Before I used a password manager, I used three random word phrases, but with the first word lowercase, the second upper case, and the third (chosen to contain at least one of "aeio") with tr/aeio/4310/. This gave phrases that passed requirements like "must contain a mixture of upper and lower case" and "must contain at least one number". It also increased the search space for guessing. In some cases I had to chuck a "!" on the end to meet a "must contain a symbol" requirement."crystal lizard rekindle" became "crystal LIZARD r3k1ndl3" etc.
tzs|4 years ago
Put the "!" at the front or in the middle. That way if you accidentally type or paste the password into bash or zsh it won't end up in your history.
That's because "!foo" or "bar!foo" are parsed as requests to substitute the most recent prior command that starts with "foo" in place of "!foo". Assuming you don't have such a command in your history this fails with an error about event not found. No command is generated, and so there is no attempt to run a command, and so nothing goes into history.
"foo!" on the other hand is parsed as an attempt to run the command "foo!". Command attempts do go into history.
mewpmewp2|4 years ago
SV_BubbleTime|4 years ago
But you realize any serious offline cracking is going to get both of those right?
Common word in lowercase - no problem
Common word in uppercase - no problem
Common word with 1337 replacement - no problem.
All you had to do to make this significantly more secure… was add a fourth word and not do the things that humans think are clever and machines don’t really care about.
Although I concede that the stupid requirements that websites have make simple passphrases more difficult than needed.