Multiword Passwords Secure Or Not?

Gaygirlie writes "An article over at Gizmag says: 'It's a meme that's been doing the rounds on the internet in recent years: multi-word pass-phrases are as secure as long strings of gibberish but with the added benefit of being easy to remember. But research from Cambridge University suggests that this may not be the case. Pass-phrases comprised of dictionary words may not be as vulnerable as individual passwords, but they may still succumb to dictionary attacks, the research finds.' I find this to be twisting of words and general consensus; of course any password whatsoever is going to be insecure against offline attack, and using common, popular words is going to make guessing the password much easier. But is this really an issue in a world where most attacks are done online? Should general populace still be coaxed into using randomly generated passwords?"

Obligatory xkcd

[kc9jud]

http://xkcd.com/936/

Re:Obligatory xkcd

[medv4380]

Come on. All he did was post a link to a related xkcd comic. He didn't say anything about it being right or wrong. It's related, and funny. Would you rather have had someone do a standard first post troll instead?

Re:Obligatory xkcd

No, you RTFA. They mention xkcd, but then ignore it and go on to test 2-word passwords that are not randomly chosen or unrelated words. Of course 2-word passphrases, where the words are related ("Chicago Bulls") or are a verb-noun pair ("Speedy Gonzalez" "Soft Kitty" "Oneiric Ocelot"), are weak against dictionary attacks. The xkcd approach is not.

Re:Obligatory xkcd

Exactly. Even if they knew it was a string of words, there are 13 words there. So think of it like a 13 "character" password (generally pretty secure), except that instead of each "character" being picked from one of a set of (26+26+10+~20), each "character" is picked from a list of thousands of words. Even if you were to try applying linguistic details (like one particular word is likely to followed by a smaller set of words), it's still going to be more complex than a 13 character random password. And then that's not even taking into account the extra punctuation you added.

Intuitively, I just can't imagine how it would be any worse off. Even if you consider that many people will use semi-obvious stuff like "I am your father", "Here's looking at you, kid", "You can't handle the truth", or "I've got the same combination on my luggage", that's got to be at least 100 times better than the alternative they would have chosen: "password", "kitten", "12345", or their username in reverse.

Re:Obligatory xkcd

[thsths]

I agree - and I especially hate draconian password rules, especially when they are different for every site. Some need at least 8 letters, but then some limit you to 8 or 10 at most. Some want upper case and letters, other's don't. Some don't allow special characters such as '.

And the worst part: if you have a system to generate cryptographically strong passwords, quite a few sites still reject them. The worst site that I would allowed only 12 characters, but required at least 2 digits, 2 special characters, and 2 upper case letters.

I still think that words are the way to go. You just have to make sure that they are reasonably random and not too common. "honeyiamhome" is not going to be difficult to guess if you have billions of attempts. The problem of entropy still stands.

Re:Obligatory xkcd

[Geoffrey.landis]

Say you have a 4 word password and you publish your 2048 word dictionary on the internet, entitled "come at me". Is that more or less secure than a random 8 character password(upper, lower, numbers, 40 symbols)

The point of the xkcd, which you apparently didn't actually read, was that in the real world user-chosen "hard-to-remember" passwords are NOT eight random characters chosen from the set upper, lower, numbers, 40 symbols. The entropy is vastly less than you calculate.

(I would not call "random 8 character password(upper, lower, numbers, 40 symbols)" a "hard to remember" password in any case. Those are "completely impossible to remember, absolutely must be written down" passwords.)

Re:Obligatory xkcd

[tigre]

Aren't those exponents reversed?

2048^4 vs 102^8?
1.7 * 10^13 vs 1.1 * 10^16?

So completely random is still better in this sense. Just hard to remember and maybe hard to input. xkcd compared "uncommon word + common substitutions + a couple random characters".

Re:Obligatory xkcd

[suso]

What's really funny is that Randall's alt text on this comic is strangely prophetic:

"To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."

