Password Security: Why the Horse Battery Staple Is Not Correct

First time accepted submitter Dadoo writes By now, everyone who reads Slashdot regularly has seen the XKCD comic discussing how to choose a more secure password, but at least one security researcher rejects that theory, asserting that password managers are the most important technology people can use to keep their accounts safe. He says, "In this post, I'm going to make the following arguments: 1) Choosing a password should be something you do very infrequently. 2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks. 3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password. 4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."

Oh great

[Falos]

> asserting that a single point of ultimate failure is the most important technology
Yeah, it's important all right. Critical, even.

We're being awfully slow about teaching people to adopt passphrases. Simple, no number no symbol nonsense.

"rrrybgdts" is a nursery rhyme. It doesn't even have to be written on a sticky.

Re: Oh great

Yes please force increased security requirements. I love having upper, lower, minimum length, numbers, punctuation, and a fecal sample all in a password for one of the billion websites that require accounts.

Re:Oh great

[rwa2]

This. Yes, merely changing the word "password" to "passphrase" already gets people to use better options.

And for all of the silly ways to come up with half-decent passphrases that are both easy to remember and hard to attack with both dictionary and brute-force attacks, I like the nursery rhyme / song lyric approach. So think of some poetry you like, and assemble your passphrase from bits and pieces of it like so:

"Love is beautiful, like birds that sing.
Love is not ugly, like rats in a puddle of vomit." - John S. Hall
=> Lib,lbts.Linu,lriapov

Bam, a half-decent passphrase that's easy to remember. Maybe you'd even 133+ify it a bit to add as many "special" characters and numbers as you need:
L15b,lb+s.Lin|_|,lriapo\/

And the best part, is when you need to rotate passphrases every 90 days or so, you can just go on to the next verse. Also, it helps put you in a good mood when you start at work, depending on how much you like your choice in poetry.

Of course, the hardest part is not to start singing as you log in.

Re:Oh great

Snagglepus? Is that you?

Re:Oh great

[vidnet]

"rrrybgdts" is a nursery rhyme. It doesn't even have to be written on a sticky.

This is a really bad way of choosing passwords.

The number of verses of songs, nursery rhymes, poems and paragraphs that people would tend to think of probably number less than a million.

Your particular example has 946 hits on Google.

Re:Oh great

[BradMajors]

"Love is beautiful, like birds that sing." is more secure than "Lib,lbts". Why are you making your password less secure?

Re:Oh great

[Falos]

It was deliberately simple for brevity. In fact, if you have a weaker (aka Explain It Like I'm Five) variant, that'd be even better.

rwa2 up there has an uncrackable clusterfuck you might prefer, though I don't really endorse leet-swaps, they're well-accounted for.

Re:Oh great

[rnturn]

``We're being awfully slow about teaching people to adopt passphrases''

Maybe because there's so many websites out there that still limit your password/passphrase to a fairly short maximum number of characters. If I wanted to use something like `correcthorsebatterystaple' I'm usually not allowed to. Especially when using commercial sites, you are, all too often, limited you to a short -- and often numeric-only -- password (PIN, actually).

Re:Oh great

[postbigbang]

"Locks keep your friends out; your enemies have pick tools".

You can make anything up you want, but changing them frequently is the key to killing their usefulness when there are bulk thefts of passwords. These things go undetected for months. If you'd changed already, you're good-- unless the crack gets the deltas, too, which is unlikely.

Stupid passwords will still be stupid, but no use to go to incredible lengths unless your keys are extremely valuable-- then go to a Yubikey or another secondary auth. Key age is probably more critical than its ability to be dictionary attacked, IMHO.

Re:Oh great

[Zenzilla]

No it's not. One is susceptible to a dictionary attack one is not. This is exactly why correct-horse-battery-staple fails.

Re:Oh great

[Cid+Highwind]

The hash of "rrrybgdts" is going to be cracked in half a second with the right ruleset. Passphrases don't help the root problem, that "memorable" implies low-entropy.

Re:Oh great

"Love is beautiful, like birds that sing." is more secure than "Lib,lbts". Why are you making your password less secure?

And far more easy to remember.

Although very tedious to type, which is why it would hardly get used. I only use things that long for stuff like WiFi access points where the mobile device is going to be set to remember the password anyway. At least I can remember it though, unlike some randomly generated code that will inevitably get written down.

Re:Oh great

Many systems, rather foolishly, impose a limit on the maximum length of password.

Re:Oh great

[dcollins117]

It's not hard to roll your own nursery rhyme:

I only have three fingers,
Suspended by three springs.
Instead of choosing passwords,
I do more important things.

There ya go, no Google hits.

Re:Oh great

In theory it is, but in practice "Love is beautiful, like birds that sing." is more likely to show up in a dictionary attack than a random string of gibberish. Just because it's nearly impossible to brute force doesn't mean it's necessarily a good password. Popular pharses, lyrics, Bible verses, etc can be substituted in a guessing algorithm just like using "$" instead of "S". Here's an interesting article about some of that:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Re:Oh great

[OS24Ever]

and half the banking and finance websites don't allow the symbols, and it's too long

Re:Oh great

One is susceptible to a dictionary attack one is not.

Proof please. I've just downloaded a number of password dictionaries used by a number of utilities and not a single one contain the phrase above.

Re:Oh great

[HatofPig]

Lib,lbts is a fantastic work password, unles OPs job is to activate the nuclear football. Who cares it's less secure than a seven-word sentance? I have to type my password 100+ times a day. I can touch-type, but one typo usually means I have to delete it all and start over. Security is important but more-so is doing your job.

Re:Oh great

[Archangel+Michael]

Berma Shave!

Re:Oh great

[ShieldW0lf]

I've been doing this for the better part of a decade. Except, I know I'll be repeating this phrase to myself every day, so I take it as an opportunity to engage in a little self programming. It makes the passphrase personal instead of generic, and useful instead of burdensome.

"I don't like drinking with my buddies till 3 because it makes me feel rotten the next day" = "Idldwmbt3bimmfrtnd"

Now when my buddies ask me to stay out drinking on Thursday night, I'll hear "I don't like drinking with my buddies till 3 because it makes me feel rotten the next day" in my head and make the responsible choice.

Or whatever. "I put the toilet seat down because even though it's inconvenient it's better than listening to my wife criticize me"?

You can have fun with it.

Re:Oh great

[nine-times]

Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.

Unless the poem is in your dictionary, I suppose. In that case, the attacker could just take the poem and use the first letter in every word, and include that in their dictionary. But "correct horse battery staple" is not particularly vulnerable to brute-force dictionary attacks because there are far more words in the English language than their are letters. So if you were going to brute-force passwords, it'd be easier to guess 7 random letters than 7 random words, even with a complete dictionary of words.

Re:Oh great

I believe you are incorrect. The phrase contains 7 dictionary words. The linux dictionary contains more than 47000 words. To do a "dictionary attack" you would have to go through 47000 words in each of the 7 locations to even get close to brute forcing the password. Lets not forget to include capitalization, punctuation, and spaces in there! Compare that with the 8 character password which is comprised of ascii characters. To brute force that, you would only need to try at most 120 or so characters in 8 locations. It is clear that using the easily remembered dictionary words is more resilient against a brute force attack.

Re:Oh great

[nine-times]

That's a problem with that website, but there's no way to help that. You can still use "correcthorsebatterystaple" in websites with sensible password requirements. Different sites having different password requirements is only really a problem if you're reusing passwords, which you're kind of not supposed to do anyhow.

Re: Oh great

[AK+Marc]

Those are easy to brute force (an uninformed dictionary attack with substitution is a brute force, of a kind). How long is the password? 6-8 chars? Then only look at dictionary words of 5-7 letters. Make the first letter caps, and do all the number for letter substitutions (brute force style), and a variety of punctuation at the end. That'd get 90% of the "secure" passwords I've seen. If that doesn't get it, try the $ for S and such, and start varrying the caps. With simple rules to look for, you'll be able to dictionary attack nearly all "secure" passwords.

Re:Oh great

Except with such a short password, standard brute forcing would crack Lib,lbts MUCH faster. The longer version is not susceptible to a standard brute force (in our lifetimes), and is still considerably complex with words, punctuation, and spaces.

https://www.grc.com/haystack.htm

Re:Oh great

[AK+Marc]

The dictionary attack doesn't know where the words are in the password. The entropy of a dictionary attack for a 5-10 word phrase is better than any 8 letter character, and much much better than 8 character password with regular rules.

Re:Oh great

No it's not. One is susceptible to a dictionary attack one is not. This is exactly why correct-horse-battery-staple fails.

Yes, it is. "Lib,lbts" can be brute forced in no time with a GPU. "Love is beautiful, like birds that sing." as a whole phrase is unlikely to be in the average password dictionary list.

Re:Oh great

the fact it took so long for this thread to reach this point of the discussion on passwords is complete bullshit in and of itself. Every website has it's own criteria for length and composition - this should be standard, 15 char password alpha-numeric-symbol password EVERY fucking place, numerical pins where currently present. So much win in this, or possible a level one, two and three password to discourage re-use between throwaway shite and financial accounts, etc. But there's no point arguing, there needs to be a fucking standard or else we'll be passing this same footbal around ten years from now.

Re:Oh great

[JonSchell]

Which is why you make up your own phrase. But in practice, the number of possible phrases that could be used make that kind of attack just as impractical as any other random attack. This is actually a simple cryptography concept that you're getting wrong.

Re:Oh great

[AK+Marc]

Most won't take good passwords because so many still limit passwords to 8 character for backward compatibility with Windows NT 3.1.

Re:Oh great

[houghi]

Also there are so many places where you need to enter a password that it becomes unusable for the majority of people.

All to often what I see is that IT people do not factor in the weakest link: humans. They do not factor in that their system is not the only system that needs protection.

At work I am forced to change my password every month. As I want to be able to work, I use the same one (and thus have more issues remembering my logins than my password.)

Next to that I have systems at home. I have ones on my phone. I have ones on a seperate PC. I log in at friends and ant to access my sites.

Use program X they say, as if that will never fail. If it is local, I will break it. If it is remote, I do not trust it with all my passwords.

Re:Oh great

[skids]

Because gen mobile needs to be able to type it on their crummy laggy error-prone on-screen touch keypads, preferably without ever shifting keypad state.

Re:Oh great

By that reasoning, the second one is subject to an 'alphabet attack', and alphabets are shorter than dictionaries...

Re:Oh great

I wasn't talking about "make up your own phrase", I was talking about "patterns that are likely to be in a book somewhere that is subject to OCR and indexing". If your phrase has 12+ characters, looks like a random pile of gibberish, and isn't sitting around in plaintext anywhere, I think it's probably going to be pretty secure.

Re:Oh great

Sorry, but you're wrong. The phrase has about 200 bits of entropy and almost no password dictionaries are going to have the phrase as is in them. Thus the search space is enormous. "Lib,lbts" only has 40 bits of entropy and could be cracked by something like John the Ripper in less than 7 hours.

Re:Oh great

[ihtoit]

if a quantum processor can crack RSA, it can blow through any passphrase. It's getting very close to breaking RSA (it's already technically broken the Internet).

Re:Oh great

Every website has it's own criteria for length and composition - this should be standard, 15 char password alpha-numeric-symbol password EVERY fucking place, numerical pins where currently present.

I'd go one further and say that there also needs to be two-factor auth on any site where you are conducting any kind of financial transaction, ESPECIALLY bank web sites. It's not like TOTP costs anything to implement anymore.

Re:Oh great

I just have short stanzas that are relevant to only me.

Re: Oh great

[roc97007]

Yes please force increased security requirements. I love having upper, lower, minimum length, numbers, punctuation, and a fecal sample all in a password for one of the billion websites that require accounts.

...and passwords will be written on sticky notes pasted to the underside of keyboards. Also fecal samples, I guess, when they start to be required. That should make the office experience so much more pleasant...

Re:Oh great

ttcol - Idiot ball

Re:Oh great

[rwa2]

"Love is beautiful, like birds that sing." is more secure than "Lib,lbts". Why are you making your password less secure?

Er, you made my password less secure, Mr. Insightful... it was: L15b,lb+s.Lin|_|,lriapo\/ . Just keep going through the poem until you have as few or as many entropy bytes as you need/like, and/or spell out as much of each word in each verse as you want (though the less it looks like something you'd read the better). But thanks for leading everyone down a tangent anyways ;-)

Re:Oh great

Of course, it does mean that you don't have any buddies anymore and you've got piss all over your toilet seat.

Re:Oh great

[roc97007]

In theory it is, but in practice "Love is beautiful, like birds that sing." is more likely to show up in a dictionary attack than a random string of gibberish. Just because it's nearly impossible to brute force doesn't mean it's necessarily a good password. Popular pharses, lyrics, Bible verses, etc can be substituted in a guessing algorithm just like using "$" instead of "S". Here's an interesting article about some of that:
http://arstechnica.com/securit...

Perhaps, but I think that's why the xkcd comic stipulated four random words. It's the human mind's ability to see patterns or visualizations in words ("It's a battery staple!" "Correct!") that makes such phrases easy to remember.

I agree that common phrases may not be good choices. But I'm pretty sure that "gopher banana rim plunger" would be fairly immune to attack, although perhaps unpleasant to visualize.

Re:Oh great

[mlts]

People should be moving to 2FA anyway as a general rule. With the fact that breaches and thefts of the entire password hash database are becoming the rule and not the exception, it is wise to not just have that single form of authentication be the only thing between your stuff and an attacker.

On the server side, what would help is a specific appliance, similar to a HSM that stores private keys, but dedicated for authenticating ID/password tuples [1]. The database stays on the device, and only ever leaves via a SD card slot [2] or gets replicated with another device. Authentication is done via protocol of choice, and the device itself handles the password comparison and returns the value. Timeouts can be placed in as well, so if someone is trying to brute force a user account, it would just return "no" for everything until the timeout expired, or perhaps a timeout message.

With a device like the above, a blackhat may be able to get everything else, but the hashed DB table is still not theirs, barring physical compromise.

[1]: It doesn't have to be username/password, but some unique identifier like a Windows SID so if the user changes their handle, E-mail address or other info, authentication can proceed as normal.

[2]: Not a USB slot since USB devices can present themselves as a lot of things. A SD card can be used for other things, but explicit drivers are needed. To boot, SD cards reserve a portion of their space for encrypted data.

Re:Oh great

[Culture20]

Passphrases don't help the root problem, that "memorable" implies low-entropy.

Except that the human brain can separate out words as atomics rather than the parts that make up their whole. This makes remembering a string of a small number of truly random words easy to remember.
Demiurgic precompel Pediculicidal superimpersonally trichromate Voq
increep Sporodochium impassioning Winesburg Spicknel bacon-and-eggs
Are those really so impossible to remember? The biggest problem is when someone starts using sporodochium in casual conversation a lot, you know it's part of their new random passphrase or they started a word-of-the-day calendar.

Re:Oh great

[ShieldW0lf]

Of course, it does mean that you don't have any buddies anymore and you've got piss all over your toilet seat.

These sorts of comments remind me that, even though my opponents are anonymous, I am nevertheless wounding them with my rhetoric. That makes me smile.

Thank you!

Re:Oh great

[Lunix+Nutcase]

If your phrase has 12+ characters, looks like a random pile of gibberish, and isn't sitting around in plaintext anywhere, I think it's probably going to be pretty secure.

You would be wrong. Even 13 character password that has both lower/upper chars, numbers and special characters still has less than half the entropy of a random phrase of 7 words and two punctuation marks.

Re:Oh great

[postbigbang]

I would agree with you, but we need to train them first so as to avoid the problems associated with the usual tech support issues. There are many that could easily qualify, including token devices, session-based tokens, even anonymized public keys. Many choices.

