Abraxas

Easy to remember generated passphrase(s) that can be used as a master password(s), we've made this for our clients but anyone is free to use it.

Formerly CPG

Tags

• 💡 Easy to remember
• 🔒 Secure passphrases
• 🎉 Open source

How to use it?

Notes

Currently, Abraxas is only available on the command-line we are working to create a secure website to generate these passphrases with multiple functions for example:

• Choosing a wordlist
• Number of words used
• Amount of passphrases to generate
• Time to hack these passphrases*
• Adding a personal wordlist (please add these to the repo to share them)* We're also converting the python app to a command-line package so everyone can download it from their favourite package manager and generate passphrases with flags like -w 4 to use four words instead of the standard three.

• = not a priority

Guide

• Clone the repository: git clone https://github.com/Absolum1/Abraxas.git
• cd into the folder Abraxas/python/ by cd Abraxas/python
• Run the script by python abraxas.py
• Tip: use the repeat x (replace x with the number of passphrases you want) command before the run-script command python cpg.py to get multiple passphrases, example repeat 10 python abraxas.py (to get 10 generated passphrases)

Why Abraxas?

This tool aims to generate secure master passwords according to our standards for our clients.

Some of our clients haven't moved on to password managers (like LastPass) yet, and one of the biggest hassles is getting them to pick a secure master password.

They go with an easy unsecure password or one that's easy to guess. Here are a few very generous examples and what's wrong with them:

Chantal231!@

• Chantal is a common name so it will likely be in a dictionary already.
• The user's kid is called Chantal.
• 231 is a variation of 123 which is pre-baked into any attack.
• !@ are the two first special characters and are most used, using #$%^*()-_=+/?.,<> are a lot more secure because they appear less.

Kitchen731#!

• Kitchen is in the top 10000 English words used so it could appear in a dictionary, although usually, hackers prefer 1000-5000 words because they yield more results and work faster.
• The user who created this password loves cooking and she happens to be very open about that on social media.

BaseballLawyerChuck1271999!@

• The words "Baseball" and "Lawyer" are both in the top 10000 English words used so they could appear in a dictionary, although usually, hackers prefer 1000-5000 words because they yield more results and work faster.
• The user is a proud member of a lawyers baseball team.
• The user's kid "Chuck" is born on 12-Juli-1999.
• !@ are the two first special characters and are most used, using #$%^*()-_=+/?.,<> are a lot more secure because they appear less.

Most of the passwords I see or hear of being used are terrible, some appear to be good like BaseballLawyerChuck1271999!@ but could be hacked quite quickly.

To leave all the mathematics out of it we've set a standard for our master passwords and those of our clients that should keep them secure for the following years, and most likely any password will be better than the one they use already you can see it below.

Absolum master password guideline

A "secure" password has to be 3-5 words of uncommon nonsense words with special character split, with at least 1 uppercase letter, 1 lowercase letter, 3 numbers without any variation of 123 or 123456/123456789, and 2 special characters not including !@.

Tip!: Special characters are all special characters on the keyboard not just!@#$%^&*()-_=+ when possible be sure to use all of the ones possible `~[]{}|;:'",.<>/? and any more if you might use a different keyboard than query.

Summary guideline

• 3-5 words of uncommon nonsense words with a special character split
• 1 uppercase letter
• 1 lowercase letter
• 3 numbers without any variation of 123 or 123456/123456789
• 2 special characters not including !@

Nonesence words

• Hooey, Bushwa, Trumpery (words with a meaning, that are uncommon in natural conversation)
• Crumpsey, Mundle, Vargle (English dialect, or Old English)
• Fiawa, Scremptula, Wequlious (made-up words with no meaning)

Tip!: if you speak a dialect or any other language than English use words in that language they will be less likely to be in a dictionary

• Krissie, Slaoij, Drekbak (Dialect in Maastricht's)

Examples

• Ve%logoofiekrissiesjeng831#$
• BushwayYAOURTvargle239&
• Zielowva~lmaandJaar(,721
• beh_indlagvarinlus';008
• Be~lgen5,%70riepchristusbeelden

Explanation

The goal of these rules is to create an easy to remember and secure master password. To reach the goal it has to be:

Long

• 3-5 words (12+ characters)

Dictionary safe

• The words have to be nonsense or uncommon (we prefer nonsense because it's usually funny and thus easier to remember)
• Splitting of words with a special character (this makes dictionary attacks almost useless)

Various

• Uppercase
• Lowercase
• Numbers
• Special characters