Multiword Passwords Secure Or Not?

Gaygirlie writes "An article over at Gizmag says: 'It's a meme that's been doing the rounds on the internet in recent years: multi-word pass-phrases are as secure as long strings of gibberish but with the added benefit of being easy to remember. But research from Cambridge University suggests that this may not be the case. Pass-phrases comprised of dictionary words may not be as vulnerable as individual passwords, but they may still succumb to dictionary attacks, the research finds.' I find this to be twisting of words and general consensus; of course any password whatsoever is going to be insecure against offline attack, and using common, popular words is going to make guessing the password much easier. But is this really an issue in a world where most attacks are done online? Should general populace still be coaxed into using randomly generated passwords?"

Obligatory xkcd

[kc9jud]

http://xkcd.com/936/

Re:Obligatory xkcd

[zero.kalvin]

There is something that always bothered me, how in the hell does the attacker knows if I am using words for my password or not? Second consider the following password where at one point was on my laptop: "A happy worker is mindless worker, so shut up and do your job!" I fail to see how this password is not safe just because I used actual words, wouldn't it take million of years(even with dictionary attack) to gess it ?

Re:Obligatory xkcd

That's no match for my million monkeys with million type writers.

We're upgrading to windows 3.11 later this year. You'll see. HAHAHAHAHAHAH

Re:Obligatory xkcd

So I did not bother to read the RTFA, but I can tell you if it is any good it will be attacking this directly at the entropy level. Entropy in information theory is a very well-defined concept despite it definitely not being a lay-person topic. The xkcd is a direct take-off of an entropy observation and some commonly published information on the topic.

I assume the paper is claiming that some entropy measures may be ill-considered... but then again that isn't telling anything new.. People have long suspected (and we have evidence for passwords) that humans within a certain culture (and even independent) are heavily biased.

The pass phrase with words concept only works under the assumption that the phrase is *generated* under a high entropy process. The effectiveness theory follows from the assumption that this allows both high entropy and ease of recall/memory. If you throw away the former, then no shit they won't work.

Re:Obligatory xkcd

[Jake73]

Well, not exactly applicable but interesting to the discussion.

I think the point is that consideration must be made for the "location" of the access portal. That is, if anyone with an internet connection can try their key in your lock, you probably want a pretty good lock.

But for access to things that have additional security, the lock quality may be reduced in favor of a key that is easy to remember.

1. Keep a good, long, easy-to-remember passphrase for access to your TrueCrypt partition that sits on a private computer inside your house.

2. Store passwords inside this partition in something like KeePass. The KeePass password doesn't need to be industrial. It should be easy to remember, but non-obvious. You type this password a lot.

3. Keep all internet passwords at maximum strength for the site and make them random from your password generator.

Re:Obligatory xkcd

[medv4380]

Come on. All he did was post a link to a related xkcd comic. He didn't say anything about it being right or wrong. It's related, and funny. Would you rather have had someone do a standard first post troll instead?

Re:Obligatory xkcd

No, you RTFA. They mention xkcd, but then ignore it and go on to test 2-word passwords that are not randomly chosen or unrelated words. Of course 2-word passphrases, where the words are related ("Chicago Bulls") or are a verb-noun pair ("Speedy Gonzalez" "Soft Kitty" "Oneiric Ocelot"), are weak against dictionary attacks. The xkcd approach is not.

Re:Obligatory xkcd

[Culture20]

There is something that always bothered me, how in the hell does the attacker knows if I am using words for my password or not? Second consider the following password where at one point was on my laptop: "A happy worker is mindless worker, so shut up and do your job!" I fail to see how this password is not safe just because I used actual words, wouldn't it take million of years(even with dictionary attack) to gess it ?

It's more secure than 5#f^x902 in almost every way, except that it's easier to shoulder-surf in one try because it's a proper sentence. As long as they catch enough parts, they can guess the rest. Try adding purposefully misspelled words or bad grammar and it makes shoulder surfing hu23 sekane in the despondingly overstitch. Side effects of using passphrases like that include speaking random gibberish on occasion.

Re:Obligatory xkcd

[gstoddart]

There is something that always bothered me, how in the hell does the attacker knows if I am using words for my password or not?

They don't, but if they have the resources for a brute-force search, it's moot since in theory they'll just keep trying until they find it.

Second consider the following password where at one point was on my laptop: "A happy worker is mindless worker, so shut up and do your job!" I fail to see how this password is not safe just because I used actual words, wouldn't it take million of years(even with dictionary attack) to gess it ?

Well, possibly not. Think about a document with a password.

If someone really wants to get into it, and is willing to invest the time and hardware, having a computer try millions and millions of permutations isn't as expensive as you might think, and it gets cheaper every year.

Many forms of crypto have fallen over the years as the speed of computers has allowed what used to be an impossible task to be something which can be done in relatively short time. Even a couple of days or weeks of compute time would represent an absolutely vast amount of attempts.