But businesses don't want the overhead, and no one seems to get punished except----> users when the info is breached or misused in any way. Nobody seems to get punished.

Re:Oh great

[vinn01]

>adopt passphrases

I'm frequently amazed at the abundance of web sites and app software that do not allow a space character in the password field. I've also had passwords rejected for using uncommon special characters.

Re:Oh great

For the most part I agree; just keep this in mind when you're choosing your words and punctuation:
https://hashcat.net/wiki/doku.php?id=combinator_attack

Re:Oh great

I have to type my password 100+ times a day. I can touch-type, but one typo usually means I have to delete it all and start over.

It's really hard to get Ctl+Alt+A wrong.

Re:Oh great

[Just+Some+Guy]

Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.

The part you're missing is Markov chains and Bayesian analysis. I'll bet a reasonable corpus of phrases would show that "is" follows "love" fairly often, and "love is beautiful" is far more common than "love is axiopisty". Similarly, "birds that sing" is hugely more likely than "birds that exhibitorship".

While the whole phrase is unlikely to be the first random thing someone types, each word in that phrase is quite likely to be the one chosen based on its predecessors. I still think correct horse battery staple is a poor idea compared to a strong randomly generated string, but /usr/share/dict/words on my system has 235886 entries and 235886^4 ~= 2^72. That's reasonably random. I would much rather have to iterate through Markov chains branching from each word in the dictionary and trying the likely phrases than to have to brute force each possible 4-word combination. I don't have the numbers to back it, but I bet you could reduce the search space by quite a lot of orders of magnitude.

Re:Oh great

Except that correct horse battery staple, is not actually susceptible to dictionary attacks.

You're supposed to choose the component words completely at random and use a number of words comparable to the number of characters in a good password.

The reason to do this with words instead of letters, is that words can be mapped to a mnemonic device, whereas people doing the same with letters will usually choose to use a single word which is how dictionary attacks get you.

Re: Oh great

[David+Jao]

A quantum computer can brute force a password quadratically faster than a classical computer. This speedup is much slower than the exponential speedup that a quantum computer enjoys against RSA. Long passphrases are still very secure against quantum attacks.

Re:Oh great

[kaiser423]

Good god, Fidelity kills me. Their password constraints are just arbitrary and crap and totally non-standard. Just waiting for them to get hit, because the password space compared to the number of users is a better ratio than just about anywhere else I can think of.

Re:Oh great

[Rei]

"Love is beautiful, like birds that sing." is more secure than "Lib,lbts". Why are you making your password less secure?

"Lib,lbts" is not brute-forceable in most contexts, and the concept of having to type in 40 characters every time you want log in is absurd. And if you don't think Lib,lbts is secure enough, then what about Lib,lbts.Linu,lriapov? It's a lot more secure than "Love is beautiful, like birds that sing" and takes half the time to type in, with half the risk of typos and all that comes with length.

Re:Oh great

[Rei]

The former being 13 characters long and the latter being about 50 characters long.
Make a sentence that abbreviates to 20 characters and it's more secure than your "7 random words and two punctuation marks" example. And probably a heck of a lot easier to memorize than seven random words and two random punctuation marks at random locations.

Re:Oh great

[Rei]

So why is a seven randomly-chosen word password, which would average in the ballpark of 50 characters, somehow less typo-prone than an abbreviation password a tiny fraction of its length for the same level of entropy?

Re:Oh great

Now there is one. :)

Re:Oh great

[praxis]

Use program X they say, as if that will never fail. If it is local, I will break it. If it is remote, I do not trust it with all my passwords.

Do you trust encryption? If you do, encrypt your password database and store it both locally and remotely. If you do not trust encryption, then almost every website you visit is already wide open to you anyhow so no point in having strong passwords.

Re:Oh great

[Jappus]

I have to type my password 100+ times a day. I can touch-type, but one typo usually means I have to delete it all and start over.

It's really hard to get Ctl+Alt+A wrong.

Try doing that in an SSH login shell. Or in a textual DBMS management console. Or in a general CLI tool that expects a password. Try it in a computer game that uses its own home-brewn dialog boxes.Or, do it in a text box that does not echo out characters, hiding the length of the password. Or password boxes that disable highlighting entirely.

Now do it, while knowing that you get locked out for 15 minutes when you enter the password wrong once or twice.

There are many situations in which the only way to recover safely from a typo in a password entry field is to hit backspace a few times.

Re:Oh great

Also, Ebay used to allow spaces and does not anymore.

Re:Oh great

[Wycliffe]

Except that if the goal is to get people to adopt a password manager (like the article suggests)
then having a bunch of overlapping and conflicting standards for passwords is probably the
best way of doing it. That's one of the things that has made me consider a password manager
because I can't remember which sites require a symbol or disallow a symbol or require a capital,
etc... The only thing that keeps me from using a password manager is that I use lots of
different computers, phones, tablets, etc... and I don't know of any password manager than
can manage multiple devices. Does anyone know of a password manager that works with
apps? Even if I wanted to, I don't think my android banking app would work with any type
of password manager intentionally or unintentionally.

Re:Oh great

[Jappus]

As others have pointed out above and before: Passphrases are neat and easy to remember --- but a nightmare to type.

There is no functional difference between typing X letters of a word, or X letters of random garbage once memorized. Indeed, I would rather argue that the (almost) random garbage is probably faster, since you could choose it for maximum typing comfort/speed, like more strongly alternating hands for typing and avoiding "distant" key combos, without greatly compromising entropy.

Now, add to this that words in almost all languages follow a nice pattern: Consonants-Vocal-Consonants-Vocal. Usually with a 1.5:1 ratio of consonants to vocals. So your actual entropy for pure word-length compresses down by a similar factor.

So, in difficulty of brute forcing (if the attacker knows you chose either garbage or words) 10 letters of random garbage equal about 15 letters of regular words; give or take a few characters.Add to that the speed argument above, once you've memorized them

This means that a passphrase gets more secure only after it has already become far more time consuming to type.

Finally, at some point (currently at about 10-16 chars, depending on the algorith), it becomes easier to break the password hashes by finding collisions that to brute-force the password.

So congrats for your passphrase having 2000 bits of entropy, when it still only takes 15 minutes to find a SHA1 collision against your password.

Re:Oh great

correcthorsebatterystaple

Which gets truncated to "correctho" on those same ancient legacy systems. No, your password is not hard to crack given a utility such as "John the Ripper" and a Dictionary for which there are a plenty.

Your password strength is 4*words in the dictionary, which is statistically very low.

Re:Oh great

[Wootery]

Steve Gibson (yes, Steve Gibson) did a podcast on why 'clever' tricks to choose memorable passwords, might not be such a good idea.

Short version: the bad guys know all the little tricks like replacing 'a' by '@'. Whether this is particular trick would be more resistant, I'm not sure.

Re: Oh great

Which is hopefully mitigated after your IP gets banned for what appears to be a brute force attack. I agree with the method, but too many companies are lax on all security so a password policy is not much help.

Re:Oh great

> The part you're missing is Markov chains and Bayesian analysis

This is why you memorize the phrase but you dont choose it.

You should search for read BIP39 and read the spec.

It basically requires users to memorize 12 word passphrases which they cannot easily choose on their own , but must instead get from an entropy source.

Re:Oh great

[Just+Some+Guy]

I'm perfectly fine with that (except 12 words?!? seems very likely to make people use the Post-It note password manager), but that's quite a lot different from what we were discussing.

Re:Oh great

[hawguy]

I believe you are incorrect. The phrase contains 7 dictionary words. The linux dictionary contains more than 47000 words. To do a "dictionary attack" you would have to go through 47000 words in each of the 7 locations to even get close to brute forcing the password. Lets not forget to include capitalization, punctuation, and spaces in there! Compare that with the 8 character password which is comprised of ascii characters. To brute force that, you would only need to try at most 120 or so characters in 8 locations. It is clear that using the easily remembered dictionary words is more resilient against a brute force attack.

If you know the password is made of an English phrase, you can cut down the phrase search space a lot by applying english grammar rules.

Re:Oh great

[thegarbz]

I would like to see a password cracking tool that actually follows what you say.

See the problem with what you propose is that all it takes is one character to be wrong and your entire guessing game falls in a heap. Is there a comma in there? Did they end with an exclamation mark? When looking at the number of possible words that could be strung together to create a grammatically correct sentence, add the necessary grammar, and pray to god someone didn't miss-spell a word or add a number, you're effectively brute forcing for a stupendously large dataset.

The way it works in real-life (tm), a dictionary attack is performed with 1 word. If it doesn't find it hit, dump the target and move on to the next person who is likely to use one word. If evil-dooers (tm) really want your data they'll coerce it out of you, or social engineer your password. No one sits down and brute forces passwords with complex Markov chains and Bayesian analysis.

Re:Oh great

[complete+loony]

... no Google hits.

Well, now there is.

Re:Oh great

Bosco!!!

Re: Oh great

[AK+Marc]

How does the brute force get banned when I have the local copy of the authentication database to test against?

Re:Oh great

This is why I am using a phone that's 2 1/2 years old, and I will probably keep using that phone until I can't.

It has a real keyboard.

Re:Oh great

Berma Shave!

Burma Shave, unless maybe you're misspelling it to throw off dictionary attacks.

Re:Oh great

[mjwx]

"rrrybgdts" is a nursery rhyme. It doesn't even have to be written on a sticky.

This is a really bad way of choosing passwords.

The number of verses of songs, nursery rhymes, poems and paragraphs that people would tend to think of probably number less than a million.

Your particular example has 946 hits on Google.

This,

Commonly used passwords are vulnerable to dictionary attacks, that doesn't change when you use passphrases. If you use common lyrics or phrases they'll be more vulnerable than random words put together in a way that your brain forms a coherent link between.

Re: Oh great

So why not use a phrase made of random words that have nothing in common with each other?

Perhaps a phrase like "Correct horse battery staple"?

Re: Oh great

I didn't know we were pretending you were a ninja who has infiltrated the building, found the server room, brute forced root, brute forced the ldap, and were able to escape with a copy.

You are right, in that case I am screwed.

Re: Oh great

(1/size of dict)^wordCnt*size of dict

Not 4 words. Four words, in order and correct.

If my word isn't in your dictionary, replace the above with zero.

Re:Oh great

[goodgod43]

But you can use more than four words. You can use entire sentences. Something memorable for a bank as an example. "Thefrontdoorofthebankhasrustonthebottomhinge". Or "TheofficemanagerCindypluckshereyebrowstothin". Easily memorable Brazilian nut code. (Bloody hard to crack).

Re:Oh great

[nabsltd]

Commonly used passwords are vulnerable to dictionary attacks, that doesn't change when you use passphrases.

Yes, it does, unless you do all the following:

• Pick the words for your pass phrase from a small, well-known dictionary.
• Follow the spacing expected by the attacker.
• Use only the case the attacker expects (all upper, all lower, proper caps, etc).
• Use only letters and spaces...no punctuation or special characters.
• Don't do any substitution of characters (no l33t, etc.)
• Spell every word correctly.

It's easy to create a phrase that is personal to you and won't appear in any Google search. But, even if it does, if you don't just use lowercase letters with the words run together, it will take a long time for the attacker to run through all the permutation tricks on a 40+ character phrase.

And here's a really good one...the part of your post that I quoted would make an excellent pass phrase, since it contains one word that isn't in the *nix words list. Something as simple as making a compound out of "pass phrase" is enough to cause an attacker pain if they use the wrong dictionary. And, when attackers start including every single "word" in their dictionary, it gets even closer to brute force. When you use "Tatooine" and "Mordor" in your pass phrase that doesn't in any other way reference "Star Wars" or LoTR, it's pretty secure: Tucson is hot, but it's no Mordor or Tatooine. Easy to remember, easy to type, but painful to crack.

Re: Oh great

[AK+Marc]

Or the piles of corporate breaches where they keep the (encrypted but not salted) user database on the public web server, and that server is hacked, being public and all. No need to go on site.

Re:Oh great

[mjwx]

Yes, it does, unless you do all the following:

Not really, the first step in a dictionary attack is to go though the first 1000/10,000 most commonly used passwords. You do the same with pass phrases. If you use a commonly used phrase, its the same as using a commonly used password.

Re:Oh great

[j-beda]

The only thing that keeps me from using a password manager is that I use lots of
different computers, phones, tablets, etc... and I don't know of any password manager than
can manage multiple devices. Does anyone know of a password manager that works with
apps? Even if I wanted to, I don't think my android banking app would work with any type
of password manager intentionally or unintentionally.

Find a password "safe" format that is well documented and widely supported, memorize a good long passphrase for that safe, and deploy it on some cloud service somewhere like DropBox, then each of your devices can access the safe, and you have a variety of software to manage the data. Schneier's "Password Safe" format seems like a good choice:

https://en.wikipedia.org/wiki/...

http://passwordsafe.sourceforg...

Even if it does not work with everything you might want it too, a password manager can make for much better security and convenience for large chunks of one's online life, at the expense of having a single point of failure I guess.

Re: Oh great

My rule is that if there's no credit card, address or phone data stored, the password is 'password'. 'Password12#$' if they want to be smartasses.

Re:Oh great

0000 is appropriate for nuclear security.

Re:Oh great

It's not hard to roll your own nursery rhyme:

I only have three fingers,
Suspended by three springs.
Instead of choosing passwords,
I do more important things.

There ya go, no Google hits.

Dammit! That's the password for all my data! Now I have to go and change all my passwords again! Thanks a lot, buddy. You just got put to the top of my shitlist.

Re:Oh great

You want to believe that. But you don't.

Re:Oh great

a major bank in Australia uses non-case sensitive passwords :P

Re:Oh great

[omfgnosis]

In theory it is, but in practice "Love is beautiful, like birds that sing." is more likely to show up in a dictionary attack than a random string of gibberish.

Since the suggested alternative was to use the first letter from each word in the phrase, it's only more likely if the people maintaining the dictionary are idiots. Anyone actually targeting pass phrases with a dictionary would maintain a dictionary of the abbreviated versions as well, because they're likely to be aware of dumb debates like this.

Re:Oh great

"Love is beautiful, like birds that sing." is more secure than "Lib,lbts". Why are you making your password less secure?

And far more easy to remember.

Although very tedious to type, which is why it would hardly get used. I only use things that long for stuff like WiFi access points where the mobile device is going to be set to remember the password anyway. At least I can remember it though, unlike some randomly generated code that will inevitably get written down.

That's about the wierdest reasoning I've seen in a while.

"... stuff like WiFi access points where the mobile device is going to be set to remember the password anyway ..." are pwords that you're not going to use often, so should be written down (Post-It note in your wallet). Bruce Schneier says so.

"... very tedious to type ..." kind of screams "unlikely to be used as a pword", doesn't it? Obscurity != security but should discombubulate script kiddies at least.

Re:Oh great

[Altrag]

This is easy to short-circuit. If you make the user pick 4 random words, then just exclude "is", "the", "are", etc from the count (but NOT from the phrase.)

So "This is a fairly long phrase" = 4 words, and "bebop camera total banana" also = 4 words.

There will still be certain phrases that will be more common than others of course across a large enough population sample, but discounting the "connector" words allows the user to generate a passphrase that's still grammatically correct and easy to remember for a person but leaves the Bayesian analysis and similar in the dust. (In the example, while the first is probably still a bit easier for the analysis thanks to being grammatically correct, its still 6 "real" words instead of 4 to analyze, essentially adding an entire extra word each to compensate for "is" following "this" frequently and "a" being an extremely common word in general.)

Re:Oh great

Actually, it's Myanmar Shave now.

