These won't prevent a brute force attack. It will just take longer for the brute force to get your password.
Thanks for update. Would you mind add some more with your points. We'd like to read out more about the same. So that we can also meet with a fullproof algo.
Thing there is no full proof algo. A good brute force will always get your password. All you can do is delay them by creating unusual password and longer one's.
Yes, well said. The longer and unusual password will always takes longer to be broken. But still we can further precautions to be saved. I have changed my all passwords to unusuals and longer too. I have created them 15+ characters.
The real question is why you are still using ftp these days. FTP is a clear-text protocol which means your user name and password are not encrypted and therefore is available to anyone who has the ability to listen. You should look into using a different protocol (ssh/scp/sftp) or at the very least use FTP with TLS. If you are only using ftp to provide files to your clients you might want to consider just configuring your ftp server to provide anonymous only access and make sure the ftp service only has read access to your files. If your password was brute-forced you should look into why your server allowed more than 10 invalid login attempts which provided them with enough guesses to determine your password. Honestly, teaching people how to use mnemonics to remember strong passwords is a good first step but it is far from a complete solution. You should note that by replacing numbers with roman numerals (letters) you are decreasing the password complexity by reducing the character-set size. i.e. for a password with the length l using a-z you have a password complexity of 26^l. using a-z and 0-9 you have a password complexity of 36^l.
Xous, very firm reply.....yes... i havent though it in that way. This is good addition. If we have the tech why not using them. But the main problem is many people dont know much about ssh/scp/sftp and more like me. You have resolve and detailed it good. I'd be moving forward to take care of these aspects as well, not only concentrating on password alogs. rep added+ mate.
nshadab, sorry to hear of your troubles and glad that you got things sorted and actually took the time to research how to better protect yourself (I have had clients who have been hacked, gone back in and set everything up again using the SAME password!) and provide it to the community. xous is correct in several of his points, the one I want to emphasize on is the hosting company. Any hosting company worth their salt should have basic protection against brute force attacks so make sure you question them about this. Something as simple as installing port sentry on the server can have such an impact. Now, the advice I give to all of my customers..... Forget all of your fancy methods of coming up with passwords which are hard to crack. Get yourself over to KeePass and download the open source utility that acts not only as a master database of all your passwords and accounts, but also makes it extremely easy to generate long difficult random passwords that are very difficult to crack (the complexity of the password no longer matters because it also stores it safely for you). It's a great little tool, I have been using it for a couple of years now and I have never had a problem with it. HTH PS: No I am not affiliated in anyway with the software or it's developer.
I didn't feel secure using FF to remember high importance passwords. Know most tips already, but still a nice thread and some are news for me Better luck next time.
Great password. How do you remember that? I am also trying out some password remember softwares, if i find a good one i'll update here.
In my opinion, the best way is to include caps/non-caps characters, symbols, numbers and anything else odd. An example of this would be "S%5*o3@!@" and just use a password manager to remember the passwords or write them down somewhere safe. This is probably everyone's best bet. Using your website name is a bad idea as that is going to be one of the first targets for brute force attacks.