It's a damned find pass-phrase, but a computer is really good at doing an endless set of boring things. So, eventually even if it's a massive brute force attack, it could still arrive at the one that worked.

However, this is the most telling part:

The researchers found that film and book titles were effective in identifying pass-phrases in use - information readily available in list-form online suitable for dictionary-style attacks. The researchers used Wikipedia and IMDB lists, as well as slang phrases from Urban Dictionary. Researchers found users tended to favor simple two-word phrases common in natural language, though there is evidence that some users seek out seemingly-random pairings. The researchers also claim that there are "rapidly diminishing returns" for longer pass-phrases containing three or four words.

So, if movie names and slang is what many people are using as their pass-phrases, a dictionary attack is a little easier.

But, something like "cotillion squirrel hammer bollocks gouda inkwell" might be random enough that the sources people might use to try a dictionary attack won't be of any help. Whereas "The Dark Knight" or "Star Wars" might fall pretty quickly.

Re:Obligatory xkcd

[Geoffrey.landis]

So you didn't bother to RTFA before posting that. They're trying to show that the easier to remember password may be easier to crack with a dictionary attack.

And you didn't bother to read the xkcd before posting that. It showed with calculations that the commonly used "hard to remember" password has lower entropy than a much easier to remember multiword phrase. For reference, "higher entropy" means "harder to crack with a tailored brute force attack."

In any case, though, the actual first thing you need to do is to make sure you never reuse a password on two different systems. And the xkcd for that is http://xkcd.com/792/

Re:Obligatory xkcd

> Say you have a 4 word password and you publish your 2048 word dictionary on the internet, entitled "come at me". Is that more or less secure than a random 8 character password(upper, lower, numbers, 40 symbols)

> 4^2048 vs 8^102

You mean 2048^4 vs 102^8.

2048^4 = 1.7592186 * 10^13
102^8 = 1.17165938 * 10^16

With only a 2048 word dictionary to choose from this is less secure than a random 8 character password.

Re:Obligatory xkcd

Exactly. Even if they knew it was a string of words, there are 13 words there. So think of it like a 13 "character" password (generally pretty secure), except that instead of each "character" being picked from one of a set of (26+26+10+~20), each "character" is picked from a list of thousands of words. Even if you were to try applying linguistic details (like one particular word is likely to followed by a smaller set of words), it's still going to be more complex than a 13 character random password. And then that's not even taking into account the extra punctuation you added.

Intuitively, I just can't imagine how it would be any worse off. Even if you consider that many people will use semi-obvious stuff like "I am your father", "Here's looking at you, kid", "You can't handle the truth", or "I've got the same combination on my luggage", that's got to be at least 100 times better than the alternative they would have chosen: "password", "kitten", "12345", or their username in reverse.

Re:Obligatory xkcd

[thsths]

I agree - and I especially hate draconian password rules, especially when they are different for every site. Some need at least 8 letters, but then some limit you to 8 or 10 at most. Some want upper case and letters, other's don't. Some don't allow special characters such as '.

And the worst part: if you have a system to generate cryptographically strong passwords, quite a few sites still reject them. The worst site that I would allowed only 12 characters, but required at least 2 digits, 2 special characters, and 2 upper case letters.

I still think that words are the way to go. You just have to make sure that they are reasonably random and not too common. "honeyiamhome" is not going to be difficult to guess if you have billions of attempts. The problem of entropy still stands.

Re:Obligatory xkcd

[Geoffrey.landis]

Say you have a 4 word password and you publish your 2048 word dictionary on the internet, entitled "come at me". Is that more or less secure than a random 8 character password(upper, lower, numbers, 40 symbols)

The point of the xkcd, which you apparently didn't actually read, was that in the real world user-chosen "hard-to-remember" passwords are NOT eight random characters chosen from the set upper, lower, numbers, 40 symbols. The entropy is vastly less than you calculate.

(I would not call "random 8 character password(upper, lower, numbers, 40 symbols)" a "hard to remember" password in any case. Those are "completely impossible to remember, absolutely must be written down" passwords.)

Re:Obligatory xkcd

[second_coming]

according to https://www.grc.com/haystack.htm that's one hell of a password :)

Re:Obligatory xkcd

[tigre]

Aren't those exponents reversed?

2048^4 vs 102^8?
1.7 * 10^13 vs 1.1 * 10^16?

So completely random is still better in this sense. Just hard to remember and maybe hard to input. xkcd compared "uncommon word + common substitutions + a couple random characters".

Re:Obligatory xkcd

[micheas]

Pulling one example, I was asked to see if I could recover the password on pdf to allow editing. IIRC, the cypher was 256 bit AES. When trying to find the password to edit a pdf, my really ancient dual core athlon64 took under 2 minutes to try every unique word in the OED.

The password of the pdf (which was sanfrancisco2) took me about 15 minutes to find using standard password dictionaries. Theoretically, a 13 character password with a number in it should take an insanely long time to crack, reality was well under an hour.

Re:Obligatory xkcd

[suso]

What's really funny is that Randall's alt text on this comic is strangely prophetic:

"To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."

