Are you using “strong” passwords for all of your web accounts? Would you like to use our “Password Suggestions” below? It’s simple. We bring daily news collection from around the world. Use the news headlines as a password. It would be easy to remember, and obviously very strong. Add a number or a symbol in it to make it even stronger. That’s the one and only password that you would ever have to remember. LogmeOnce Online Password Generator enables you to Generate Passwords. That is Strong Passwords.

3. Additional Information & Resources:

LogmeOnce Online Password Generator

LogmeOnce Online Password Generator is a simple and user friendly, yet powerful application enabling you to easily assess the strength of your password strings. The instantaneous visual feedback provides you with a means to immediately improve your password strength.

For our calculation, we are considering “Brute Force” attack which uses a crypto analysis techniques to find more complex words that has a combination of “alphanumeric” and “special” characters in them. This is a comprehensive mathematical engine, however we highly recommend that our Online Password Generator should be utilized as a guideline in creating stronger passwords. Additional practical and mathematical theories considered are entropy, password strength and password cracking.

What is Brute-Force Attack?

“In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the encryption determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it. It is important to generate passwords that are strong.

Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.”

Wikipedia Source : Brute Force Attack

What is Entropy?

Information theory: Entropy is a measure of the uncertainty associated with a random variable. In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message. Entropy is typically measured in bits, nats, or bans.

Data compression: Entropy effectively bounds the performance of the strongest lossless (or nearly lossless) compression possible, which can be realized in theory by using the typical set or in practice using Huffman, Lempel-Ziv or arithmetic coding. The performance of existing data compression algorithms is often used as a rough estimate of the entropy of a block of data. See also Kolmogorov complexity. In practice, compression algorithms deliberately include some judicious redundancy in the form of checksums to protect against errors.

Introduction: Entropy, in an information sense, is a measure of unpredictability. For example, consider the entropy of a coin toss. When a coin is fair, that is, the probability of heads is the same as the probability of tails, the entropy of a coin toss is as high as it could be. There is no way to predict what will come next based on knowledge of previous coin tosses, so each toss is completely unpredictable. A series of coin tosses with a fair coin has one bit of entropy, since there are two possible states, each of which is independent of the others. A string of coin tosses with a coin with two heads and no tails has zero entropy, since the coin will always come up heads, and the result can always be predicted. Most collections of data in the real world lie somewhere in between. It is important to realize the difference between the entropy of a set of possible outcomes, and the entropy of a particular outcome. A single toss of a fair coin has an entropy of one bit, but a particular result (e.g. “heads”) has zero entropy, since it is entirely “predictable”.

Definition: Named after Boltzmann’s H-theorem, Shannon denoted the entropy H of a discrete random variable X with possible values {x1, …, xn} and probability mass function p(X) as,



Here E is the expected value operator, and I is the information content of X. I(X) is itself a random variable. The entropy can explicitly be written as



where b is the base of the logarithm used. Common values of b are 2, Euler’s number e, and 10, and the unit of entropy is bit for b = 2, nat for b = e, and dit (or digit) for b = 10.

In the case of p(xi) = 0 for some i, the value of the corresponding summand 0 logb 0 is taken to be 0, which is consistent with the well-known limit:



Differential Entropy: Extending discrete entropy to the continuous case – The Shannon entropy is restricted to random variables taking discrete values. The corresponding formula for a continuous random variable with probability density function f(x) on the real line is defined by analogy, using the above form of the entropy as an expectation:



To do this, start with a continuous function f discretized as shown in the figure. As the figure indicates, by the mean-value theorem there exists a value xi in each bin such that





which is, as said before, referred to as the differential entropy. This means that the differential entropy is not a limit of the Shannon entropy for . Rather, it differs from the limit of the Shannon entropy by an infinite offset.

Wikipedia source : Information entropy

Use of Random Password Generator

What is Password Strength?

Password strength: Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability. A secure and random password generator can generate strong passwords.

Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the authentication system software, particularly how frequently password guesses can be tested by an attacker and how securely information on user passwords is stored and transmitted. Risks are also posed by several means of breaching computer security which are unrelated to password strength. Such means include wiretapping, phishing, keystroke logging, social engineering, dumpster diving, side-channel attacks, and software vulnerabilities.

Random passwords: Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), syllables designed to form pronounceable passwords, or even words from a word list (thus forming a passphrase). A strong and random password generator can generate random passwords.

The strength of random passwords depends on the actual entropy of the underlying number generator; however, these are often not truly random, but pseudo random. Many publicly available password generators use random number generators found in programming libraries that offer limited entropy. However most modern operating systems offer cryptographically strong random number generators that are suitable for password generation. It is also possible to use ordinary dice to generate random passwords. See stronger methods. Random password programs often have the ability to ensure that the resulting password complies with a local password policy; for instance, by always producing a mix of letters, numbers and special characters.