Re:Oh great

Does no-one here have a sense of humour anymore? Why is it all about "wounding" with "rhetoric"?

Re:Oh great

[LQ]

"rrrybgdts" is a nursery rhyme. It doesn't even have to be written on a sticky.

And, of course, nobody would have Row Row Row your Boat as their password so the crackers are unlikely to try it.

Re:Oh great

[oobayly]

How the hell is that 7 word phrase with punctuation (I'll ignore the case, as only the first word is capitalised) susceptible to a dictionary attack?

If I tell you that my password contains 7 words (contained in my /usr/share/dict/words which is 99171 lines long), with a comma after the 3rd and a full stop at the end, you will still have to search through 94,339,343,028,749,422,154,850,189,341,666,091 (9.4E34) combinations - best get cracking. If I'm even nicer to you and tell you that none of the words are repeated, then there are only 94,319,367,837,042,826,040,647,505,756,227,200 (9.4E34). It turns out that when I'm being nice, I'm not being that helpful.

I do use random alphanumeric passwords, because I can remember quite a few of them - it takes a while to remember them and it's massively annoying when I have to change one.

However for my company's keepass file, I use a pass-phrase that is an incorrect quotation from a well know poem - go on, have a guess.

Re:Oh great

[houghi]

How do I have access to that database? Or are you talking about just a file? If I am at a friends, I do not want to install any software on it, just as I would not want them to install anything on mine.

I already had to explain once that running putty was NOT the cause of their virus.

Re:Oh great

We're being awfully slow about teaching people to adopt passphrases. Simple, no number no symbol nonsense.

"rrrybgdts" is a nursery rhyme.

1. That's not a passphrase, that's a password. You're using a mnemonic technique to memorize it. Don't confuse the two.
2. It shouldn't be difficult for you to work some upper/lower case and numbers into that to make it stronger.
3. Symbols and numbers aren't nonsense. Increasing the amount of values available per character used increases strength, more possible combinations with the same amount of data remembered.
4. The XKCD comic about 'correct horse battery staple' makes the mistake of assuming that the strength of a password lies in the length alone. This is horribly false, and such a passphrase is extremely weak against a dictionary based attack. And the more common the words used, the weaker it gets.
5. The point the author makes is that it's better to use one extremely strong password to guard a password manager, which is stored locally and not subject to being compromised as a result of a remote system breach, than it is to use (or even re-use) a series of much weaker passwords/phrases for all your logins. It may be a 'single point of failure' but it's a single point under your own control, and in the event of a known or suspected compromise, it's relatively simple to change all your passwords on all your services long before someone would be able to brute-force your password vault.

Re:Oh great

Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.

Here's how a serious attacker goes after a database.
- Run a simple brute-force, all-possible combinations, up to a max length of maybe 5 or 6 characters.
- This will pick off the low-hanging fruit, and really doesn't take all that much time. Especially if you can split up the job across a few dozen machines, something easily available to anyone running a botnet of any note.
- Move on to a Dictionary attack. Run a dictionary with a permutation engine against the database. This will pick off people using common words, and words which use common permutations (such as replacing 'a' with '@', and 's' with '$').
- If you're still not getting in, and want to keep trying, move on to brute force. But don't run a simple brute attack where you increment through all combinations in order, and don't just make up random strings to guess. Instead, expand your Dictionary permutation engine to begin running series of words, scrambled order, etc.

If you are attacking a specific target, and suspect that they are using a passphrase, skip directly to the final step.

The logic behind this is simple- out of all the possible combinations, the vast majority do not contain any words over three characters in length, or any real phrases. By checking all options which DO contain at least one, or more, real words you vastly reduce the worst case time-to-guess because you're not checking most of the possible combinations. Thus, "correct horse battery staple" will be checked far sooner than it would if you were checking ALL possible combinations in order. A good attacker will also take into account things like average word length, common phrasing and word groupings, insertion of spaces and punctuation, etc.

Re:Oh great

[AmiMoJo]

Two factor authentication is the way to go, but we need to build systems that allow every random web site to use it at near zero cost.

Re:Oh great

[AmiMoJo]

Any half competent dictionary attack will include variations of punctuation and capitalization. Even with them, the number of attempts required is within the ability modern hardware to process in days or weeks. There is a lot of GPU power available, not least thanks to Bitcoin mining first pushing multi-GPU rigs and then abandoning them in favour of ASICs.

Re:Oh great

Sorry, but you're wrong. The phrase has about 200 bits of entropy and almost no password dictionaries are going to have the phrase as is in them. Thus the search space is enormous. "Lib,lbts" only has 40 bits of entropy and could be cracked by something like John the Ripper in less than 7 hours.

If your Dictionary attack isn't capable of permutating words, and combining them together into phrases, including extremely common ones like "as is", and then permutating those, then you're not even starting to be serious about things.

Lib,lbts is indeed a weak password, but it would be extremely simple to expand the mnemonic technique to make it twice as long and much more random.
A better approach is to use a password generator to make a strong password, then use a mnemonic technique to memorize it, as opposed to building the password from the phrase.

And I disagree that the phrase has 200 bits of entropy, because any serious brute-force will start by eliminating all of the combinations which contain real words prior to moving to purely random strings. You need to remove all combinations which don't contain real words from the possible space when calculating entropy against any attack which works this way.

Also, people really suck at picking anything at random, especially words. So a clever attacker can further reduce the potential search space using several fairly simple methods of weighting the words.

Re:Oh great

[tburkhol]

If I tell you that my password contains 7 words (contained in my /usr/share/dict/words which is 99171 lines long), with a comma after the 3rd and a full stop at the end, you will still have to search through 94,339,343,028,749,422,154,850,189,341,666,091 (9.4E34) combinations - best get cracking.

If you also tell me that your password is a semantically valid English language phrase, then the vast majority of those 9e34 combinations can be excluded. So, "Love is beautiful, like birds that sing." is less random than "reconform uncharitable caldera poorly" The phrase is easier to remember; has more characters, but is drawn from a smaller space.

I would love to see a password validator that just runs some of the common dictionary attacks on the password, and tells the user how long it took to break. If it breaks within 10 seconds, or 30 seconds, reject the password. People are terrible at estimating randomness, but giving them direct feedback will help them understand what really makes a hard to guess password.

Re:Oh great

[jfdavis668]

*Burma Shave

Re:Oh great

[nabsltd]

If you use a commonly used phrase, its the same as using a commonly used password.

As I said, if you "pick the words for your pass phrase from a small, well-known dictionary", you're going to be in trouble. A "commonly used phrase" would be the extreme version of using a limited pool of words.

Though, if it is enough words, and you use some kind of mutator (vary spacing, capitalization & punctuation, use l33t, etc.), even knowing the exact phrase would take a few thousand guesses to find which mutators were used in which position.

Re:Oh great

[EdwardFurlong]

My work has two logins with some variation of name and birthday, this past summer I took two classes, each school had a variation of name and numbers. Between them all I was logging in at least 20 times a day. Each password ended up being slightly different. Talk about confusing.

Re:Oh great

I am in this camp on this debate. I like using movie quotes, including punctuation. When it comes to spelling, I'll mix British English spelling with American English spelling. Sometimes, I'll substitute programming symbols for words. The only problem is with sites that still think you only need a 12 character password. It's this attitude that I just don't comprehend. It doesn't cost them anything to let me enter a passphrase of whatever length I choose and yet they limit me to 12 characters.

I am not a fan of just using the first letter of each word in a sentence because that is still hard for me to remember. It ends up looking like a random collection of letters, numbers, and symbols to me. I do much better with full sentences because that is very easy for me to remember and I end up with a very long passphrase that I can still type quickly and accurately.

Re:Oh great

gopher banana rim plunger

Rule 34. No exceptions.

Re:Oh great

[MrNiceguy_KS]

Which is why you make up your own phrase.

Forget making up your own phrase - just talk to a child under 8 for a little while. I guarantee they will say something completely random, totally memorable, and guaranteed not to show up in a phrase-based dictionary. Here's a sample of passwords I have used in the past that originated with my nephew - now 7.

I wanna be a squid when I grow up!
I'm a lizard in a swimsuit with a wedgie.
The backyard smells like a wombat
My grandma's stinking it up!

(The last one, by the way, was shouted when Grandma had taken him into a public bathroom with her. No relevance whatsoever to picking a secure password, but just take a couple of seconds to imagine walking past a public bathroom and overhearing a kid yelling that.)

Re:Oh great

[nine-times]

The concept of the "correct horse battery staple" was that they were randomly chosen words. As I admitted in my post, the idea of using a line from a poem kind of falls apart insofar as it's possible to have that poem in the dictionary used in a dictionary attack.

The "correct horse battery staple" idea is sound, and isn't particularly vulnerable to a dictionary attack since a dictionary attack consists of checking likely combinations. If the words were chosen randomly, then there aren't "likely combinations", and you're back to talking about a brute force attack. Therefore, as you point out, you're going to be trying 235886^4 combinations to brute-force it, and that's assuming that all four words are in that dictionary.

Re:Oh great

[Wycliffe]

This is still a royal pain. So now to check the balance on my checking account, I have to login to dropbox,
type in my password, find my banking password, copy or temporarily memorize it, open up my bank app
and log into my bank app.

A password manager is suppose to make it easier. It's ALOT easier to just memorize my banking password.

Re:Oh great

[jeffmeden]

> asserting that a single point of ultimate failure is the most important technology

Yeah, it's important all right. Critical, even.

We're being awfully slow about teaching people to adopt passphrases. Simple, no number no symbol nonsense.

"rrrybgdts" is a nursery rhyme. It doesn't even have to be written on a sticky.

9 alphas in lower case counts as sufficiently complex? That's like 42 bits. How about "r^3ybgdts,m^4libad". Still a nursery rhyme, eh?

Re:Oh great

[praxis]

Perhaps I misunderstand you. It seems like you want a database/file that is accessible from any internet-connected device regardless of software installed upon it. That's a desire I don't know how to ensure. Windows does not have an SSH client without running a downloaded binary. Not all machines have browsers. Those that do, I am not sure I would trust their browser.

What is it you actually want?

Re:Oh great

[Triklyn]

his comment was more amusing than your retort

Re:Oh great

[bluefoxlucid]

Memorable does not imply low-entropy.

There are 26 letters that you know of, each in two variations, with 10 numbers, a space bar, and 32 symbols. Each individual item is one of 95 characters, if you're not using accented characters. If you are using accented characters, you have graves and back-graves and umlauts and circles above the vowels letters, and a tilde above the vowels and n, and the German long S, totaling 27 additional characters, making 122.

There are thousands of English words. A fluent person should at least know 850 basic English words, plus all their variations (plurals like "cows", verb conjugations, and parts of speech modifiers like "happily"), plus hundreds of domain-specific vocabulary words from their own specialist knowledge.

Memorizing a random string of numbers is hard; memorizing a story is easy. To put this into perspective: Black Boys Raped Our Young Girls, But Violet Goes Willingly. Black, Brown, Red, Orange, Yellow, Green, Blue, Violet, Grey, White. Resistor color codes, 0-9. Even the unordered colors are hard to remember.

A small, random set of independent characters from 94 possible values is itself hard to remember. Each character is one object, unless entropy is removed. The natural conclusion is to chunk characters into something memorable: words. Rather than remembering individual instances of 94 things, you produce largely random instances out of a pool of 3000-5000 things. You can assemble these into a superstructure (Horse rocket pen ninja) and turn that into a verbal description (a HORSE riding a ROCKET PEN under attack by NINJA), and turn that into an image. You can make alterations (ninja vs ninjas). You can recall this image, recall the story, and recognize which subject matter--in the verbal recall and the visual recall--relate to your passphrase.

With four words out of a vocabulary of 5000, 8 completely random characters produce 10 times the number of possible combinations. Four random words produce about 2 million times as many possible combinations as would deformations from a dictionary word averaging 3 possible transformations per letter on an average of 8 letters, 5000 * 4^8 (5000 words times 4 possibilities in each of 8 positions).

So 'b0x(u%7eR', being considered equally as likely as 'cat', is has 1/2,000,000th of the entropy of "horse rocket pen ninja", and is harder to remember. 'a84Xg&S%' has 10 times the entropy of "horse rocket pen ninja" and 20,000,000 times the entropy of 'b0x(u%7eR', and is much harder to remember. There is an entire class of less-memorable passwords with a fraction of the entropy of highly-memorable passwords, and an entire class of non-memorable passwords with a slight fraction more entropy.

Re:Oh great

[bluefoxlucid]

There is no functional difference between typing X letters of a word, or X letters of random garbage once memorized.

I see you haven't switched to dvorak.

Re:Oh great

And can be brute forced in minutes.

Re:Oh great

xkcd is close but in high school we had a game making up new words. Mine is 35+ characters long, I never shared it with anyone and has served me as an uncracked password for nearly 40 years. Make some gibberish up, memorise it, never divulge it - you're good against almost anything except MiM or keylogger attacks.

Re:Oh great

[PrimaryConsult]

Probably more an ancient Unix backend. My college for the longest time truncated the Unix passwords to the first 8 characters (both when setting and authenticating). We used to type in the first 8 letters carefully then type an additional 10 characters randomly to confuse shoulder surfers... this was still the case as late as 2008.

Re:Oh great

As does a major bank in the USA.

Re:Oh great

[ripvlan]

You are assuming the Dictionary is from Webster. It isn't in this case - it is a rainbow table containing all possible combinations of 7,8,9+ characters. Kind of the million monkey Shakespeare scenario - sooner or later they'll get to that combination. I remember a password cracker that used to put 2 & 3 word combinations from the Unix dictionary together to build up its guessing-dictionary.

Now - 7 words vs 7 letters, the dictionary is smaller for 7 letters and can be broken in "seconds." 7 Words (about 56 letters) - I don't think rainbow tables are that large yet.

A co-worker used to monitor the size of rainbow tables and always make sure his password was 1 character longer. That may have also been his versioning mechanism. "1" "11" "111" "1111" .... easy to remember and "harder" to guess. I knew another guy who used the password "za" - his reasoning: yeah lots of people might try "a" but who tries "z" ? and people might try all 1 character passwords and then move onto longer ones like length "8"... figuring they'd skip length "2" because only dumb people have length 1 - everyone else has at least 6 or 8. He was probably good at the Battle Ship game.

I use 2-factor with Google and have yet to receive a text message indicating that somebody has guessed my relatively short password. Living on the edge :-)

 

Re:Oh great

[ripvlan]

>> But I'm pretty sure that "gopher banana rim plunger" would be fairly immune to attack, although perhaps unpleasant to visualize.

Not anymore.

Re:Oh great

[doccus]

I have to type my password 100+ times a day. I can touch-type, but one typo usually means I have to delete it all and start over.

It's really hard to get Ctl+Alt+A wrong.

Try doing that in an SSH login shell. Or in a textual DBMS management console. Or in a general CLI tool that expects a password. Try it in a computer game that uses its own home-brewn dialog boxes.Or, do it in a text box that does not echo out characters, hiding the length of the password. Or password boxes that disable highlighting entirely.

Now do it, while knowing that you get locked out for 15 minutes when you enter the password wrong once or twice.

There are many situations in which the only way to recover safely from a typo in a password entry field is to hit backspace a few times.

And this is why I hate really complex passes. You're right there's way too many inaccessible dialog boxes. The worst though are the ones that fill the entire screen while you need to enter the PW. Unless you've got it written down on paper, and, it's typed (or you have really legible handwriting ;-) you're SOL...

Re:Oh great

[Taed]

I think that "rrrybgdts" would be a poor password, as a Google search shows it's a common "word" and is used as a user name on a bunch of sites, so it could easily end up in a password dictionary.