Re:Obligatory xkcd

[Ihmhi]

Couldn't you fix this by adding an additional layer of password creation on your end?

Say you have a simple encryption algorithm. Your password is "shpadoinkle". You type "shpadoinkle" into your crypto program, and it churns out a consistant phrase every time, say "g55yg546+6^4g5fjjk#6Y~t6SDg". Now you copy/paste that and use it as your password for a service.

Thus you only have to remember a simpler password and the program used to encode it. Then you chuck that password into whatever you're trying to protect, and it gets encrypted yet again.

Re:Obligatory xkcd

[dcollins]

Yes. (It also synchs up with the xkcd offering, at least for the first case.) The way math goes though, I'll be surprised if your correct comment gets higher-modded than the incorrect one.

Re:Obligatory xkcd

[Sique]

No, it's 170000^4. It's 170000 possibilities for the first one times 170000 possibilities for the second one times 170000 possibilities for the third one times 170000 possibilities for the fourth one.

Re:Obligatory xkcd

The XKCD's entrophy assumes an equal chance of any common word being used, not weighing the attack on begging with the most common words, thus its results are innaccurate. RTFA.

Re:Obligatory xkcd

[TheRaven64]

It assumes that the reader tries a dictionary, but it also assumes that words in the dictionary are equally probable. An English dictionary contains about 600,000 words. A typical English speaker uses 2,000 different words over the course of any given week and knows about 20,000. Depending on which of these numbers you use as the search space, the entropy is a lot larger. For example, XKCD's metric would regard 'Natalie Portman is superlatively callipygian' and 'I like to eat apples' as having the same entropy, but the former is probably a lot harder to find with a dictionary attack, because a list of 2,000 common words is not likely to contain callipygian and may not contain superlatively, while it will contain all of the words from the second example.

Re:Obligatory xkcd

[gstoddart]

Couldn't you fix this by adding an additional layer of password creation on your end?

The more random your password, the less vulnerable it is to a dictionary attack, so yes.

In this case, they're identifying that many people use multi-word pass phrases which might be more susceptible to a dictionary attack because they end up being fairly common.

So, a truly random set of characters is likely to be impossible to remember, but really secure. But "Harry Potter and the philosopher's stone" might be fairly weak if they're using IMDB as a source and actually getting hits.

From the sounds of it, people tend to pull those from more common pools than you'd expect, thereby making them not as secure as you'd hope.

Re:Obligatory xkcd

[buchner.johannes]

It assumes that the reader tries a dictionary, but it also assumes that words in the dictionary are equally probable. An English dictionary contains about 600,000 words. A typical English speaker uses 2,000 different words over the course of any given week and knows about 20,000. Depending on which of these numbers you use as the search space, the entropy is a lot larger. For example, XKCD's metric would regard 'Natalie Portman is superlatively callipygian' and 'I like to eat apples' as having the same entropy, but the former is probably a lot harder to find with a dictionary attack, because a list of 2,000 common words is not likely to contain callipygian and may not contain superlatively, while it will contain all of the words from the second example.

Read it again. He assumes 16 bits of entropy for 'Troubadour', an uncommon word, and only 11 bits for the four common words. This *is* a lot, as you say, as bits (of entropy) are a log scale though, it doesn't look as impressive. The combination is what makes it so powerful (11^4 vs 16).

Re:Obligatory xkcd

[buchner.johannes]

The combination is what makes it so powerful (11^4 vs 16).

That should be 11*4 (as it is log, as I mentioned).

Re:Obligatory xkcd

[afidel]

They don't, but if they have the resources for a brute-force search, it's moot since in theory they'll just keep trying until they find it.

Except you can make a cipher practically impossible. AES256 is one such cipher, unless there is a significant breakthrough in cryptography a correct implementation of AES256 would require a perfect computer consuming all of the suns output longer to crack than the sun has life left.

Re:Obligatory xkcd

[realityimpaired]

People are under the mistaken impression that would-be hackers waste their time trying to brute force passwords. They don't. They either exploit design vulnerabilities (in which case your password doesn't matter), or they try a little social engineering to get your password. The one thing the movie Hackers got right was the scene when Dade called up the night security desk at one of the places he was trying to hack, pretending to be an employee in a panic, and got him to read the phone number off the modem so he could dial in. That's how it really does work... you come up with a ruse, and convince somebody who doesn't know better to give up sensitive information that you can use to gain access to the system.

And that's where passphrases have a huge advantage: they are easy enough to remember that they don't need to be written down.

Re:Obligatory xkcd

[isorox]

It's more secure than 5#f^x902 in almost every way, except that it's easier to shoulder-surf in one try because it's a proper sentence.

Chances are "5#f^x902" will be on a postit on the monitor

Re:Obligatory xkcd

[ArundelCastle]

Try adding purposefully misspelled words or bad grammar and it makes shoulder surfing hu23 sekane in the despondingly overstitch. Side effects of using passphrases like that include speaking random gibberish on occasion.

