Advice Request Is this a good idea for password?

[marhendray]

Hello. I am wondering if a password is composed from mathematical expression, equation, or symbols is considered safe. I have tested this password and it seems resistant to brute force attack. I don't really like the use of password generator because it's hard to remember the generated password.

This is the example of math-based password I created, (I can change multiple parameters, of course). It's a differential equation, but I can take another inspiration from other areas of math. It's complicated, but it's very easy for me to remember.

I really want to know if this is a good idea from a computer security perspective. Thanks!

 

[MuzzMelbourne]

Wow, the term ‘over the top’ comes to mind. Mine is 12 characters. 6 non sequencial numbers, 5 letters(inc 1 capital) and 1 symbol. 34,000 years to crack apparently. Easily changeable and really easy to remember. I use derivations of the same characters for different accounts. Not brilliant, but then I’m not very important and have no money to steal.

 

[Brahman]

Hello. I am wondering if a password is composed from mathematical expression, equation, or symbols is considered safe. I have tested this password and it seems resistant to brute force attack. I don't really like the use of password generator because it's hard to remember the generated password.

You don't need to remember passwords, use something like keepass or bitwarden and remember only one password ( ie for bitwarden or keepass) and use different passwords for each and every website, in that way even if one of your password gets compromised it will not produce a cascading effect on your security. Remember security of your passwords is not dependent solely on resistance to brute force attacks, it depends on so many other vectors that's out of our control, so do not rely just on one vector, have a plan B also.

 

[blackice]

The biggest problem you may have with that is that the service may not take all the different special characters.

 

[MuzzMelbourne]

Good point. My idiot bank only accepts 8 characters. Alpha, numeric and no symbols.

 

[marhendray]

You don't need to remember passwords, use something like keepass or bitwarden and remember only one password ( ie for bitwarden or keepass) and use different passwords for each and every website, in that way even if one of your password gets compromised it will not produce a cascading effect on your security. Remember security of your passwords is not dependent solely on resistance to brute force attacks, it depends on so many other vectors that's out of our control, so do not rely just on one vector, have a plan B also.

Well, thanks for the recommendation. I have Microsoft Authenticator on my phone, but after several events lately, I think i will have to remember it as a secondary plan.

A couple weeks ago, many of the employee and student devices got infected by infostealer thing (i don't know), including personal (windows laptop) device after connecting to LAN. After I realized that a couple days ago there was a data breach a mentioned by this twitter account.

You can see that most of the victims (number 2) are related to education related institution in Indonesia. So, I am somehow become 'paranoid' to sync or save all of my passwords to my work/untrusted devices unless I know that it's clean.

 

[marhendray]

The biggest problem you may have with that is that the service may not take all the different special characters.

Thank you for your feedback, probably I will adapt by adjusting the password into a simpler and short equation. This is just following the password guide that says "Don't create a password that correlate to you directly such as name, date of birth, etc.

 

[Back3]

Most people around me use 8 digits passwords and, often, the same one for many apps. But they also have Apple devices with double authentication. Face ID or Touch ID. No issues in the last 5 years. For newbies, it is easy to get a secure environment in Apple devices.
A friend of mine with a PC got infected last summer. I was able to get him to use KeePass, reinforced his passwords to 12 digits, installed Configure Defender to harden Microsoft Defender and AdGuard in Chrome. So far, so good. I didn't set double authentication on his PC because he lives in another country 6 months in a year and if he has an issue, he won't be able to solve it.

 

[Trooper]

That's crazy. I use Bitwarden. The end.

 

[simbatippe1234]

Hi, I use Lastpass, that is(I hope)safe enough.

 

[codswollip]

Hello. I am wondering if a password is composed from mathematical expression, equation, or symbols is considered safe

It might have been until you mentioned it. Now we will add mathmatical expressions to our brute force crackers

 

[motox781]

Don't overcomplicate things

 

[peterfat11]

I use dash lane gened password+3digit of my own. So no one knows the real complete password

 

[byronbytes]

I'd never be able to remember a password like that, I'm probably the MOST likeliest to get hacked because most of my passwords are the same on every website