Re:Oh great

[AK+Marc]

The best thing about Unix was that non-characters were often accepted. If you type "abb[backspace]cde" for your password in Unix, you'd have to type it the same way every time, including the backspace at the right point. But in Windows, that's stored as "abcde". Those kind of things would really mess with the shoulder surfers.

Re:Oh great

[cwsumner]

The dictionary attack doesn't know where the words are in the password. The entropy of a dictionary attack for a 5-10 word phrase is better than any 8 letter character, and much much better than 8 character password with regular rules.

A few years ago I would have agreed with you. But now days the entire poem, with the authors name, could be in the dictionary used to decode.
Also it can be checked, not as individual words, but as a linked list in multiple dimensions.

Re:Oh great

[AK+Marc]

A linked list in multiple dimensions wouldn't reduce the entropy. The entropy given in the XKCD example assumes you are using the best possible dictionary attack against it. But yes, taking any common well-known phrase will make it open to a "pure" dictionary attack. "Busch" won't be found in a literal English Dictionary, but would be in a hacking dictionary. The hacking dictionary is distinct from a linguistic one. And common phrases in poems and such would likely make it into the hacking dictionary. The entire poem could be in there, but someone that uses the entire poem, except the first word, would be very very secure, unless every combination of words in the poem was in the dictionary, in which case the dictionary will be nearly the same as a brute force attack.

Re:Oh great

[thegarbz]

Your so called half competent dictionary attacks (I say so called because you're brute forcing components between words) will fail. The pool of possible combinations you describe effectively would be doing full brute-force attacks in an amongst dictionary words, and then you claim some kind of Bayesian trick will make it all faster.

No.

"battery-horse#staple", not knowing the length is still many orders of magnitude more difficult to crack even with a dictionary attack, even with your mythical super intelligent dictionary attack, than 8 characters containing at least one number, one upper case and one symbol. Yet it is still orders of magnitude more easily remembered. For that matter "battery-ho#se_staple" is nearly as easy to remember but just screwed your dictionary attack completely.

And all of this is beside the point. Compromised servers are subjected to rainbow attacks on the hashes, not brute forces on passwords, and uncompromised servers will not afford you the luxury of a squillion attempts every second.

Please stick to realistic scenarios.

Re:Oh great

Just make sure she always puts the lid down too. Equally inconvenience everyone!

Re:Oh great

I'm pretty sure that "gopher banana rim plunger" would be fairly immune to attack, although perhaps unpleasant to visualize.

HEY! You stole the password for my goatse account!

Re:Oh great

[CKW]

And most banks still consider knowledge of your birthday as an authentication question. Not identification, authentication.

I know of a few big banks that only allow numeric digits! "Between 8 and 12 NUMERIC DIGITS".

Effective MAXIMUM security level -- 6 character password.
Poteltial MINIMUM security level -- 4 character password.

One of those institutions considers the account number itself as some "sup3r secr3t" number that only you are supposed to know, they warn you "don't let anyone know, keep your record of the account number secure".

Many passwords just don't matter.

[LWATCDR]

For example I am not worried that someone might get my Slashdot password.
Email, shopping and banking passwords are the ones I worry about.

Re:Many passwords just don't matter.

[Shortguy881]

Posted by AC posing as LWATCDR

Re:Many passwords just don't matter.

[aardvarkjoe]

The thing is, with a good password manager, there's no reason to have a weak password, even for the sites that you aren't worried about.

Most non-technical people (the ones who we're most concerned about in terms of password security) aren't very good at figuring out where security is and isn't important. For instance, I can't count the number of times I've heard statements along the lines of "I don't care about my e-mail password, because I don't care if a hacker could read my e-mail." Better to create tools methods to make sure that people can conveniently create secure passwords across the board, rather than hoping that people will make the correct decisions related to security.

Re:Many passwords just don't matter.

[Falos]

Password reuse (see XKCD#792) is risky behavior and having a throwaway tier is good security. Having multiple password tiers requires operational brain cells, though, so I put more emphasis on undoing the headache of symbol training that doesn't offer much protection anyway. Every attacker is accounting for swapped 'e's and '3's, folks, that doesn't help.

Re:Many passwords just don't matter.

[Dynedain]

The thing is, with a good password manager, there's no reason to have a weak password, even for the sites that you aren't worried about.

And there you hit the nail on the head. There is no *good* password manager. Safari's password generator and keychain comes close because it follows you between desktop and mobile devices, but it limits you to Apple's browsing products. Chrome is next best, but again, only works in Chrome browsers, and doesn't have built-in password generation.

I use Keepass and keep the secured file on dropbox to sync across devices. But yet again, limited to where I feel safe pulling from dropbox, and requires a 3rd party app that will be unavailable (or insecure) on shared devices. Plus, it's tedious to open, try to find what you're looking for, and copy/paste out. In-browser integration is required feature to actually get widespread adoption.

Re:Many passwords just don't matter.

[AK+Marc]

Yep. Any account that can compromise others gets a unique, secure password (email and others that can be used to reset any others). Forums, like here, get dictionary-attackable passwords. Who cares if someone takes this account? So "chair" it is. Hopefully that's not actually it, I never see my own passwords anymore with password storing programs.

Re:Many passwords just don't matter.

[gurps_npc]

Totally true - and programs like slashdot should insist people use simple passwords.

The equivalent of putting a luggage lock on your luggage, as opposed to a real lock.

Among other things, it will discourage people from reusing a slashdot password for something that matters.

Re:Many passwords just don't matter.

[nine-times]

The thing is, with a good password manager, there's no reason to have a weak password, even for the sites that you aren't worried about.

Depends on what constitutes a "good password manager". I would say that for this to be true, I'd need a "good password manager" that was easily and transparently accessible on any platform that can access the internet, without installing anything, and without exposing my password to others. Otherwise, I can think of plenty of reasons why I'd want to be able to remember my passwords.

Just for example, let's say I want to log into my Netflix account on my friend's Roku box so that we can watch a movie. If I don't have any other devices handy, how do I get my password from my password manager?

Re:Many passwords just don't matter.

[Narnie]

Every attacker is accounting for swapped 'e's and '3's, folks, that doesn't help.

I've moved on from the common 1337 substitution in my passwords and started substituting my QWERTY keyboard with a Dvorak keyboard. When it's time to change passwords again, I'll get a Cyrillic keyboard.

Re:Many passwords just don't matter.

Pretty sure 1Password addresses every issue you have. Even integrates nicely with TouchID on iOS devices. Anyway, works great for my needs.

Re:Many passwords just don't matter.

[Daniel_Staal]

I just had an excellent counter-argument today: Work uses one password to log into their benefits site and into the handheld scanner used on the floor. The handheld scanner has a keyboard of less than 20 keys - numbers are easy, letters are hard, capital letters are really hard, and special characters are impossible. And there's no other input.

My login to my benefits is now controlled by the password I can type into what's basically a telephone keypad. Because that's where I need to type it a couple of times a day.

Re:Many passwords just don't matter.

[praxis]

I would say that for this to be true, I'd need a "good password manager" that was easily and transparently accessible on any platform that can access the internet, without installing anything, and without exposing my password to others.

That's a fairly impossible requirement to meet. If you want to access your secure store from an untrusted machine--which it sounds like you do--then there are no good password managers.

Re:Many passwords just don't matter.

[rmdingler]

Totally true - and programs like slashdot should insist people use simple passwords.

The equivalent of putting a luggage lock on your luggage, as opposed to a real lock.

Among other things, it will discourage people from reusing a slashdot password for something that pales in comparison.

Your bank account? It's just money. You've blown it before and earned some more.

Your e-mail password? Well, you definitely don't want just anyone posing as the relative of your long-lost cousin of royal Nigerian descent.

But Slashdot? Imagine the destruction wrought with your account in the hands of APK for 24 hours.

Re:Many passwords just don't matter.

Your bank account? It's just money. You've blown it before and earned some more.

Your e-mail password? Well, you definitely don't want just anyone posing as the relative of your long-lost cousin of royal Nigerian descent.

But Slashdot? Imagine the destruction wrought with your account in the hands of APK for 24 hours.

At that point life would no longer be worth living. I would kill myself.

Re:Many passwords just don't matter.

I use Keepass, but I'm just waiting for the day a widespread virus starts going around looking for databases in memory and then sending them somewhere. Now I've lost not just one site, but every site I've ever used on the internet and every server I have access to (actually spread out over a few different files for different clients, but wouldn't really matter as long as I accessed it while infected).

There's not going to be any recovering from that, short of faxing government issued ID to any large site that allows it (assuming your real identity is even connected) and just forgetting about any smaller ones and starting over. Even asuming nobody sues over a hundred websites I've worked on getting hacked simultaneously, it could still be almost career-ending.

One thing I sometime do for extremely critical passwords is to keep a physical list of passwords hidden in my house, and then in the password database just stores websites, usernames, and the id of the password on the piece of paper. That way there's no digital copy of my passwords if I get hacked, but if someone were to rob my house, they would at best find a sheet of paper with nonsense written all over it, and even if they somehow knew what it was and looked on the computer, good luck getting into the password database.

Re:Many passwords just don't matter.

Yes. For a few months I tried using symbols that couldn't be typed on a keyboard, but then I encountered situations where I couldn't copy and paste, and was simply locked out.

I also encountered many systems where they would accept the password for setting, but then when I tried to log in they would refuse it, completely locking myself out of the system without doing a password reset.

Re:Many passwords just don't matter.

[squiggleslash]

I've yet to come across a "good" password manager. They may exist, but almost all, for example, are installed on a single machine or are part of a single app (web browser, SSH client, etc) that may or may not have a mechanism to be sync'd, using "trust me, I'm safe, honest" security, between different machines.

Even at home, I don't use a single computer. In practice, in the real world, we all now have times we need to access the same resource from work, from our primary home computer, from a phone, from a tablet, etc.

It's easier and more secure, for me and I suspect everyone else, to adopt the classic "Use two or three base passwords that contain a field associated with the website itself (eg. "password123.sd", "password123.yh" for Slashdot and Yahoo respectively) than constantly cutting and pasting between an app on a single machine you may or may not have access to when you need it.

We need something better than password hell. We had a chance with OAuth, and kinda blew it thanks to the fact that me logging into a website with Goohoo or Facespace almost always involves giving it permission to access some unknown poorly defined information about me that I don't necessarily want it to have (and don't necessarily want Goohoo or Facespace to have either)

Re:Many passwords just don't matter.

[squiggleslash]

Well, he wants to access his limited security account from a trusted machine that belongs to someone else, which is not quite the same thing. You're looking at it from a black box security point of view, but in practice he knows the parties involved, he knows what the security set up is, and he knows the degree of control he has over the situation, and given those inputs he's making a perfectly reasonable decision to enter his password into the box involved.

And yes, there are no good password managers, because they don't handle that situation, and that situation is entirely reasonable and normal. You can tut tut, and say that from your point of view there's no difference between entering your Amazon password and enabling one-click purchases on a laptop left in an airport with a yellow sticky that says "FREE INTERWEBS ACCESS HERE HONEST!!", and entering your Netflix password on a branded Roku box owned by a friend, watching a movie with him, and then logging out afterwards to prevent any accidents. But actually, no, they're not the same situation.

One of the downsides of computing is that when it comes to "security" or a whole host of other processes, some people design "solutions" for a specific set of cases and then decide that those cases are the only ones in existance, because it's easier to pretend they are than to actually produce something that solves the other problems. From anti-spam "solutions" to password portals, we're still trying to grasp the fact that these solutions don't work. At the end of the day, developers have seen the "bug between chair and keyboard" make so many problems, they forget that it's still the case the person they're hobbling is the person that's trying to get shit done. Design an impractical security system, and you're making things less secure, because you've just wasted time - yours and the user's - building something that'll never get used.

This is why I hate password managers as a security device. As a convenience, so I don't have to type "squiggleslashamazonAAA" every time I log into Amazon? Sure. As a security system, so nobody - not even me - will ever figure out my password is "09F911029D74E35BD84156C5635688C0"? Fuck no.

Re:Many passwords just don't matter.

[LWATCDR]

Email is important because you use that for password recovery. I have a special email account that use just for password recovery.
I also use Lastpass to keep passwords but some like Slashdot I use a password I made up that I keep in my head as well as in Lastpass.

Re:Many passwords just don't matter.

[nine-times]

there are no good password managers.

Yes, that was what I was pointing out.

Re:Many passwords just don't matter.

The thing is, with a good password manager, there's no reason to have a weak password, even for the sites that you aren't worried about.

The problem with a password manager (both software and hardware) is you are taking the selling companies word that it is reasonably secure. By definition such a password manager is NOT secure if designed and build in the United States, China, Russia, Europe, Arab nations, or just about any other place on Earth with oppressive totalitarian forms of government that "must know" what you are thinking and doing 24/7.

With Google's interest in your personal information business model, would you trust one built by them?

Re:Many passwords just don't matter.

[jpvlsmv]

Print your password in Barcode3of9 font and tattoo that on your hand (or stick the printout in your wallet if there's a password change policy) When you want to "log in" to the scanner, just blip, and you're in.

Re:Many passwords just don't matter.

[praxis]

there are no good password managers.

Yes, that was what I was pointing out.

For your set of requirements yes. Many people are okay with carrying a trusted device. For that scenario, which is quite common, there are good password managers.

Re:Many passwords just don't matter.

[nine-times]

There are plenty of scenarios for which a password manager is helpful. However, as long as there are also a lot of scenarios for which password managers are inconvenient, password managers cannot replace memorable passwords.

Re:Many passwords just don't matter.

[praxis]

I don't have the memory bandwidth to memorize a hundred unique passwords. I memorize four or five passwords (my email, my bank, my work, my home and my password manager). For everything else (my Slashdot, my wifi, etc) I use a password manager. Given that most websites uses email password resets just remembering my email password means I can log into almost anywhere from anywhere with a network connection.

Yes, very few tools are stellar in every scenario. That's why I use the tool for the less-critical scenarios and remember the critical ones. Even if I were to forget my password manager password and lose access to my password manager permanently, I can recreate those 100 passwords given some time.

Re:Many passwords just don't matter.

[nine-times]

I don't have the memory bandwidth to memorize a hundred unique passwords. I memorize four or five passwords (my email, my bank, my work, my home and my password manager). For everything else (my Slashdot, my wifi, etc) I use a password manager.

Great. As I said, "There are plenty of scenarios for which a password manager is helpful." Good for you for finding some. It's still not a real solution to the problem.

Re:Many passwords just don't matter.

[praxis]

I don't have the memory bandwidth to memorize a hundred unique passwords. I memorize four or five passwords (my email, my bank, my work, my home and my password manager). For everything else (my Slashdot, my wifi, etc) I use a password manager.

Great. As I said, "There are plenty of scenarios for which a password manager is helpful." Good for you for finding some. It's still not a real solution to the problem.

No one said it was an ideal solution, but it is a valuable component of a good solution.

Re:Many passwords just don't matter.

[nine-times]

It's a hack to get around with the fact that things are built in a stupid way. If you came up with a real solution, a password manager would probably be useless, or at least redundant.

Re:Many passwords just don't matter.

[praxis]

It's a hack to get around with the fact that things are built in a stupid way. If you came up with a real solution, a password manager would probably be useless, or at least redundant.

There are better solutions of course. They are not yet widely implemented. I'm sure glad that we've had internal combustion engine automobiles as an imperfect tool before we adopt whatever better technology we adopt in the future. Just like I am glad we have password managers today before we move to whatever better authentication technology we adopt be they certificates or whatever else. I will gladly dump an antiquated tool then. Until then, they're not really antiquated.

Re:Many passwords just don't matter.