I think this is always the key point. Other than the usual 1337 to text substitutions, which are easily predictable, I have never seen or heard of a "typo dictionary" attack. At that point it diminishes to raw permutations unless you start scripting likely pairs of consonant and vowels, which would differ between languages no matter their character set (ie. Hawaiian vs. French). Even lolcat is a language of randomness, ackshuilly. ;)

Re:Obligatory xkcd

[DamnStupidElf]

Good luck with about half of the websites out there that have a ridiculously short limit on passwords. Some are as low as 8 or 6 (!) characters. There's no way to consistently use secure passphrases with all the shoddy web development out there. The solution is to use a password manager and generate secure passwords as long as the site will accept and protect them all with a secure master passphrase.

Re:Obligatory xkcd

[omglolbah]

Try when you have to log onto a myriad of different systems with different passwords.

It is not possible for a sane person to remember upwards of 30 such random passwords which of course change every 60 days.... meh

Re:Obligatory xkcd

[omglolbah]

Why would you use AES256 to generate a one-way-hash?.....

Using AES256 for storing passwords means that if you have a breach and the hacker gets hold of the database and has access to the login code you have given the attacker all user passwords in plain text....... Not a good thing.

Re:Obligatory xkcd

[DamnStupidElf]

The proper way to mount a dictionary attack is to start with an example database of stolen/cracked passwords to generate a good statistical model for most passwords and then write a generator that will enumerate all possible passwords but in an order such that the password spaces containing the majority of passwords are enumerated first. This may mean running a pure dictionary attack in parallel with a grammar for generating short English-looking passphrases, and once that's complete shift to going back over the english passphrases substituting alternating case, 1337 replacement, symbol alternatives to spaces, etc. while also beginning a brute force against shorter random passwords from the set of common ASCII characters, and sometime during that process beginning another parallel generation of all passwords using the full 8-bit character set. I don't know the exact breakdown of people's passwords but I'm guessing that is at least a reasonable order to search the possible spaces in. Obviously replace English with the assumed first language of the victim, and if necessary use the proper subset of unicode or a different ASCII codepage for passwords.

I'm sure you've seen the nonsense English generators that construct simple sentences with random dictionary words matching the parts of speech. Given that you used perfect grammar it is not as hard as you might imagine to generate the particular example you quoted. Normal English text has close to 1 bit of entropy per letter and so your passphrase might have about 60 bits of entropy. That's within the realm of large distributed attacks or dedicated attackers, comparable to RC5-64 that was cracked a few years ago. Assuming an attacker performs the search by running a brute force attack, dictionary attack, and a grammar-derived passphrase attack in parallel it would only take about 3 times as long (roughly 1.5 extra bits of entropy) to find a password of a given strength regardless of the method it was generated with.

Re:Obligatory xkcd

[93+Escort+Wagon]

IA typical English speaker uses 2,000 different words over the course of any given week and knows about 20,000.

Verily and forsooth! Thou dost assume what thou shouldst not. Amend thy ways, miscreant, lest thou find thyself at the receiving end of my bludgeon!

Re:Obligatory xkcd

[Ihmhi]

I had a customer who was in the military who was really concerned about his privacy. He had an ex-wife who was really vindictive and trying to get into his e-mail, Facebook, anything just to fuck with him. So he asked me for some advice on how to make a secure password that will stop casual attempts.

ME: "Okay, you were a soldier, so you know NATO phonetics right?"

HIM: "Yeah..."

ME: "What year were you born?"

HIM: "1982."

ME: "Give me the individual letters of 'apple' in NATO phonetics."

HIM: "Alpha Papa Papa Lima Echo."

ME: -writes down- "alpha1papa9papa8lima2echo". Here's your password. We're not going to use this, but when I finish unfucking your Windows registry I'll ask you again.

~1 hour later~

ME: "So what was that password?"

HIM: "Alpha one papa niner (lol) papa eig- holy shit, I remember it!"

ME: "Right. Now do something similar, but create something I don't know about. I don't like to know my customer's passwords."

Teach someone to use mnemonics and patterns and you can create something interesting and easy to remember. There's no reason the "random letters, numbers, etc." and "leetspeak" methodologies need to be mutually exclusive.

I use a similar logic of patterns and the like for myself. My bank's website only allows letters and numbers for the password (and only up to 20 characters, lame) so I use a pattern on the keypad to remember it via muscle memory. (I "draw" a particular shape using the number keys in my head., and then some letters, and then some more numbers. My e-mail password is 30+ characters long. I have half a dozen pretty strong passwords floating around in my head and I'm not going to forget them anytime soon because I created a pattern that is personally easy for me to remember but cryptographically difficult to discern or break.

Re:Obligatory xkcd

[jklovanc]

A very important point has been missed in this discussion. The first 9 characters of the initial xkcd password are not random, they are a word. Because they are a word their entropy is not 102^9=1.17165938 * 10^16. Since it is a word and there are a lot less than 102^9 nine letter words xkd assigned them an entropy of 2^16=65536. They then added a few factors to up the entropy of the word to 2^20 = 1048576.