For passwords generated by a process that randomly selects a string of symbols of length, L, from a set of N possible symbols, the number of possible passwords can be found by raising the number of symbols to the power L, i.e. NL. Increasing either L or N will strengthen the generated password. The strength of a random password as measured by the information entropy is just the base-2 logarithm or log2 of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password’s information entropy, H, is given by the formula



where N is the number of possible symbols and L is the number of symbols in the password. H is measured in bits. In the last expression, log can be to any base.

Wikipedia source : Password Strength

What is Password Cracking?

Password Cracking: In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Another common approach is to say that you have “forgotten” the password and then change it.

The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file’s access is restricted.

Time needed for password searches: The time to crack a password is related to bit strength (see password strength); which is a measure of the password’s information entropy. Most methods of password cracking require the computer to produce many candidate passwords, each of which is checked. One example is brute-force cracking, in which a computer tries every possible key or password until it succeeds. More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc., attempt to reduce the number of trials required and will usually be attempted before brute force. Higher password bit strength increases exponentially the number of candidate passwords that must be checked, on average, to recover the password and reduces the likelihood that the password will be found in any cracking dictionary.

Incidents: On July 16, 1998, CERT reported an incident where an attacker had found 186,126 encrypted passwords. By the time they were discovered, they had already cracked 47,642 passwords.

In December 2009, a major password breach of the Rockyou.com website occurred that led to the release of 32 million passwords. The hacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the internet. Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The Imperva Application Defense Center (ADC) did an analysis on the strength of the passwords.

In June 2011, NATO (North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11,000 registered users of their e-bookshop. The data were leaked as part of Operation AntiSec, a movement that includes Anonymous, LulzSec, as well as other hacking groups and individuals. The aim of AntiSec is to expose personal, sensitive, and restricted information to the world, using any means necessary.

On July 11, 2011, Booz Allen Hamilton, a large American Consulting firm that does a substantial amount of work for the Pentagon, had their servers hacked by Anonymous and leaked the same day. “The leak, dubbed ‘Military Meltdown Monday,’ includes 90,000 logins of military personnel—including personnel from USCENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors.” These leaked passwords wound up being hashed in Sha1, and were later decrypted and analyzed by the ADC team at Imperva, revealing that even military personnel look for shortcuts and ways around the password requirements.

On July 18, 2011, Microsoft Hotmail banned the password: “123456”.

Prevention: The best method of preventing password cracking is to ensure that attackers cannot get access even to the hashed password.

Wikipedia source : Password Cracking

What is Password Manager?

Password Manager: A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. The great advantage of password-based access controls is that they are readily incorporated in most software using APIs extant in most software development environments, require no extensive computer/server modifications and users are very familiar with them. It is important to use a random password generator.

A reasonable compromise for using large numbers of passwords is to record them in a password manager, which include stand-alone applications, web browser extensions, or a manager built into the operating system. A password manager allows the user to use hundreds of different passwords, and only have to remember a single password, the one which opens the encrypted password database. Needless to say, this single password should be strong and well-protected (not recorded anywhere). Most password managers can automatically create strong passwords using a cryptographically secure random password generator, as well as calculating the entropy of the generated password. A good password manager will provide resistance against attacks such as key logging, clipboard logging and various other memory spying techniques.

Wikipedia source : Password Manager

What is Single Sign-On (SSO)?

Single Sign-On (SSO): Single sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems. As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.

Wikipedia source : Single Sign-On

What is Identity Management (IdM)?

Identity Management (IdM): Identity Management describes the management of individual identifiers, their authentication, authorization, and privileges/permissions within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks. Identity Management is a term related to how humans are authenticated (identified) and their actions authorized across computer networks. It covers issues such as how users are given an identity, the protection of that identity, and the technologies supporting that protection (e.g., network protocols, digital certificates, passwords, etc.).

Wikipedia source : Identity Management

Your Peace of Mind,

Security gives you Peace of Mind… Security gives you Peace of Mind…

Is Our Paramount Priority…

But how does this benefit you, your customers, or your organization? How do you protect it all?

Protecting security credentials, multiple passwords and user IDs is a simple yet paramount task. Today, your security credentials and its access control may be open like thousands of unprotected, scattered, unconnected islands. It’s disjointed, unmanaged, and can easily be taken over with minimal resistance or control. Once an invader sets foot on the first island, then it is an easy journey to hop from island to island and capture them all. An intruder has the ability to take control of your island or your computer, and access its entirety. It is important to use a strong password generator.

Protecting a multitude of passwords and User IDs is quite similar. Once a hacker takes control of your first ID or password, drilling through to find more could be fairly easy. However, if you have a security policy in place and already protect each password (or island) individually, then it is not such a simple task to invade. Protect each password individually and automate the entire process.

Security needs to be instilled in layers. It needs to be protected in layers too.

Let LogmeOnce automate the process and enjoy security policies that otherwise, may be challenging and time consuming for each person to set it up. Employ policies that large businesses or government agencies use to protect their passwords. They have the necessary personnel with qualified security background. Take advantage of what experts do.

LogmeOnce is a Password Management software + Single Sign-On (SSO) + Identity Management (IdM) + Cloud Security + Clod SSO + Single Log Out + And more. As a always use a strong password generator provided by LogMeOnce.