[Agent0013]

Which is one reason to have passwords that you can remember. Duh, I would say this is pretty simple to understand!

Re:Many passwords just don't matter.

[nine-times]

Again, like I said, "It's a hack to get around with the fact that things are built in a stupid way. If you came up with a real solution, a password manager would probably be useless, or at least redundant." It's not the internal combustion engine. Is ASCII art while we wait for someone to develop a real image format. It's not useless, and it's even a bit clever, but it is at least a little silly and stupid. Even if you took the concept of a password manager, it should instead be a certificate manager, and we should be using PKE for authentication rather than passwords. That would only raise the question, "Do I really need a separate cert for every site?" and the answer would of course be "no".

Re:Many passwords just don't matter.

[cwsumner]

So who else has the keys to your password manager? And how do you know?
That's why they are not used more...

Re:Many passwords just don't matter.

[Bent+Spoke]

If important websites all used a captcha with login, it would make brute force attacks more difficult.

Password managers are fine, but if compromised they have access to everything! We've probably reached the point where everyone should have two personas, represented by 2 email addresses, a real one and a disposable one. For sites that insist you have an email (like facebook, linkedin, etc) can use the disposable one and feel good about never reading mail sent to it. The real email is used for banking, amazon, etc. This pretty much also means using a browser with a second profile so your passwords are firewalled.

Strong passwords, yes ...

[CaptainDork]

... and multiple-step authentication, as well.

And, for secret questions, sites should warn to lie, lie, lie (but remember).

Until these steps have been completed according to best practice, the user should not be allowed to progress any further.

Re:Strong passwords, yes ...

The secret answers are often stored in plain text on their servers, which become the weakest link. I wish it were possible to tell websites:
- do not set up security questions. I will not forget my password
- do not ever send an email with a code to reset my password, email is not secure
- do not block me if my computer is not "recognized".
I know websites try to be helpful with all these features, but I'd rather handle password security myself.

Re:Strong passwords, yes ...

[jfengel]

I find the whole notion of "secret questions" baffling. It's generally stuff that can be looked up. That reduces the security on the account, with the bonus that it has a chance of locking me out if I can't remember precisely the capitalization or punctuation I used, or which of my pets was my favorite.

Re:Strong passwords, yes ...

[CaptainDork]

One-word answers are acceptable ... and recall that I said, "lie?"

Re:Strong passwords, yes ...

[gewalker]

Perhaps secret question passwords can be improved by simply renaming as "backdoor password" or suchlike and include some explanatory text for how it would be used.

Re:Strong passwords, yes ...

I find the whole notion of "secret questions" baffling. It's generally stuff that can be looked up. That reduces the security on the account, with the bonus that it has a chance of locking me out if I can't remember precisely the capitalization or punctuation I used, or which of my pets was my favorite.

Don't use real answers.
1. What is your mother's maiden name? --- automobile
2. What is the name of your first pet? --- automobile
3. In what city were you born? --- automobile

Re:Strong passwords, yes ...

[Cro+Magnon]

But it's harder to remember a lie than the truth, especially since you don't use the "secret questions" often (unless you forget your pw a lot). Now which street did I claim to grow up on?

Re:Strong passwords, yes ...

[CaptainDork]

1600 Pennsylvania Avenue?

Wrong

[StripedCow]

1) Choosing a password should be something you do very infrequently

Wrong. Once your password is compromised (e.g. by use of a keylogger or otherwise), hackers can use it over and over again.
It is much better to use One-Time-Passwords (OTPs) such as the ones generated by two-factor authentication systems.

Re:Wrong

[CaptainJeff]

There's a subtle difference here.
It is absolutely better to use One Time Passwords (like most 2-factor auth solutions these days with a random number either generated by an app or token or something or supplied to you via an out-of-band channel like an SMS message).
It is not better to choose One Time Passwords, as the user experience hit is horrible and can you imagine the horrible passwords one would come up with if they needed to come up with a new one on every login action?.

Basically, users are bad at choosing/creating passwords. And passwords get compromised. So, the best solution (that we currently have, anyway) is to have the user pick one really good (hard to guess) password and then to also use a One Time Password (2FA).

Re:Wrong

No way. The _best_ solution is to use public key cryptography on a secure token.

One Time Password schemes are relatively insecure because the server must keep an unencrypted copy of a shared secret. And unless they're using a Hardware Security Module (e.g. YubiHSM, which is $500), once that secret is stolen the security of your OTP token is fatally compromised.

With a secure public key cryptographic token, the secret exists on only one device, the token. I use a Yubikey NEO for SSH via gpg-agent, which has built-in USB support for PGP hardware tokens--no fiddling with OpenSC or other software, which makes it almost foolproof. (See http://25thandclement.com/~william/YubiKey_NEO.html) As a bonus, I can use the same token on all machines I SSH into, just by dropping the public key into .ssh/authority_keys. No need to use one token per server or to maintain a centralized authentication agent.

My ideal system is a public key token with a user-entered PIN and either a) physical button for each signature or b) a second One Time PIN which the token prints on an LCD display. The problem with a regular PIN is that once an attacker knows your PIN, he can use your token whenever it's plugged in, and you'll probably never know it, especially if you use it regularly. If you use it regularly, it would be impractical to pay attention to the number of signature operations being performed (my token might do a hundred+ signatures per day). With a or b, such an attacker must be physically present. Sure, ultimately he could just steal my token, but then I would know it!

Who is saying that?

It's not Bruce Schneier, so it's not serious!

Bruce Schneier slashdotted slashdot.

What about inability to use password managers

Some of us (perhaps we are quite the exception) work in environments where we are not allowed to have personal electronic devices. For people like us, password managers simply are not an option.

Re:What about inability to use password managers

I believe you may be confusing the two...

Password manager One-time Password (Multi-factor auth)

If you are using a web-based password manager (like Lastpass) and IE8 (shudder), then you can simply log into your account and copy-paste all of your passwords. If you have access to Chrome/Fire Fox, even better: The plug-ins don't require admin privileges (none that I've seen anyway).

Re:What about inability to use password managers

For some reason I can't post as my login...

I meant to say:

I believe you may be confusing the two...

Password manager != One-time Password (Multi-factor auth)

If you are using a web-based password manager (like Lastpass) and IE8 (shudder), then you can simply log into your account and copy-paste all of your passwords. If you have access to Chrome/Fire Fox, even better: The plug-ins don't require admin privileges (none that I've seen anyway).

1) Choosing a password should be something you do

But this is out of your control in most cases. When you are forced to change it every 60 or 90 days, how does the rest of the argument hold up? (Of course I didn't RTFA to find out, this is Slashdot)

Not contradictory

1) The frequence of choosing a password is not within the end-user's control, and hence has no impact on whether or not the end-user chooses to include special characters vs several simple words.

2) Protecting against a brute force attack does not, in any way, break protection against "informed statistical" attacks.

3) End-users do not typically know how many other people have chosen that same password, but can protect themselves against accidentally choosing a common password by doing exactly what the XKCD comic recommends (picking four random words and juxtaposing them). Just don't use the specific password chosen in the comic.

4) Disallowing common passwords is not within the end-user's control. It is a good practice, but does not in any way change the password-selection logic that end users should use as per the XKCD comic.

The only contradictory point mentioned is the "change password strength meters", which might mean "require special characters and numbers," which is exactly what the comic demonstrates to offer no value. The intent here seems to be the avoidance of common passwords, and that can be done without forcing special characters, which makes passwords hard to memorize.

Re:Not contradictory

[sexconker]

1) The frequence of choosing a password is not within the end-user's control, and hence has no impact on whether or not the end-user chooses to include special characters vs several simple words.

The vast majority of passwords and resets are controlled by the user. Websites do not often force people to reset passwords. In a corporate environment people will be forced to change passwords more frequently, sure. But email, 20 social networking sites, shopping sites, and even banks will typically not force a reset unless they've been compromised.

2) Protecting against a brute force attack does not, in any way, break protection against "informed statistical" attacks.

XKCD's shitty advice is protecting against brute force attacks by using length (even though in many cases the effective length is still limited to something stupid like 16 characters). By following XKCD's shitty advice, you open yourself up to statistical attacks - your search space is just a combination of a few words. People generally only use a few thousand words, and when you want them to be random about it they'll likely pick common ones, fairly short ones, mostly nouns, etc.

3) End-users do not typically know how many other people have chosen that same password, but can protect themselves against accidentally choosing a common password by doing exactly what the XKCD comic recommends (picking four random words and juxtaposing them). Just don't use the specific password chosen in the comic.

Humans are terrible at being random. Any magician, con-artist, or statistician will tell you that. The most commonly-picked "random" cards are the ace of spades and the queen of hearts, for example. The 4 "random" words scenario will give you a search space many orders of magnitude smaller than a good, traditional password.

4) Disallowing common passwords is not within the end-user's control. It is a good practice, but does not in any way change the password-selection logic that end users should use as per the XKCD comic.

The only contradictory point mentioned is the "change password strength meters", which might mean "require special characters and numbers," which is exactly what the comic demonstrates to offer no value. The intent here seems to be the avoidance of common passwords, and that can be done without forcing special characters, which makes passwords hard to memorize.

Disallowing common passwords is within the user's control. Don't use a fucking password you've heard of before. If your password manager, or a site, tells you that the password is shitty, maybe don't use it.
The XKCD comic is fucking wrong. Symbols, numbers, and capitalization, all increase the search space exponentially. Special characters do not make passwords harder to memorize. I find they make it easier. They provide a cadence in may of the passwords I use. Instead of just a slurry of letters, a password with digits or symbols is less likely to get twisted about in someone's mind. alhysuidopmnah will be subject to transposition on shit like the ui, mn. alhys5idop#nah doesn't have that problem, and is much easier to compartmentalize (alhys5 idop# nah). This may or may not be true for all users for fixed length (and it certainly depends on the specific password itself). Beyond that, for passwords of a given strength those with symbols and shit will be easier to memorize than those without, if only because they'll be much shorter.

Re:Not contradictory

Why in the world wouldn't you lock-out an account after 10 failed attempts? In the modern day, nearly all sites do this, and it makes dictionary attacks completely moot.

Password memorability is important for the average user. For geeks who have the interest and means to hold themselves to a higher standard, many options are available. For ordinary people, simpler is better.

Password re-use is the biggest security mistake that people make, and forcing special characters doesn't protect against that. If anything, it makes it worse, by making the passwords harder to memorize you increase the incentive to re-use fewer passwords.

Re:Not contradictory

The XKCD comic is fucking wrong. Symbols, numbers, and capitalization, all increase the search space exponentially.

Are you a complete idiot? The number of possible strings of length 'n' in an alphabet with 'a' symbols is a^n. This is polynomial in 'a', and exponential in 'n'. Fuckwit.

Re: Not contradictory

Lockouts don't help when hackers break into the website and steal the password database.

Re: Not contradictory

Not all that helpful if I've got a couple-hundred-thousand-strong botnet on my side ...

Re:Not contradictory

[catprog]

XKCD's shitty advice is protecting against brute force attacks by using length (even though in many cases the effective length is still limited to something stupid like 16 characters). By following XKCD's shitty advice, you open yourself up to statistical attacks - your search space is just a combination of a few words. People generally only use a few thousand words, and when you want them to be random about it they'll likely pick common ones, fairly short ones, mostly nouns, etc.

4 words from a list of 1000 words = 10^12 possible passwords

10,000 uncommon words, 4 symbol replacements on average , 2 digits of numbers , numbers at the start or end. capital/non capital at the start.

10,000 * 16 * 2 * 2 * 2 = 1.28 * 10^7.

A lot less passwords.

Any other ways you can think of to increase the passwords complexity?

Humans are terrible at being random. Any magician, con-artist, or statistician will tell you that. The most commonly-picked "random" cards are the ace of spades and the queen of hearts, for example. The 4 "random" words scenario will give you a search space many orders of magnitude smaller than a good, traditional password.

That is why you need a randomizer to pick the words rather then you picking them.

Re:Not contradictory

[catprog]

Sorry the calculation should be
10,000 * 16 * 100 * 2 * 2 = 6.4 * 10^8

Every time XKCD 936 is Mentioned

[Matt+Steelblade]

Just because the author asserts that the password system is broken doesn't make Randall Munroe's point about passwords incorrect. "At least one security researcher rejects that theory." What theory does he reject? It's simple math that shows that Munroe's method is better for creating stronger passwords (at least for the average user), but that has nothing to do with relying on password managers...

Re:Every time XKCD 936 is Mentioned

[Dadoo]

Just because the author asserts that the password system is broken doesn't make Randall Munroe's point about passwords incorrect.

That was the first thing I thought of, but I still thought the author made a few good points - especially the part about wanting to get rid of passwords, entirely - and I wanted to see what other Slashdotters thought.

Re:Every time XKCD 936 is Mentioned

[K.+S.+Kyosuke]

I think that the author of that "rebuttal" completely missed the point of Munroe's idea:

What is there to prevent “letmeinfacebook” from being the new most common four word password for Facebook accounts?

To me, it always seemed that Munroe's method was designed for (already security-conscious) people who want a secure password, and to be more specific, who want the most secure password with the minimum memory load necessary. That seems like a completely different issue from what he's addressing. Plus, I have yet to see an OS or device login that allows you to use a password manager. :-p That alone creates a market for password schemes that allow you to remember the password in your head.

Re:Every time XKCD 936 is Mentioned

[suutar]

What he's rejecting appears to be user-selected passwords (which really are pretty crappy on average), which is not what XKCD was talking about (it advocated, as I recall, random selection of each of the 4 words).

Where he goes from it, however, is not the randomly selected passphrase of XKCD but directly to key managers, and eventually to two-factor auth.

Re:Every time XKCD 936 is Mentioned

[stiebing.ja]

"Choosing a password should be something you do very infrequently" ?!
Pardon me?
Any stinky little site needs passwords for any senseless actions – and if you do not want to have a single-login-plz-hack-me account on the big central login sites, *and* you do not want to have all your passwords hacked at the same time in your password "safe" – what else would you do, instead of making a good private rule how to back-calculate your password from site names or whatever.

This security researcher cited will search much longer until a bit of security will be found by him

Re:Every time XKCD 936 is Mentioned

[Cid+Highwind]

The average user isn't going to have (or be able to write) a secure random word selector. He's going to look at the "new password" field and think up 4 words, and they're almost certain to be related somehow.

Re:Every time XKCD 936 is Mentioned

[Vellmont]

  What theory does he reject? It's simple math that shows that Munroe's method is better for creating stronger passwords (at least for the average user)

The theory he rejects is the hidden assumption that people will actually pick random words. You've also missed that hidden assumption, and focused on the math. I tend to agree with the security researcher above that the assumption is wrong, and people won't pick random words for passwords.

Most people have a bank account and an ATM card. The ATM card has only a 4 digit pin on it. That's only 10,000 possibilities, or about 13 bits of entropy. Since most people choose dates (birthdays, anniversaries), there's really only about 400 possibilities for the average person. But yet you don't hear about mass amount of fraud when people are robbed from ATMs. Why? Because to withdraw the money, you need two things in your posession. The card, and the pin. If you get the card, you also get a small number of tries on the card before it's locked. Even at 1/400 per try it's unlikely you'll be robbed with 3 guesses.

  The larger problem is that "security people" tend to think entirely different than most everyone else, and just assume people act like them. They don't, and no amount of education or pleading will change that. So if you want real security on the web, it's time to ditch passwords as the sole means of authenticating people. You can't change human nature, and that's the root of the problem.