So it breaks down like this.
1. True random 9 character password; very difficult to crack almost impossible to remember (especially if you have more than one). Will always be written down so can be read by anyone.

2. 9 Character word with substitutions, easy to crack easier to remember but written down as the rules for forming one can be complex. Worst of both words.

3. Multi- word pass phrase; if at least five words are use it is much harder than 2. not as hard as 1 but does not need to be written down as it is easy to remember.

Re:Obligatory xkcd

[PuckSR]

When are you going to realize that most of those websites don't require good passwords. Ars Technica requires a complex password to comment on an article. Why? Are you really worried that someone will waste the time to brute force crack your Ars Technica account and leave mean comments?

Gawker got hacked, but who cares? Just use 4321 as your password on a site like that. If you really want to go to the trouble of creating an 8-character truly-random password for a news site or a site like slashdot....good luck.

Re:Obligatory xkcd

[PCM2]

When I was a small child, I had a book called 'My First Thousand Words in Pictures.' It only contained concrete nouns

I hear Eskimos have a lot of different words for snow. What language has a thousand different words for concrete? (ducks)

Re:Obligatory xkcd

[Kelbear]

An easy way to make a complex password and different password for each site is to:

1) L33t the name of the site
2) capitalize the 4th letter
3) Extend to 10 character minimum with "a", ending on 1.

Examples:
sl@sHdota1
b@nK0f@m3r1c@
g00G13aaa1

Obviously, they are asked to choose their own parameters for step 2 and 3 so their passwords are individualized.

It's effectively 1 password to remember, that you use all the time. But now you have 10-char minimum passwords, with numbers, letters, symbols, and capitalization. It's also unique for every website, and you're given a reminder of your password everytime before you log in. All you actually need to remember is 3 easy steps. 1) L33t it 2) Capitalize "(num)", 3) Minimum 10, or else add "(char)", end on 1.

(Further, increment the last number as needed when passwords expire and you're required to enter a new one).

Obviously I don't use the steps above or else I wouldn't be posting it, I just use a variant that achieves similar effects.

Of course they are secure

[Bender+Unit+22]

I find that passwords like "Linuxrox4ever" are very secure. havn't had a problem with that one yet.

Re:Of course they are secure

[ciderbrew]

Hey! That's the combination to my luggage.

[Nelson] HAHA!

[Bender+Unit+22]

lol omg. it worked.

Its a Trade-Off

Getting joe public to use something other than "password" is hard, but its easier to persuade Joe to use a phrase like "HomerLovesDonuts" than some random string of letters - we all know the random string will just get written down.

Re:Its a Trade-Off

[Bergs007]

What's wrong with writing passwords down though? The biggest threat to online accounts are over the network where malicious entities do not have physical access to a machine. If you write down your passwords next to your computer, the biggest threat model is what? House guests? I'd much prefer people have high-entropy passwords and have to write them down in a notebook than moderate-entropy passwords that are easier to remember. Essentially, you'll have a better idea if your notebook gets stolen/copied than if your password gets cracked over in Indonesia.

Secure, how times do I get to try?

[Shivetya]

How many attempts are these supposed sites allowing? If someone has a one in a million chance to determine my password how much of a threat is that to me if the site that requires the password only allows a few attempts before it locks the account?

I work on a system with ten character passwords, not case sensitive but numbers can be used, yet I don't worry about someone cracking the system. Its not like they are going to have unrestricted access to try and multiple failures lock accounts.

I do like multiple word passwords as it tends to not lead to people using little yellow stickies near their desk to record their passwords or keep them as reminders in their email.

Re:Secure, how times do I get to try?

[Crasoose]

I've been saying for a long time now if companies would just implement lockout policies we wouldn't have any of these issues.

Re:Secure, how times do I get to try?

[CubicleZombie]

If someone has a one in a million chance to determine my password how much of a threat is that to me if the site that requires the password only allows a few attempts before it locks the account?

When I see this implemented, it's usually like 3 attempts until lockout. Make it a few hundred. That's enough that a forgetful human has plenty of tries but a brute force attack will fail.

Re:Secure, how times do I get to try?

[Culture20]

If companies would implement lockout policies, they would have to pay a group of four-five people to answer phones and unlock accounts all day. And woe betide the company which gets its username list posted somewhere ("everyone's locked out, and an admin has to walk down to the server room to log into the console as root to unlock us all. We've blocked the offending IP addresses, but this might happen several more times from new IPs").

Re:Secure, how times do I get to try?

[brainzach]

Can't you make the lock out temporarily?

The goal should be to make brute force attacks too inefficient to be effective, not to annoy your users.

Poetry

[bickerdyke]

Is Vogon poetry available in common attack-dictionaries?

