only outputs the password that I wanted when I type the 15 characters (I can also just input any other new password to be expanded into a somewhat “reverse hashed” string.

Thx

MFA like time-based codes to a phone or a smart card can be more secure than a password alone

does this method still work?

What should happen to my passwords when I die?

Sneaking in Big Chungus I see.

44 bits of entropy is not safe. If the attacker has enough money they don’t need it to take decades to crack. They can buy unlimited cloud computing power easily. You should analyze the cost of cracking in addition to time.

what about foreign words?

Maybe not the safest method around, but the way I create my passwords is that I invent long random sentences and take the first letter from each sentence. So something like 43 long legged neckbeards landed with star-shaped choppers on the roof of my house. They stole five dollars and kidnapped my dearest ginger auntie. Fortunately i caught them and sent them to jail. That would give a password looking like: 43llnlw*-scotromhTs5$&kmdgaFIct&stt# I get that it's not perfect in terms of entropy because sentences just must have certain structures and there probably is a certain distribution of letters in beginning of words, but it can be fairly well remembered and can create some damn long passwords.

0:10 bet, I convert a phrase to something other than english that has different characters, like arabic for example, then convert that into Unicode and paste it in.

50AnyIII@y,,IStaRRtedB1@stinG - would this be a good pass? It's easy to remember, shouldn't be very guessable. (I'm not using this one, if you're wondering)

You'll still have the problem of people using the most common words in their password. What happens when half the passwords are Love, Success, Money and God (nod to the movie Hackers :-) )

I don't mind memorizing extremely long randomized passwords. Would a randomized alphanumeric 64 character password be ok? I could memorize a random 128 character password but it would take a few days to memorize.

it was kinda funny watching 10:40 while having jmnedict on my computer (not for hacking of course)

Hey unsure about this but is it possible for websites to see whats in your clipboard? Maybe copy and pasting isn’t the most secure.

Not even GPUs Im sure some organizations have password cracking ASICs at their disposal...

Why not nonsense words? I never see this mentioned. Why not “jilly nilly shipple hipple twing” or “gopple stopple awesome twang”. Something phonetic that you can remember. Open a text editor and start playing. See how fast you can type what you come up with. Once you think you’ve got a good flow going with your chosen phrase, type it several times to stick it in memory then close without saving and use it. And of course as others have mentioned, toss some random punctuation in there too. Tack an exclamation mark on the end or if you’re using windows look into using the alt key plus number pad to generate whacky characters like ñ or æ if the website or app will take it.

I just got a notification from google because my password had been found on a data breach, the same one I used on paypal It apparently leaked from Linkedin in 2021, and the only reason I still have my savings is because no one tried hard enough

👍👍

10:17 *_HOLY FUCK HOW'D HE FIND MY PW_*

I wrote down a part of my master password on a paper irl and another part of it I memorize. Can anyone tell me how safe that is

bro you cant get hacked if you use japanese,cyrillic,litterally any letter that isnt english

chungus

Ok, but what if we present a human/algorithm with random keyboard mash type characters and ask them to pick out sequences they can remember, then collect like idk 20 characters, substitute the e a o etc for 3 @ 0, add a random number somewhere and maybe some punctuation so we get pkovzqkdwkdwcsciujbchyfvccswueeopfowkgotskenzkmpjddhfs -> pkovz csci hyfv wueef gotskenz kmpj -> Pkovz 894624 CSC!, hyfv wu3ff G0tskenz KMPJ. I have a feeling that if replace a biased human with an algo that can distribute characters well and not ignore the least used ones like z q x, etc then no dictionary is applicable. Especially if every person that has a copy of the generator retrains it a bit.

what if my password is a word spelled wrong?

Just use diceware