Re:Every time XKCD 936 is Mentioned

Posting AC to spend a few mod points, but this point here is simply broken. "especially the part about wanting to get rid of passwords, entirely" Everything, and that means "EVERYTHING!" has a vulnerability. Biometric data has been spoofed already, so if the use of biometrics balloons so will the spoofing. A company holding your biometric data is _more_ vulnerable than you as a person are, as well as a bigger target than you are. They are not your data, they are simply holding a selective partial copy of the data.

I teach people how to use various forms of password creation, and amazingly "most" people can grasp and create strong passwords with minimal training. The problem is convincing people that they need them, but once you can demonstrate the "need" people can and do learn. (There are some rockheads as exceptions, but they would be hopeless even with a password manager).

Why you would want to get rid of passwords is simply astounding to me. This is something I know, I control, and nobody else has a copy of it. I obviously have to worry about logging in to someone else's computer running a keylogger, so I don't. Giving up this powerful method of control is wrong! The NSA won't keep it safe, and quite frankly the people touting "time to end passwords" are the same people that want to hoover up all of your data and give big companies a pass when they fuck up and lose all your money. No thanks man!

Re:Every time XKCD 936 is Mentioned

[jfengel]

That's correct, and I'd really like to see somebody actually test Munroe's theory. I don't think that "correct horse battery staple" is any more memorable than any other password with an equivalent entropy. It's easy to remember that one because it's that-ONE. If you have a different password at each of hundreds of sites, it seems to me you won't do any better at remember which combination goes with this site. There will be hundreds of words running around in your head.

The visual might help you keep the set of 4 of them together, but will you really be able to remember which ones you used when you established that password months or even years ago? Perhaps if you modify the technique to incorporate the site that the password goes to...

It seems like something that should be testable. Are CHBS-based passwords any more memorable than any other technique? They are more brute-force resistant than shorter passwords, but if web sites are allowing brute-force attacks then something is deeply wrong to start with. That's what this article is about: CHBS generates great passwords but it may not be solving the right problem.

Re:Every time XKCD 936 is Mentioned

[suutar]

True, and definitely an important point. Building such a generator into a key manager doesn't seem like it should be too difficult, however. Building one as a web service seems even easier (except of course for paying for the hosting :)

Re:Every time XKCD 936 is Mentioned

It absolutely does, because Munroe has no idea what he's talking about. He isn't qualified to work in any technical field. And no, the "math" doesn't show that Munroe's method is better because math has nothing to do with it. Munroe is incredibly stupid and arrogant and the real problem is that you've got thousands of people that take whatever nonsense he spouts as gospel without thinking for themselves.

Those are the facts.

Re:Every time XKCD 936 is Mentioned

[QRDeNameland]

Just because the author asserts that the password system is broken doesn't make Randall Munroe's point about passwords incorrect. "At least one security researcher rejects that theory." What theory does he reject? It's simple math that shows that Munroe's method is better for creating stronger passwords (at least for the average user), but that has nothing to do with relying on password managers...

In addition, he seems to miss a rather key point about the xkcd method. He goes on about "users should not be choosing passwords" (which is correct), but note that the xkcd comic says 'four random common words'. In other words, in order to follow this method, the user would not be arbitrarily choosing a password but having it generated instead, by for instance using the Diceware method. The core idea is that a human being can much more easily memorize a randomly generated 4-5 word passphrase, as evidenced by the fact that we all seem to remember 'correct horse battery staple'. Yes, password managers are a great tool to handle the ever-growing array of passwords we must manage in our digital lives, but that doesn't preclude the idea that for those 5% of passwords he concedes must be memorized that Munroe's method is not a superior method in those cases, especially since he seems to fundamentally misunderstand it.

Re:Every time XKCD 936 is Mentioned

[Shados]

correct horse battery staple may not be all that memorable...
but let say: "I've been married since 1995!!!" or "Man, I fucking love lamb curry~" are pretty easy to remember, and assuming everyone cares about different things, will be pretty darn hard to snatch. Go ahead and dictionary attack it all you want.

The problem with the hundreds of site is the big one. No matter what, even if my password is just 1 dictionary word, I'll never be able to remember it for each site. The closest thing you can do is have an algorithm that defers the password from the site's name or url or something, but thats not practical for the average Joe, and the variety of password rules for each site means it won't really work for all of them, then you have to remember the exceptions...

Re:Every time XKCD 936 is Mentioned

[QRDeNameland]

The average user isn't going to have (or be able to write) a secure random word selector. He's going to look at the "new password" field and think up 4 words, and they're almost certain to be related somehow.

The Diceware method can be done with a downloaded word list file and some dice. If, as the article suggests, one is only using memorizable passwords where absolutely necessary, this method is neither burdensome nor difficult for even the most 'average' of users.

Re:Every time XKCD 936 is Mentioned

[phantomfive]

Just because the author asserts that the password system is broken doesn't make Randall Munroe's point about passwords incorrect. "At least one security researcher rejects that theory." What theory does he reject?

His point is that bits of entropy doesn't really matter, because unless the hacker gets the password hashes, he's not going to be able to brute-force the password by attempting to log in over and over and over. This is probably true.

The main thing attackers do is try to find the usernames, and try a few of the most common passwords on each username. If they try X number of usernames, then ~3% of those usernames will have 10 of the most common passwords.

His solution is to suggest to everyone to use a generated password (or even an ssl public key), because if it is required for everyone to do that, then the problem of a small percentage of users all using the 10 most common passwords will go away.

Re:Every time XKCD 936 is Mentioned

[wiredlogic]

It would be nice if site operators would adopt entropy measurement as a way to force strong passwords rather than imposing some arbitrary minimum number of caps, digits, or punctuation. It's even more irritating when you get a braindead one that rejects a perfectly good password because it has some character they foolishly decided not to support. There's nothing weak about a 40-char password all in lowercase. Nobody will have its hashes in a rainbow table and the crackers will go for the low hanging fruit with all the Princess1 accounts.

Re:Every time XKCD 936 is Mentioned

"t's simple math that shows that Munroe's method is better"
Munroe didn't consider the fact that words can be treated as a letter in a larger alphabet (dictionary)
Such a dictionary doesn't have to be very large to have a high hit rate for common words.

This would make quite a dint in some of the assumptions in that xkcd comic.

Re:Every time XKCD 936 is Mentioned

[jez9999]

Weirly, I was thinking about that comic entry just a couple of days ago. "It's simple math that shows that Munroe's method is better for creating stronger password" - is it, though? What about dictionary attacks? Attackers could just join 3 or 4 English words together in an attempt to brute force such passwords. This drastically reduces that kind of "passphrase"'s entropy.

Re:Every time XKCD 936 is Mentioned

[Immerman]

Not really, the question for a brute force attack is how many possible combinations are there to try. The XKCD calculation indicates 44 bits of entropy, or 11 bits of entropy per word, suggesting that they are randomly selected from a short list of only 2048 words. Still, 44 bits of entropy is 2^44=1.759e13 = over 17 trillion possible combinations to be tested.

Now assuming you instead use a completely random gibberish password using case sensitive letters, plus numbers and punctuation you've got a list of about 100 characters to choose from, or 6.5 bits per character, so you only need about 7 characters to get a similar complexity password - but that's 7 characters of completely random gibberish with no sort of mneumonics allowed, and is going to be considerably more difficult to remember. Use a mangled word and the entropy drops dramatically - his example uses ten characters to get only about 28 bits of entropy, meaning only 270 million possible combinations, or 65536x faster to brute force, on average.

Re:Every time XKCD 936 is Mentioned

[Matt+Steelblade]

Weirly, I was thinking about that comic entry just a couple of days ago. "It's simple math that shows that Munroe's method is better for creating stronger password" - is it, though? What about dictionary attacks? Attackers could just join 3 or 4 English words together in an attempt to brute force such passwords. This drastically reduces that kind of "passphrase"'s entropy.

Let's assume that we have a dictionary of 15,000 common English words (a very reasonable assumption (examples found from Wiktionary's frequency list in the 14,000's are: zebra, tightly, and curves), though obviously more would give us better entropy). Let us also assume worse possible situations, they know our list of words, and they know we use four together (though we securely randomly pick them). Absolute worse case in this instance would be 15,000 x 15,000 x 15,000 x 15,000 = 50,625,000,000,000,000 possible combinations. Assuming that the attacker could hash a billion passwords a second, they would have a 50% of correctly guessing the password in approximately 293 days. Raise the size of the dictionary to 20,000 (now we have words like fairest, teapot, and haircuts) with the same conditions and you're looking at 2 and a half years for a 50% chance. Munroe's method still stands.

Re:Every time XKCD 936 is Mentioned

[david_thornley]

It really depends on who wants in, how much time they've got, and how determined they are. If somebody's just looking for a login password, you don't need a strong one, just stronger than most other users on the site. If the NSA is out to get you personally, and is willing to devote lots of their resources over the next twenty years to breaking into your Slashdot account, that's another threat entirely.

Re:Every time XKCD 936 is Mentioned

[phantomfive]

If the NSA is out to get you personally, and is willing to devote lots of their resources over the next twenty years to breaking into your Slashdot account, that's another threat entirely.

Passwords won't stop that. Right now there's basically no way to prevent that.

symbols, caps, numbers

symbols, caps and numbers are still very useful when the site limits password length.

Re:symbols, caps, numbers

[Archangel+Michael]

Short Passwords lengths ARE useful, to learn how to avoid bad websites!

Sites that limit password lengths are also skimping on other security.

Re: symbols, caps, numbers

[hsmith]

Oh, you mean they store the password in plain text? That is the easiest give away there are poor security practices - password max lengths. Once hashed passwords all have the same length, so avoid those sites like the plague.

Re:symbols, caps, numbers

[unfortunateson]

> symbols, caps and numbers are still very useful when the site limits password length.
I disagree: Insist that there must be a cap, and it will be the initial letter in >90% of the cases.
Insist that it have numbers, and they'll either be trailing (often the year, especially if you require two digits)
Insist that it be symbols, and you'll probably find a period or comma at the end (the only symbols commonly available on the first smartphone keyboard screen).

So, now I've changed the two digits to one out of ten, and instead of a random character out of the 70 or so common ASCII characters, I'm probably starting with just one of the uppercase letters.

At one point when I was a system administrator and we only required 6-digit passwords changed every 90 days, I could log in to 3/4 of the computers with "spring", "summer", "autumn" or "winter". When we beefed up to 8 digits with numbers, it would be "spring95", "autumn96" etc.

You've got to make it more random: Pick a phrase, a song lyric, a movie quote. Change a word or two. Make some letters just the initials, a word all in caps, a number substitution: "You light up my life" -> "uL1GHT^ml". That's unlikely to be in a cracker dictionary (until today, of course).

Re:symbols, caps, numbers

[nine-times]

Yeah, I try to make this point all the time. I run into IT people and companies whose idea of a "strong password" is something like: have 8 characters, one capital letter, one number, and one symbol/punctuation-mark, and rotated every few months without repeating for the past 5 passwords.

You know what people do? They rotate through the following passwords: Password1!, Password2!, Password3!, Password4!, Password5!

Actually, if you think about it, standardizing on those kinds of requirements is kind of dumb, since it limits the combinations of different passwords people can use. If an attacker knows these requirements, and wants to attempt a brute-force attack, he start by ruling out anything with fewer than 8 characters, and any combination lacking in symbols, capital letters, etc. Now, that doesn't cut out that many possible combinations, but you can start by ruling out short words, assume that the first letter will be capital, assume that the numbers will be at the end, and there's a good chance the whole thing ends in an exclamation mark. I've seen a lot of passwords, and it's always an exclamation mark at the end.

And then there's always someone who pops up with the clever advice of substituting symbols for letters. "The password 'password' is completely insecure. Instead, use 'P@ssw0rd!'. Hackers can't guess your password if it has symbols, numbers, and punctuation!" Ummm... no. those kinds of substitutions have been included in dictionary attacks for a long time now. "P@ssw0rd!" is not a strong password.

The "correcthorsebatterystaple" is actually pretty good advice at this point, all things considered.

Re:symbols, caps, numbers

Like my bank, which has to keep the answers to my security questions in plain text. Otherwise, the last time I got locked out, I would not have had the rep say, "Alright, now what is your mother's maide.... Good lord." The answer, by the way, was Mrs. Farty Pants.

Re: symbols, caps, numbers

[rasmusbr]

They probably have a client-side script that makes it hard to submit a long password.

Those of you who think that there mustn't be a limit to the size, consider what happens when some joker opens a text editor, types a word and then does this repeatedly a few times:

Ctrl-A, Ctrl-C, Arrow key down, Ctrl-v

Re:symbols, caps, numbers

[FatdogHaiku]

The only reason they started with 6 chars was so they could generate an error message:
"penis is too short"
when someone tried to use that for a password...

Re:symbols, caps, numbers

[turp182]

I like to concatenate song lyrics first letters.

My favorite password, which I can't take credit for was:
sdftr,ndtwtsotr!

Translates to:
Seasons don't fear the reaper, nether do the wind, the sun, or the rain.

Needs more cowbell!

Re: symbols, caps, numbers

[geminidomino]

It gets hashed down to 28-64 characters and written into the database?

Re:symbols, caps, numbers

[lgw]

If you need a string password, you've failed to provide two-factor auth.

If it's some stupid forum, I don't need a strong password anyhow. If it's something important, like my banking or brokerage, I have two-factor auth. Nowhere do I need a strong password.

Re:symbols, caps, numbers

[Zxern]

Sigh. You really expect people to remember a phrase that changes every 90 days?

Re: symbols, caps, numbers

[0x15e]

It's also a potential DOS for the server if a bunch of people start submitting preposterously long "passwords" anywhere they have a password box.

Re: symbols, caps, numbers

Shouldn't that be _Miss_ Farty Pants, being as it was her maiden name?

Re:symbols, caps, numbers

[war4peace]

One of my older passwords for important stuff was an Office 2000 key I learned by heart. 25 characters, letters mixed with numbers, not including dashes. If special characters were required, then I'd use dashes, otherwise not.
Save for VL keys, they were unique so the chances of someone guessing that were very, very slim.

And just for kicks I wrote a password manager which allowed you to use any key on the keyboard, including ctrl, shift, alt, caps lock, Win key, you name it. How about using ctrl, shift+num*, backspace, backspace, F1, Esc, Scroll Lock, Winkey as a password? :)
(the only problem was that if you fatfingered a key you would have to wait for the 10 second cool off and try again when prompted)
The application could also be configured to give you a "wrong password" result if you entered the right password, with a configurable delay during which you were expected to do nothing to go through. There was no visual feedback when pressing the keys, only sound.
But a regular user would be driven mad by such a login method, heh-heh.

There are many ways to make an environment secure password-wise. But Average Joe wants it quick and easy, so as long as people aren't educated, nothing would really be secure enough.

Re:symbols, caps, numbers

[Rei]

There are better routes than "Correct Horse Battery Staple".

Think about how memory champions memorize arbitrary data: yes, it's visual, but it's not random words stuck together like "Correct horse battery staple", it's a meaningful scene, something you could describe with a sentence. Now, of course, that's too bulky to make a password. But you can deal with that easily - the easiest way is just take the first letter of each word, an abbreviation / acronym password. For the first sentence in my post, depending on how you apply the rules you may get something like tabrtchbs or Tabrt"CHBS" or the like.

Now, obviously on an attacker can reduce the search space with statistical analysis of sentences, but overall sentences yield an extremely random password - moreso than "Correct Horse Battery Staple", it's much shorter, and it's easier to memorize. And if the security of such a standard approach isn't good enough, you can apply your own extra rules, such letter substitutions, arbitrarily inserted characters, change the order of the word or what letter you pick from each word, etc.