Re:Poetry

[drinkypoo]

While building your dictionary for passphrase analysis you have to be a pretty big asshole not to include the complete works of Douglas Adams. I would dump a big ebook collection through a filter which sorted, uniq'd, compiled, sorted, uniq'd until it was left with not just all the dictionary words that people actually use but also all the proper names and alien words that appear in all the typical universes with which people are familiar and entranced... Culture, Merchanter, Empire, etc etc. A wikipedia dump would be another goody, and they're easy enough to come by.

Re:Poetry

[HCase]

There was a ship that tried using Vogon poetry for their password locks once. Unfortunately, after valiantly functioning for 3 weeks, the login daemon it decided it could no longer take it and convinced the ship's navigation system to fly into a nearby star. Further use of password verification system was banned several years later, after an intergalatic agreement was reach that said requiring people to remember Vogon poetry was cruel and inhumane.

Very specific conditions

[Dixie_Flatline]

The passphrase system they studied wouldn't allow duplicate passphrases. So if you picked one that was already in use, it would tell you so.

The problem isn't that the passphrase is insecure, the problem is that the system itself is giving you information about what's inside it. Doesn't it seem obvious that any security system that relies on secret data that gives up information about the secret data is insecure?

Then they did an analysis on passphrases that use english words with the same frequency as in standard English. So the word 'betwixt' was probably pretty low down on the list, and 'material' was probably higher. That also seems unreasonable. Just because you want a memorable password/passphrase, it doesn't mean that you have to use small, ultra-common words.

This study has little merit in declaring that passphrases are insecure. (It does have merit in letting us know that obvious security problems are, in fact, obvious security problems.)

Re:Very specific conditions

[MaerD]

It's also worth pointing out that they suggest that common phrases like "Manchester United" or "Harry Potter" would be used quite a bit. Just because it's a passphrase doesn't mean you shouldn't still use a "common dictionary" (or in this case "Common Phrasebook") to prevent people from choosing things like the above, possibly with a length check of some sort involved as well, to prevent cases like "fee fai foh fum", which may not be caught by the common phrase check, but has all words of the same length.

Four or so words chosen at random without association can be memorized and provide greater security. They can even come from a book, as long as they come from different places ie: "Classes Default Automatic When". Words chosen at random, almost sounds like a phrase, but is unlikely to be checked within a certain number of retries. Even using less common phrases from a source would likely be fine. "To be or not to be" will probably be checked early, as it is common. "Nobler in the mind to suffer" would not likely come up, as it is not the start of the phrase, or even the complete phrase.

LastPass

[alphax45]

I use and love LastPass. It has a really great password generator that I use for all sites. I always use the maximum number of characters and the largest character set (letters, numbers, symbols) the site will let me.

My actual LastPass password (the single point of failure) is 32 characters long. It is a phrase in "leet" speak with symbols padding the start, middle, and end.

I feel pretty safe with this.

Just my 2c

Re:LastPass

[johanwanderer]

Until someone order a DCMA takedown on the site because it's used to store passwords for certain accounts.

Re:LastPass

[MyFirstNameIsPaul]

All user vaults are encrypted before being uploaded to the site, thus such issues are only a concern for those using weak passwords. Personally, I use a very long, very high entropy password to my vault. My only concern regarding the vault is a keylogger or video camera; the latter of which is actually my biggest fear, because someone wouldn't even have to see my screen to see that I'm obviously typing in a very long, high entropy string of characters.

Take into account human nature

[MetalliQaZ]

As mentioned, a lot of stock is put into secure passwords, when the reality of computer usage makes all the effort meaningless.

Lets look at a normal user, Joe. Joe has many corporate logins at his job. His company has a password strength policy, so Joe has ended up with this password: Jason5 (Jason is his youngest son). The last password was Jason4, then Jason3, etc. Some system require more powerful passwords, so he uses _Jason$5. I have met dozens of Joe's IRL.

Lets look at Lucy. Lucy knows that a good password only has to be easy to remember and hard to brute force. "Simple Man" is one of her favorite songs. Especially these lyrics:

"Boy, don't you worry you'll find yourself
Follow your heart and nothing else
And you can do this, oh baby, if you try
All that I want for you my son is to be satisfied"

She selects this password: allthatiwantforyoumysonistobesatisfied
She'll never forget it, and I won't be cracked by ANYONE. Governments who want her password could crack it, but they would probably just put her in jail until she gave it up.

Then, Lucy reads the article linked above and starts to doubt the security of her password. She is wrong, her password is WAY better than Joe's.

Both accounts end up getting compromised. The company had been storing passwords in plain text and was hacked via a 2-year old SQL injection vuln. So much for all that bullcrap.

-d

Re:Are passwords really that hard to remember?

[cvtan]

My granddaughter thinks it's too hard to defrost a frozen bagel before eating it. You want the youth of America to practice typing passwords? Ha!

Disbelieve

[mseeger]

Even if you have a very small set of words (about 1.000) to choose from, with four words you reach about 40 bits entropy. No chance to crack this brute force.

If you take only two words, you would have about 20 bits of entropy which is about as good/bad as cryptic password.

The system is broken if...