Re:Obligatory xkcd

[TheRaven64]

It assumes that the reader tries a dictionary, but it also assumes that words in the dictionary are equally probable. An English dictionary contains about 600,000 words. A typical English speaker uses 2,000 different words over the course of any given week and knows about 20,000. Depending on which of these numbers you use as the search space, the entropy is a lot larger. For example, XKCD's metric would regard 'Natalie Portman is superlatively callipygian' and 'I like to eat apples' as having the same entropy, but the former is probably a lot harder to find with a dictionary attack, because a list of 2,000 common words is not likely to contain callipygian and may not contain superlatively, while it will contain all of the words from the second example.

Re:Obligatory xkcd

[isorox]

It's more secure than 5#f^x902 in almost every way, except that it's easier to shoulder-surf in one try because it's a proper sentence.

Chances are "5#f^x902" will be on a postit on the monitor

Re:Obligatory xkcd

[DamnStupidElf]

Good luck with about half of the websites out there that have a ridiculously short limit on passwords. Some are as low as 8 or 6 (!) characters. There's no way to consistently use secure passphrases with all the shoddy web development out there. The solution is to use a password manager and generate secure passwords as long as the site will accept and protect them all with a secure master passphrase.

Secure, how times do I get to try?

[Shivetya]

How many attempts are these supposed sites allowing? If someone has a one in a million chance to determine my password how much of a threat is that to me if the site that requires the password only allows a few attempts before it locks the account?

I work on a system with ten character passwords, not case sensitive but numbers can be used, yet I don't worry about someone cracking the system. Its not like they are going to have unrestricted access to try and multiple failures lock accounts.

I do like multiple word passwords as it tends to not lead to people using little yellow stickies near their desk to record their passwords or keep them as reminders in their email.

Very specific conditions

[Dixie_Flatline]

The passphrase system they studied wouldn't allow duplicate passphrases. So if you picked one that was already in use, it would tell you so.

The problem isn't that the passphrase is insecure, the problem is that the system itself is giving you information about what's inside it. Doesn't it seem obvious that any security system that relies on secret data that gives up information about the secret data is insecure?

Then they did an analysis on passphrases that use english words with the same frequency as in standard English. So the word 'betwixt' was probably pretty low down on the list, and 'material' was probably higher. That also seems unreasonable. Just because you want a memorable password/passphrase, it doesn't mean that you have to use small, ultra-common words.

This study has little merit in declaring that passphrases are insecure. (It does have merit in letting us know that obvious security problems are, in fact, obvious security problems.)

Take into account human nature

[MetalliQaZ]

As mentioned, a lot of stock is put into secure passwords, when the reality of computer usage makes all the effort meaningless.

Lets look at a normal user, Joe. Joe has many corporate logins at his job. His company has a password strength policy, so Joe has ended up with this password: Jason5 (Jason is his youngest son). The last password was Jason4, then Jason3, etc. Some system require more powerful passwords, so he uses _Jason$5. I have met dozens of Joe's IRL.

Lets look at Lucy. Lucy knows that a good password only has to be easy to remember and hard to brute force. "Simple Man" is one of her favorite songs. Especially these lyrics:

"Boy, don't you worry you'll find yourself
Follow your heart and nothing else
And you can do this, oh baby, if you try
All that I want for you my son is to be satisfied"

She selects this password: allthatiwantforyoumysonistobesatisfied
She'll never forget it, and I won't be cracked by ANYONE. Governments who want her password could crack it, but they would probably just put her in jail until she gave it up.

Then, Lucy reads the article linked above and starts to doubt the security of her password. She is wrong, her password is WAY better than Joe's.

Both accounts end up getting compromised. The company had been storing passwords in plain text and was hacked via a 2-year old SQL injection vuln. So much for all that bullcrap.

-d

Re:UGH!

[olliM]

I'm not sure if you are being sarcastic or not... That's a terrible way to create passwords: the character replacements are easy to guess and the method is so common that they are going to be included in the dictionary.

The point of using dictionary words in pass phrases is to think of them as letters of a password. A password with 8 random letters is much more secure than a random 8 letter word. Similarly 8 random words are much more secure than a random phrase with 8 words.