Re:symbols, caps, numbers

[reboot246]

How about my bank? Passwords are to be at least 8 characters (good), but I can use only uppercase and lowercase letters, numbers, but no symbols allowed (very bad). I hope for the best, but I'm worried all the time.

Re: symbols, caps, numbers

[brainboyz]

No more so than it would if you manually submitted a preposterously long value to any given HTTP post field.

Re:symbols, caps, numbers

You didn't mention sites for shopping - which usually have information on how to access your credit - such as Amazon, Apple, etc. They aren't stupid forums, but they aren't your banking either. Those often don't offer two-step authentication, so you need a strong password that is different from the PWs you use on any other sites.

Re:symbols, caps, numbers

[PraiseBob]

IT companies like Microsoft? You've just described the exact password policy that the largest software company in the world uses to enforce a "strong password", under the guises of best practices. I don't know why you blame the end user, when the manufacturer is the one perpetuating this system through documentation, training certifications, and the operating system itself.

But all that aside, those passwords are plenty good enough. Any system that allows an attacker to brute force passwords, especially online, has a design problem. It would take an idiot to build a system that allows 1000 password guesses per second without a timeout. Guess wrong 5 times, and you get locked out for 10 minutes, and a warning email sent. Suddenly you've increased the brute force time to thousands of years, and the target is aware. This is basic stuff, and just about any dictionary word is safe.

Ever increasing complexity is an unnecessary solution. Password breaches are not being done through brute force, there's no real reason to make brute force harder.

Re:symbols, caps, numbers

[lgw]

I rely on CC fraud protection for online shopping. Yes, it's important not to use your "stupid forum password" for shopping, or any game-related password for anything else, but none of those really need to be strong passwords. (I actually have one strong password - for my email, because I don't like their two-factor auth, but they do have one.)

Also, it's always worth poking around in an online merchant to see what someone can do with your account, and not use sites that suck. Amazon e.g. is great in when it asks you for your for the number from the back of the card, in that it won't ever show your full CC#, etc. Even big sites vary on this stuff - you'd think they'd all get it right, but some will let you add a new shipping address without proving you have the credit card. Just don't use such sites.

If the merchant does his job, you won't care much that someone got your password, as he can't use that to order stuff (though he could grief you in other ways, that's usually someone you know).

Re:symbols, caps, numbers

[DaTrueDave]

Not only that, but remember multiple different passwords like that, because some websites/databases don't allow the carat symbol.

I have over 20 different passwords for different sites at work. Some of them don't allow a password under 12 characters, some don't allow a password over 8 characters. Some don't allow a number or symbol in the first space. Some only allow 6 different symbols to be used. Some don't allow capital letters. Some require capital letters.

It's insane. It's not possible for my coworkers to remember them all, so they get written down, which certainly doesn't increase security. Many times people keep their passwords in their phones. Some write them down on paper and keep them in their wallet. Some folks leave them on notes in their cubicle.

Then, to top it off, some require the password to change every 30 days. Some every 60 days. Some every 90 days.

These insane attempts to force password security have actually destroyed it.

Re:symbols, caps, numbers

[minogully]

or the rain

This wouldn't work for me. I'd constantly be back and forth on whether I should use "or" or "nor".

Re:symbols, caps, numbers

You've swapped out one of the words in the original lyrics, which would help you resist a lyric attack, except that you picked a replacement with the same starting letter.

Seasons don't fear the reaper, nor do the wind, the sun, or the rain

Re: symbols, caps, numbers

[nabsltd]

It's also a potential DOS for the server if a bunch of people start submitting preposterously long "passwords" anywhere they have a password box.

Nobody's asking for sites to allow you to use your favorite novel as a password, but limiting to some insanely short value is not the right way to solve the problem.

Set a limit of 255 characters for the password, and you won't get any complaints about too short a limit while keeping the computing requirements for the hash creation reasonable.

Re: symbols, caps, numbers

The bank probably locks you out after just a couple bad guesses. It also probably does ip restrictions so that someone from China doesn't even get a chance to actually guess. Having a long password as a means of security is only needed if you don't limit someone's ability to guess.

Re:symbols, caps, numbers

[Barny]

And yet this exact 'verification' was a way to steal control of accounts a while back.

Basically, apple asked for the first four digits of your CC for secure verification, Amazon asked for the last four. Each were happy to give the four digits at the opposite end of your account and, worse, Amazon would let you add a new CC to your account, verify yourself with that credit card, then provide the other four digits of your other card. This was used, successfully, to attack a person's Icloud account. I am not sure about now, but I really hope both companies have changed their policies, particularly in regards to phone support and scripted replied to requests for control of accounts.

http://www.wired.com/2012/08/a...

Re:symbols, caps, numbers

[ultranova]

At one point when I was a system administrator and we only required 6-digit passwords changed every 90 days,

Why did you? Require the password to be changed periodically, I mean? The only thing it seems to accomplish is make sure the users will either pick weak passwords or resort to post-it notes.

Re:symbols, caps, numbers

[tompaulco]

Then some sites are extremely case sensitive, causing me to lock myself out when I didn't remember if I had capitalized the make and model of my first car. Of course, many of the questions are so vague that I have multiple possible responses to them and I can't remember which one I might have used when I set it up.

Re:symbols, caps, numbers

How about my bank?

You own a bank? You bastard! wtf do you care about pwords?!?

Re:symbols, caps, numbers

[tompaulco]

The Social Security Administration online services for business, which I and probably 90% of other businesses use once per year, has a password expiration policy of every 90 days. If you don't login in that period and change the password, you get locked out, requiring you to call and talk to an operator.

Re: symbols, caps, numbers

Spell it in your spoken syllables
Co rect horse bat ter ree sta pul
Cor ect horse bat tree stay pol
Ker rect horse bat ter ree stay pil

Now the spaces very with speech and the dictionary doesn't work for the words.

Re: symbols, caps, numbers

[omfgnosis]

If you think a client-side script is going to protect you from an unreasonably large HTTP request body, I really hope you aren't developing websites that I use.

Re:symbols, caps, numbers

IT companies like Microsoft? You've just described the exact password policy that the largest software company in the world uses to enforce a "strong password", under the guises of best practices.

Because Win* logins don't actually matter? Yeah, I don't understand it either. MS may, dunno.

Re:symbols, caps, numbers

[bondsbw]

Actually, if you think about it, standardizing on those kinds of requirements is kind of dumb, since it limits the combinations of different passwords people can use.

Agreed. Using a good password quality algorithm, and requiring a minimum level of strength, would be a much better tool than restricting input.

Re: symbols, caps, numbers

Shouldn't that be _Miss_ Farty Pants, being as it was her maiden name?

Maybe she remarried.

Re:symbols, caps, numbers

[omfgnosis]

it's much shorter, and it's easier to memorize

Well, it's shorter anyway. And only technically: it is shorter according to a unit of measurement that has almost no meaning to most people.

If I adopted your approach, until I develop muscle memory for entering the password—and promptly forget its origin and any mnemonic value it might have had—I would be trying to remember which permutation I used. Was it

There are better routes than "Correct Horse Battery Staple"
There is a better route than "Correct Horse Battery Staple"
There are better ways than "Correct Horse Battery Staple"
There is a better way than "Correct Horse Battery Staple"
This is a better approach than "Correct Horse Battery Staple"
This is a better approach than "Correct Horse Battery Staple"
What the fuck was my "Correct Horse Battery Staple" password anyway?
Fuck, now I'm locked out and I'll never remember the fucking password.
Fuck it, reset password back to password12.

The reason Correct Horse Battery Staple works is because, in terms of memory and recall, it's much much shorter. It's only four things.

Re:symbols, caps, numbers

The only reason they started with 6 chars was so they could generate an error message:
  "penis is too short"
when someone tried to use that for a password...

Which is why I always use "I'm hung like a horse!" for my pass phrase. Problem solved and so easy to remember.

Re:symbols, caps, numbers

[Altrag]

I don't know about their policies specifically, but its usually done so that if someone gets a hold of a password file and manages to break a few passwords, hopefully they'll have changed by the time the attacker tries to actually make use of them.

Of course these practices started way back before things like shadow password files and the such making it MUCH harder to obtain an entire password file without already having broken in anyway.

I don't know how much of an argument there still is for these kind of password rotations, especially when compared against the risk of a post-it note failure or a lost smartphone.

Re: symbols, caps, numbers

I use lyrics from ancient Roman poetry. A line of dactylic hexameter has decent entropy, and who is really going to dictionary attack that anyway? Bonus points for adopting medieval spellings.

Re:symbols, caps, numbers

Please show me a website where the passwords AREN'T case sensitive.

Re:symbols, caps, numbers

The point of adding symbols to the mix is to make it more costly for the attacker to brute force. The more potential characters you have to account for in your brute forcing (or in your rainbow table selection) the longer it takes or the more space you need for the larger rainbow tables. For rainbow tables specifically it limits the maximum size of passwords you can attack since making rainbow tables for full alphanumeric plus symbols takes a lot of space for anything over 7 characters.

Not to mention the fact that once you start salting your hashes the attacker can no longer use pre-made rainbow tables available on-line and with either have to generate their own with the correct salt (takes a huge amount of time) or they will just have to resort to the slow brute-forcing. Either way the more potential characters in the passwords the harder it becomes for the attacker, regardless of the actual password itself. If it has just one number, one upper case, one lowercase, and one symbol in it, you force the attacker to expand the character set for his attack and that slows things down considerably.

So if a website limits their passwords to 8 characters long and I had a choice between just alphanumeric and alphanumeric with symbols I'd rather have symbols. An 8 character long password with just numbers and uppercase/lowercase letters can be cracked with greater ease than a password that in addition to those includes symbols as well.

For the sake of password managers and those of us with good memories websites should allow up to 128 characters that include numbers, letters, and symbols. They should also put a minimum on the password length but what that value should be is up for debate. I'd say 8 characters minimum but some people wouldn't like that. I'd also like to blacklist the top 100 most common passwords.

Re:symbols, caps, numbers

[troon]

Aldermore: a bank!

They ask for e.g. first, third and fifth characters of a password that must be between eight and twelve alphanumeric characters, and the dropdowns to make the selection are lower case only.

This means they're storing the password unhashed, at best locally encrypted but decrypted to check the user login. Once past that, the second and final step of the login is to answer one of five questions as previously stored.

Re:symbols, caps, numbers

[fnj]

I disagree: Insist that there must be a cap, and it will be the initial letter in >90% of the cases.

So what? What stupid people do with their own security does not weaken my security. I don't throw the caps in at word breaks or syllable breaks. There is no law that says you have to be stupid.

I agree that password rules are for bozos. I don't use random caps, digits and symbols because some nazi tells me I have to. I use them because I care about security.

Re:symbols, caps, numbers

[goose-incarnated]

I don't know about their policies specifically, but its usually done so that if someone gets a hold of a password file and manages to break a few passwords, hopefully they'll have changed by the time the attacker tries to actually make use of them.

Which made sense 2 decades ago (or more): people had to break into your building to use your password. Nowadays someone just needs to have the password long enough to remotely install a keylogger (2 minutes, maybe?) so it doesn't buy you any security.

The problem with security is not the users, it's the sysads who don't actually know anything about security other than how to click in the correct place on the vendors product. The security is not thought through; even 12 seconds of reflection would tell you that forcing users to change their passwords on a consistent and predictable basis is going to result in consistent and predictable passwords.

Re:symbols, caps, numbers

[michelcolman]

I once tried to use a 20-character password for iCloud, using letters, numbers and other symbols. It was rejected because it did not contain a capital letter. Sigh... I just capitalized the first letter and all of a sudden it was considered to be a great password, much better than the first!

Once you go past a certain number of characters, the system shouldn't care about capital letters and such anymore. Just calculate the total entropy with the number of different kinds of symbols and the total number of characters.

The other extreme, my internet provider actually limits passwords to 8 characters (minimum 6, maximum 8) and only allows letters and numbers. When I complained, they said they would forward my suggestion but that this was considered good enough security. It still hasn't changed.

Another example of programmer stupidity, Interactive brokers has two factor authentication with a double sided key card containing 224 codes, each being three letter/number characters like "A4T". It asks for two of those codes, so you would obviously expect them to take one from each side of the card to avoid someone being able to log in with a photo of one side of the card. Nope, half the time the codes are on the same side, and you can cancel and try again until it asks for two codes on the side you want. Even worse, sometimes it asks for the same code twice. Really?! Please enter code #135 and code #135?

Re:symbols, caps, numbers

[locofungus]

They ask for e.g. first, third and fifth characters of a password that must be between eight and twelve alphanumeric characters, and the dropdowns to make the selection are lower case only.

This means they're storing the password unhashed, at best locally encrypted but decrypted to check the user login.

While I suspect that this is true, I don't think it has to be true.

Initialization:
Step 1 - user choses password.

Step 2 - generate hash in normal way and store it.

Step 3 - generate error correcting check digits such that the password can be recovered from any three characters in known positions. (any three characters in known positions must be both necessary and sufficient - designing such an ECC is left as an exercise)

Step 4 - store the check digits but throw away the password.

Login:
Step 1 - user enters three characters

Step 2 - error correct the password
e.g. __p_pp__+CCCCC -> PPpPppPP

Step 3 - hash the corrected password and test against stored hash.

Obviously this isn't very secure - it's susceptible to a brute force attack that only requires guessing (any) three digits correctly once an attacker has gained access to the hash and the check digits.

Re: symbols, caps, numbers

[rasmusbr]

Well, for starters it will protect your client side script from choking on an unreasonably large input.

I can't think of a legitimate reason why anyone would want to cut and paste a arbitrarily long texts into any form of any sort anywhere. There should always be an upper limit based on what the legitimate needs are.

Re: symbols, caps, numbers

[Hognoxious]

I can't think of a legitimate reason why anyone would want to cut and paste a arbitrarily long texts into any form of any sort anywhere.

Check out some of Bennet Haselton's articles on this site. Though it's debatable whether those can be counted as legitimate.

Re:symbols, caps, numbers

[Linsaran]

Sure, if you're attempting to brute force a live system that would be a basic security practice. But what about when an attacker has acquired your password hashes via some other method? It's not like you can stop them from plugging away at the hash over and over again until they get a match, and then use that match in the real world. Actually, it's probably faster to try and dictionary/brute force a hash table (even if it is salted) than to attack a live environment.

Re:symbols, caps, numbers

[tburkhol]

It's insane. It's not possible for my coworkers to remember them all, so they get written down, which certainly doesn't increase security. Many times people keep their passwords in their phones. Some write them down on paper and keep them in their wallet. Some folks leave them on notes in their cubicle.

The question whether this increases or reduces security depends on what kind of attack you expect. If you expect to be specifically targeted, by a human being that can gain access to your personal space in such a way as to read the notes on your keyboard or cubicle walls, then writing down passwords is Bad. Making a conspicuous display of user/pass combinations could certainly make you a specific 'target of opportunity.' But if your primary security concerns are compromise of some bank/website's database or scripted attacks on internet services, then it hardly matters if a physical representation of your password exists, and it really helps to have different codes.

I imagine that any decent system, once it finds a valid user/pass combination, promptly runs off and tries that everywhere: every bank, every ISP, every email service, every social networking site, every game server. Site-specific passwords will hugely reduce the damage due to a successful hack. Storing your user/pass combinations on a hackable device might not be the best solution, but for most of us semi-anonymous internet denizens, a system that a human would rapidly recognize may still defeat a script.

Re:symbols, caps, numbers

[AmiMoJo]

Lloyds does the same but also asks for a traditional password, which probably is hashed. The reason they ask for letters from a password stored in plain text is as a defence against keyloggers. In theory clicking with the mouse stops them working, although I usually use the keyboard and tab between boxes anyway.