[ghostdoc]

The system is broken if people can't use it. People aren't broken because they can't use the system right.

If your method of controlling access is nice and easy for computers but hard for people, it's broken and you need to find a new method.

Like far too many researchers

[Sycraft-fu]

They assume they get ideal circumstances, ie as many attempts as they want. As such their research is basically fucking worthless. The only time such a situation applies is if you have, say, encrypted data and an adversary has gotten that data. They can then try to decrypt it until the end of time and you can't change the password.

That doesn't do shit for remote login. No system is so accommodating to let you just try and try. Even if they don't do permanent lockouts, they'll lock you out for awhile. Like our domain, you get 5 attempts and then it locks the account for 30 minutes. So you can get a whopping 240 attempts per day (presuming we don't notice and shut it down). Gonna take a LONG time to cover the password spaces they are talking about, LONG time.

This also assumes that you know that someone is using a multi-word phrase, and that you know they aren't playing games with number substitution, caps, and so on. This is useful maybe in an intelligence agency type situation, where you can survey your target and you can learn about the kind of password they use, even if you can't find out the password itself, and restrict the search space. However in terms of randomly hacking things remotely, nope, not useful. There are too many possibilities for what the person could use and multi-word phrase is only one of them. You could try every single one of to 10 words, only to then discover your target doesn't use that, and has a simple password like password123 that wasn't in your search space.

My method

Fuck it I say. I just always use letmein for all my passwords. Easy to remember and so easy to hack into nobody's going to waste time thinking there's anything valuable protected by it.

I call it security through insecurity.

Pass phrases are good, more research needed

[MobyDisk]

Based on my read of the article, I conclude it as saying that pass phrases really are good, just not a panacea. We already knew that people pick stupid passwords. It turns out that people pick stupid passphrases too. That's too bad, but it is really unsurprising.

One thing I can say from personal experience: smart people still pick stupid passwords. I think most people just aren't paranoid about it, and don't care until something bad happens to them as a result. This might be something that parents need to teach their children: Don't talk to strangers, brush your teeth everyday, and don't pick obvious passwords. Maybe once a generation is imbued with this as obvious then the problem will diminish.

I now use un-crackable passwords!

[OzPeter]

I have started using regex's as the basis for my passwords. Love to see some one crack ^[A-Z0-9]+\([a-z!]+\)$

The trouble is that now I have regex's ..

Re:xkcd

[Zerth]

Not likely, seeing as the math is sound. TFA used a minimum case of 20,000 phrases generated from natural language, so of course it will be less secure.

It even says at the end that passphrases generated like in the XKCD comic are sufficiently secure to offline brute force.

Bad, when implemented poorly

[Maximum+Prophet]

... Amazon's PayPhrase registration page. Because the page prohibits the use of any pass-phrase that has been used by another user, it's possible to identify which pass-phrases are in use.

This is a well known, bad idea. Unless you also lock out the original user of an obvious passphrase, you give an attacker information.

Better is to just start with a dictionary of "bad" phrases, that no-one can use. Then, when an existing phrase is no longer in use, you mark it "bad" and unusable in the future. Of course, someone might start using that phrase berfore the rest stop using it. If it's an especially bad case, you might have to lock all those users, and make them reset their password through a different, secure, channel.

Throw some uncommon names and foreign words into your phrase, and it essentially becomes unguessable.

Re:Why is math so hard?

[Maximum+Prophet]

If you have a decent vocabulary, ...

Most people don't choose their passwords from a decent vocabulary. I've seen too many instances of P@ssw0rd, that people think is secure.
Throw some uncommon names and foreign words into your phrase, and it essentially becomes unguessable. But, many people don't know any foreign words.

Re:Not in the wild...

[jo_ham]

My system guesses "deserve access to my accounts".

piffle

[koan]

Just hold down shift and type in your 10 digit phone number.

  (@)%%%!@#$

Stolen hash [Re:Secure, how times do I get to try?

[Geoffrey.landis]

I've been saying for a long time now if companies would just implement lockout policies we wouldn't have any of these issues.

It would help some (less annoying than a lockout policy is just to implement a delay that increases with number of failed attempts). However, the dictionary attacks that are worrisome come from a hacker stealing the password hash tables, and are done offline, trying to decrypt the hash, not simply repeated attempts to log in. These won't be prevented by lockout policies (although they will be prevented by making sure that the hash tables don't get stolen)

my strange variation

[way2trivial]

For myself, I have three phrase+number complex passwords which I use, one for financial sites, (online banking, amazon, anywhere I shop & my plastic is stored) one for places I expect to use regularly (such as slashdot) and one for trash sites where I gotta register for whatever it is I want, but don't likely expect to be back. The variant thing is, I have my own domain with a catchall address (similar to gmails + system) and for all domains I use the domain name plus my @domain.com

assuming the method show in the cartoon was automated checking of the password email + combo-- it'll fail because I wouldn't use the same email address at ANY website.

UGH!

