Quick Tip: Generating and using secure passwords, LEET/LeetSpeak
I recently switched job and was reminded during the induction trainings to use secure passwords and it recommended me of how I generated my passwords securely. With ever increasing threats and hacks, one way to secure your assets is to use secure passwords that is not easy for anyone to guess but at the same time easy for you to remember. Please note that the MFA should be enabled wherever possible.
I highly recommend reading the articles Use number matching in multifactor authentication (MFA) notifications (Preview) – Azure Active Directory – Microsoft Entra | Microsoft Learn and Defend your users from MFA fatigue attacks – Microsoft Tech Community
It is important to generate and use secure passwords. I would like to begin with an example I recently picked up. We all think generating a long password using common words is safe. As password Such as “PizzaPartyDay” even though has 13 characters can be easily hacked in 24 hours or less as it is not secure. If we change the same password to “Pizza43Party@Day!” or “P1zz@P@rtiD@y” then it would take multiple computers making above one hundred trillion guesses per second up to 1.49 million centuries to crack (as suggested by one of the security trainings).
Important points to note are:
- Try and use words or combination of words which cannot be found in a dictionary. Make up your own words if you can remember.
- Set a password which has 15 characters or more
- Do not use your date of birth or anniversary.
- Avoid writing down or saving passwords in text files, email, onedrive, on sticky notes, mobile numbers.
- Try to set a different password for your banking applications, emails and other important accounts. Even if it is a small difference do not use the same password on multiple platforms.
- Use LEET also known as L33T or 1337 (LeetSpeak), you can see how this would work. Refer Leet – Wikipedia
- If you are using automation to generate secure passwords do not use Get-Random to generate a random set of characters, instead leverage RNGCrypto. I have published a sample Powershell code here.
- You can also use the following code to generate a secure password using LEET. I also have a web link that can generate a combination of secure leet characters. My dictionary has thousands of words to pick words and generate a secure leet password every time you visit the website. Samples shown below.
Leet Password Generator
Simple visit the link https://ipsubnet.lessergeek.com/api/SecurePassword?Length=12
It will generate a 12 character leet Password for you as shown in the below example
You can also use your own password string and my code will convert to leetspeak as shown in the below example
I pass the word “BigFatPizzaParty” by using
https://ipsubnet.lessergeek.com/api/SecurePassword?Password=BigFatPizzaParty&Length=15
As you can see it converts “BigFatPizzaParty” to “B!gPH@tP!zz@P@rti“
My dictionary has thousands of words, you can use simple character replacements to build your own Leet generator. Feel free to even have your own character replacements. I would also put it on my Github repo in a few days.
Letter | Substitute |
A | 4 |
a | @ |
C | ( |
D | ) |
E | 3 |
I | 1 |
J | / |
O | 0 |
o | 0 |
S | 5 |
T | 7 |
V | \/ |
8 | B |
9 | g |
i | ! |
W | \/\/ |
w | uu |
ty | ti |
f | ph |
F | PH |