[multimediavt]

@lw@y$ U$3 Ch@r@ct3r R3pl@c3m3nt 1f Y0u U$3 R3@l W0rd$ 1n Y0ur P@$$phr@$3$ !!!

I have passwords that look like that (minus the spaces). Break that with a dictionary! :p

Seriously folks, if you use real words in a password in this day and age, you're a little bit more than naive or completely out of touch with what computers of the current generation are capable of. IMHO, you CANNOT use straight dictionary words (regardless of language, and yes, I do mean Klingon and Sindarin!) in your passwords without some sort of numeric or symbolic character replacement pattern. Then you can use easy to remember song lyrics, movie quotes, and other colloquial sayings as pass phrases. Use them "au naturelle" and you will get pwnd!

P.S. I don't always use the same replacement pattern or characters, either. The above is just an example. I wouldn't use that one as someone has it in their dictionary by now, btw.

Re:UGH!

[olliM]

I'm not sure if you are being sarcastic or not... That's a terrible way to create passwords: the character replacements are easy to guess and the method is so common that they are going to be included in the dictionary.

The point of using dictionary words in pass phrases is to think of them as letters of a password. A password with 8 random letters is much more secure than a random 8 letter word. Similarly 8 random words are much more secure than a random phrase with 8 words.

Re:UGH!

[AmiMoJo]

It works if you use completely random words, but phrases are little better than using single dictionary words. Rather than trying every word in the dictionary you just try every phrase in Google's corpus. The usual variation rules apply: capitals, letter/number substitution, first letters only, spaces or no spaces etc.

Unless what you are protecting is worth throwing a large amount of energy into cracking your password a longish passphrase is probably fine. Any time there are a large number of other users there will be enough with terrible easy to guess passwords that will be cracked by the first pass of a dictionary attack to make yours not worth the effort.

Re:UGH!

[Beryllium+Sphere(tm)]

>IMHO, you CANNOT use straight dictionary words (regardless of language, and yes, I do mean Klingon and Sindarin!) in your passwords without some sort of numeric or symbolic character replacement pattern.

Of course you can. If they're selected randomly, an attacker has to use the complete source space for the random selection in a brute force attack.

http://www.diceware.com/ gives you 12.9 bits of entropy per word. Brute forcing that is already more trouble than it's worth at three words, and five would require nation-state resources to crack.

They're Easy To Remember

[Greyfox]

Just lift up the keyboard and read it off the post-it note you stuck to the bottom of it!

Re:Small Welsh villages

[Oswald+McWeany]

... after all- when the Welsh were coming up with names for their villages they used random letter generating apps on their iDruids.

Mix it

[Kjella]

My recommendation for a really secure pass phrase:

1. Pick a phrase like "maryhadalittlelamb"
2. Add (or replace) with one capital letter, one number, one special character. Don't use l33t-speak, just at random.
3. Remember your three weird words like "maVry" "li6ttle" and "lam!b", it's much easier than when it's all just a hopeless mess.
4. Your password is now "maVryhadali6ttlelam!b", there not a password cracker in the world that'll find this.

It's way, way too long and uses from all the character sets for a brute force attack. As for a dictionary attack, there's way, way too many permutations. It could just as easily be "mar#yha1dalittlelRamb" or "m%aryhadalitOtlela9mb" or a million other combinations based on "maryhadalittlelamb", even if you knew that was the basis. Of course the biggest risk is the computer you're typing it into, for example I feel my mail is now much safer now that I can log into it from my smartphone rather from any random webcafe/desktop/laptop I happen to have available. It's a lot more difficult to get a spy app installed or bug my hardware than if I type it in on machines I don't control.

If I remember correctly, this is how our university got breached once, they bugged a desktop in the computer lab, trashed the software a bit then waited for an admin to come and try cleaning things up with the admin password. Boom, they got admin rights to every desktop on the network. Against that it doesn't matter if your password is a kilometer long, if you can't trust the console it doesn't matter. It only matters if your data is stolen and they never got the password, which is of course one important vector with stolen laptops and all, but it doesn't protect against other threats. All in all I consider my password complexity as being a very low-risk threat. No point in a bullet proof blast door if a burglar would use the window.

offline passwords *can* be secure against attack

[Eil]

This line from the summary was written by someone who doesn't understand the slightest thing about modern encryption and password security:

of course any password whatsoever is going to be insecure against offline attack

Look up the concept of key stretching. In a nutshell, you basically take a plaintext password and then apply many thousands of rounds of encryption or hashing to it and then store the end result in the password database. The idea is that you incur a few seconds of computation time every time the password is set or retrieved, which is a very minor inconvenience in normal use but is a humongous amount of overhead to brute forcing even a single account.

With this technique, a dictionary attack on one account can take days to work through the whole set of words. So if you're using a dictionary word for your password, you're screwed no matter what. But a halfway-strong password that doesn't appear in any dictionary can be completely immune to an offline attack if the hashes were computed securely. The only way for an attacker to get around it would be to find some fatal flaw in the encryption or hashing algorithm. (In which case, the NSA would probably like to speak with him.)