Re:symbols, caps, numbers

[BVis]

It's not possible for my coworkers to remember them all

Yes it is, physically. They just don't want to.

so they get written down

Terminable offense. I bet once someone gets fired over it the rest will stop.

Many times people keep their passwords in their phones

IMHO keeping the passwords in a vault app on your phone is OK so long as the password to get into the vault is strong.

Then, to top it off, some require the password to change every 30 days. Some every 60 days. Some every 90 days.

Probably disparate systems that have different capabilities. Having to change your password every 30 days is probably the lower limit (but all passwords should expire after at most 60).

These insane attempts to force password security have actually destroyed it.

No, lazy users have destroyed password security. We've come to accept lazy users, IMHO we shouldn't. IT security is useless unless the policy has some teeth behind it.

Re:symbols, caps, numbers

[sFurbo]

> but overall sentences yield an extremely random password - moreso than "Correct Horse Battery Staple", it's much shorter, and it's easier to memorize. So you are saying that first remembering the sentence and then remembering how I abbreviated it is easier than only remembering the sentence?

Re:symbols, caps, numbers

[sFurbo]

all passwords should expire after at most 60

Why? How does this help with security?

Re:symbols, caps, numbers

[BVis]

Probably doesn't, but it reminds the users who the boss is where IT is concerned.

Re:symbols, caps, numbers

[nine-times]

For the first sentence in my post, depending on how you apply the rules you may get something like tabrtchbs or Tabrt"CHBS" or the like... it's much shorter, and it's easier to memorize. And if the security of such a standard approach isn't good enough, you can apply your own extra rules, such letter substitutions, arbitrarily inserted characters, change the order of the word or what letter you pick from each word, etc.

So you're saying that it's easier to memorize 'T@Br7"CH8S"' than 'correct horse battery staple'?

Re:symbols, caps, numbers

[troon]

Yes, and that's fine as an additional precaution, but not as pretty much the only one.

Re: symbols, caps, numbers

[DarkOx]

Okay so there should be some limit. Buffers need to be allocated etc. There is not good reason that limit needs to be so small it impacts humans. 10KB would be a preposterously long password but would no more expose a webserver and or database engine to a DOS than all of the other operations they necessarily allow already do.

Re:symbols, caps, numbers

[VGPowerlord]

Basically, apple asked for the first four digits of your CC for secure verification

First four is a security hole as a bunch of people from your bank will share them.

Re: symbols, caps, numbers

[aminorex]

The bigamy case against his mother may be able to use this information. Most bank records are readily available to law enforcement without a warrant.

Re: symbols, caps, numbers

[RavenLrD20k]

Ms. Miss. and Mrs. are all abbreviations for the same word: Mistress. So by pedantic technicality, no matter which abbreviation is used they all mean the exact same thing, so there's no real distinction between them.

And to the A/C child that stated "Maybe she remarried." Maiden always refers to the name a lady was born with, not any of the ones she took on through any number of subsequent marriages.

Re: symbols, caps, numbers

[master_kaos]

my one bank used to have a max password, and didn't allow any special characters either. Never understood why unless it was end up stored plain text in some mainframe fixed length field.

Re:symbols, caps, numbers

[master_kaos]

not only that, if you only visit the site once every 6 or 8 months or so, then you have to remember when you last used the site, and what was the phrase at that point in time (although this problem exists for any rotating password)

Pretty much the reason I use last pass, don't have to ever worry about it again.. yeah yeah 1 point of failure, whatever.

Re:symbols, caps, numbers

[Richy_T]

Best one: Favorite sports team. I don't care for sports so this has no valid answer. Whatever I picked, I don't remember it anymore.

Another great one: Favorite color. Minimum four letters. Guess red isn't a color then.

Re:symbols, caps, numbers

[jeffmeden]

And yet this exact 'verification' was a way to steal control of accounts a while back.

Basically, apple asked for the first four digits of your CC for secure verification, Amazon asked for the last four. Each were happy to give the four digits at the opposite end of your account and, worse, Amazon would let you add a new CC to your account, verify yourself with that credit card, then provide the other four digits of your other card. This was used, successfully, to attack a person's Icloud account. I am not sure about now, but I really hope both companies have changed their policies, particularly in regards to phone support and scripted replied to requests for control of accounts.

http://www.wired.com/2012/08/a...

Apple was doing something pretty stupid; the first six digits of a credit card number are assigned to the issuing bank so it would be pretty easy to guess ANYONEs first 4 digits if you have on hand a few big bank CC prefixes.

Re:symbols, caps, numbers

*pssst* don't tell nobody, but i have a system i use for the 90% of the non-critical web sites i visit...
(for critical ones, i use the random number/letters they require, and write them in my little black book; if that gets stolen, i'm screwed...)

(which gets to the ORIGINAL problem: having to set up 'accounts' with EVERY FUCKING two-bit web site you visit, if even only ONE TIME...)

i have a common prefix, let's say its 'J7', and a common suffix, say, 'r3', then when i go to, say, slashdot and log in, my password is 'J7slashdotr3'... i go to techdirt, and it is 'J7techdirtr3', etc... ALL i have to remember (mostly) is the 'J7' and 'r3', then add them on the 'name' of the site/company...
works for me...
(better than my wife, who uses the SAME PASSWORD for EVERY site, INCLUDING BANKS... yes, i know, but she's my wife, what can you do...)

Re:symbols, caps, numbers

[OneAhead]

Yup, and that's exactly why they keep these in plain text.

I have always questioned the wisdom of using these kind of security questions at all. If they are used as an extra factor in authentication, then there is some rationale to it, though there are far stronger multi-factor schemes. The real scary part is that a lot of places (fortunately not banks) allow users to reset their password with little more than a correct answer to a security question, which can often be found on Facebook etc...

Re:symbols, caps, numbers

[bluefoxlucid]

I use exclusively lower-case letters. No numbers, capitals, or symbols.

Good luck.

Re:symbols, caps, numbers

[bluefoxlucid]

Generating them is harder than remembering them.

Re:symbols, caps, numbers

[WorBlux]

I actually go by the advice in the article most of the time. I generate a 12-16 character password with a script that uses tr and reads from /dev/random.

Re:symbols, caps, numbers

[Rich0]

Sure, if you're attempting to brute force a live system that would be a basic security practice. But what about when an attacker has acquired your password hashes via some other method? It's not like you can stop them from plugging away at the hash over and over again until they get a match, and then use that match in the real world. Actually, it's probably faster to try and dictionary/brute force a hash table (even if it is salted) than to attack a live environment.

Yup. Having password expiration also doesn't help at all in these cases either. If they try "password27" and it fails, do you think they aren't going to try "password28"?

Re:symbols, caps, numbers

[Rich0]

I don't know about their policies specifically, but its usually done so that if someone gets a hold of a password file and manages to break a few passwords, hopefully they'll have changed by the time the attacker tries to actually make use of them.

They certainly will change them - to the next sequentially-numbered password. Everybody I've ever talked to about password aging says that they use an incremental number appended to the same password they've used for years.

Re:symbols, caps, numbers

[wwphx]

My previous bank (a regional chain), which I fired, had changed their online banking system. It told me to create a new password, which I did, and IIRC it was 12 characters long. I used the session in which I created it, then signed off. The next time I tried to access my account I couldn't, called their people for a reset, set my new password, used it, signed off, couldn't get in again.

Turned out that your password had to be between 8 and 10 characters long. It'd take 12, but it'd never be able to compare it correctly. Thus, my previous bank.

The other thing that caused me to seriously doubt their competence was when their system had crashed and I got an ODBC error telling me that their back end was in Paradox.

I will say one good thing about them, though. My wife's checking account is through them (she doesn't do online access) and last year we added my name to the account and I got a debit card through them. A few weeks ago we were in a nearby town and my debit card stopped working, it was fine two days prior and there was plenty of money in the account. My wife forgot her wallet, so we used my card. Fortunately I had my personal account's card with me from a different bank. Come to find out that they had preemptively cancelled a whole lot of cards because of the Home Depot breech and I had a new card waiting in my PO box. Unfortunately they didn't notify me in advance. Double unfortunately I also use my card at Kmart's pharmacy for my wife's meds, so I expect another new card in the mail.

Re:symbols, caps, numbers

[rthille]

Divorce? That worked for me... :-)

Re:symbols, caps, numbers

[Rei]

Bad analogy. You're applying rules to make my version more complicated, you should apply rules to make yours more complicated also. So it's no longer "correct horse battery staple", it's "c@553kt!H0rS3;8ATT3Ry^5Ta7E". And damn well yes the former is easier to memorize.

Re:symbols, caps, numbers

[Rei]

We can play this game until the correct horse battery staples come home.

Is it...

"Correct Horse Battery Staple"
"Correct horse battery staple"
"correct horse battery staple"
"CORRECT HORSE BATTERY STAPLE"
"CorrectHorseBatteryStaple"
"Correcthorsebatterystaple"
"correcthorsebatterystaple"
"CORRECT HORSE BATTERY STAPLE"

And that's assuming you remember four random words easier than a sentence that you chose because it has meaning to you, which is quite the assumption to make. Was it "Right mule charger tape"? "Proper stallion storage glue?" "Accurate mustang AA stapler?"

Trust me, I've used both types of passwords. The sentence one is much easier to memorize. And it's shorter, faster and more accurate to type.

Re:symbols, caps, numbers

[david_thornley]

"Correct Horse Battery Staple", as a four random choices from 2048 easy-to-remember words (as Munroe set it up), has 44 bits of entropy. It has 28 characters, so a sentence of the same length would have roughly 31 bits of entropy.

Re:symbols, caps, numbers

[nine-times]

I took your example, and followed your instructions (to replace letters with numbers/symbols to make it more secure). That's all I did. Even going back to 'Tabrt"CHBS"', it seems much harder to remember that than "correct horse battery staple". I think a fundamental issue that you may be missing is, it does not make the password more secure or more memorable to take the first letters of each word. You still have to remember all of the words, so it's no more memorable, and spelling out the words to have a complete sentence is actually far more secure. The fact that you use whole words instead of letters does not make it more vulnerable to a dictionary attack.

Re:symbols, caps, numbers

[Gob+Gob]

".....The "correcthorsebatterystaple" is actually pretty good advice at this point, all things considered....."

One suggestion - right out a grid of infomation you know like the date your team one the cup, a numberplate from and old car, the clothing label & lift weight on the best day at the gym (*)

n-o-r-t-h-s-2-0-0-1
t-o-y-o-t-a-7-8-3-1
a-d-i-d-a-s-0-0-9-0

Now pick four columns:

ntahta039

I simple way to always be able to work out a password without having to remember it. After a few accounts (depending on the size of your grid) you are going to remember 24+ character passwords with relative ease.

You can vary the size and orentation of your columns and number of rows. Also you can flavour your characters with rules like "every second letter in caps" and all that other stuff people do.

Re:symbols, caps, numbers

[cwsumner]

all passwords should expire after at most 60

Why? How does this help with security?

If the password is cracked, then data can be lost in seconds.
So obviously everyone should be required to change the password every time they log on. ... 8-P ...
Hell people really -will- use dictionary words... direct from the dictionary!

Re: symbols, caps, numbers

PayPal doesn't allow symbols either. Even the big guys get it wrong sometimes.

Re:symbols, caps, numbers

[Neil+Boekend]

Of course it's "CORRECT HORSE BATTERY STAPLE". Randall always shouts.

Re: symbols, caps, numbers

The hell they are

Re:symbols, caps, numbers

[MillerHighLife21]

It's good advice in terms of the math, but it's not in terms of the reality of hacks.

What's most important is that you aren't using the same password in multiple places. Otherwise, no matter how you chose it, if a hack of a service exposes that data then your email and password are going to be tested against a plethora of other sites just to see where else you used it. If you're using a password manager and creating random passwords that even you don't know, then if one service is compromised you only have to worry about updating your password for that one service.

Re:symbols, caps, numbers

[nine-times]

You're off-topic. You're right that password-reuse is probably a bigger security threat than having a super-secure password. Of course, to some extent that assumes that you have a reasonably strong password to begin with, that you have basic brute-force protection (e.g. timeout/lock after too many failed login attempts), and/or that you're not being specifically targeted. Because if I really want to get access into your email account specifically, and you have no protection from brute-force attacks, then suddenly password complexity becomes a very big issue.

But setting that all aside, we weren't really rating the level of importance of various security exploits. We were just talking about what constitutes a "strong password".

If you want to talk about the reality of hacks, I might put weak security questions ahead of password reuse, and social engineering above all of them. For a lot of people, you can call them up, tell them that you're calling form Microsoft because their computer has a virus, and get them to install remote-administration and keyloggers on their own computers. It won't fool everyone, but apparently it's not a small problem.

Negative

[mseeger]

Good, bad & ugly - Your password

PASSWORD REQUIREMENTS

A good password must have two properties:

1) It has been memorized by the user
2) It is difficult to guess for a third person (even if he/she knows the user well)

But in most cases another requirement is thrown into the mix:

3) The password shell be complex (have a high entropy)
Usually the requirements take the form of a password policy like this:

The password must be at least 8 characters long
The password must contain upper- and lower-case letters
The password must contain a number
The password must contain a non-alphanumeric character

You notice anything? Yep, this policy only focuses on the third requirement. And it does so at the expense of the first requirement and (knowing human psychology) it also has a negative impact on the second requirement.

THREATS TO PASSWORDS

Let us take look at how the security of password can be compromised:

- The input of the password has been observed (by eavesdropping, key-loggers or by the ordinary Mark 1 Eyeball)

- The password has been re-used by the user in a different context where the attacker has access to it

- The attacker gained access to the encrypted storage of password and managed to extract it from there

- The password has been guessed by the attacker

How does having a complex password help you against these attacks?

In case of an attacker observing the user entering the password, no complexity will help. Rather the contrary, a password with mixed upper/lower-case, numbers and special characters is entered at a significantly slower pace. This helps an attacker observing the password by good old-fashioned peeking.

If the password is known to the attacker from the use in a different context, the complexity is no help either. Knowing the psychological side, cryptic passwords are rather compound the problem. Once a user has found a password that fits the typical policy, he tends to use it wherever such a password policy is in place and therefor increases the chances of an attacker to use a known password of the user in a different context.

In case of access to the encrypted password store, the complexity clearly helps to hamper the attacker (if the password is encrypted properly).

One would expect that password policy should help making a password un-guessable for a third person. From my personal observation the contrary is true. Under the watchful eye of a password policy they tend to stick to first names, upper-casing the first or last letter, replacing characters by similar looking special characters or numbers and/or adding numbers at the end (like birthdays).

Summary: Only in one attack scenario choosing a complex password helps, in all other scenarios it does not have any or even a negative impact. So let us look at this scenario a bit more detailed.

DECRYPTING PASSWORDS

To decrypt the password of a user, the attacker has first to have access to the password storage. At which point the first and most critical security failure has already occurred. And the user had nothing to do with it.

When it comes to decrypting a password, the algorithm used is a more important than the complexity of the password. If the service provider has not done his home work, complex passwords offer only little protection. This is another critical point, where the user has no influence whatsoever.

But in case of the service provider having botched the safety of his password file but made everything correct when choosing the algorithm the complexity of the user passwords can offer extra protection against the attacker.

Does this case justify all the negative impact?

I want to point out, that the safety of the encrypted password is not the responsibility of the user. So would say: Don't make him part of the process here. Don't shift the responsibility to to him where the service provider is responsible.

Remark: I did not specifically address the issue of an attacker

Re:Negative

[The+Technomancer]

Having read this before, I was about to blast you for copypasta without attribution.

Then I looked at your username, looked at where I saw this, and realized that mseeger is probably Martin Seeger.

So, rather than blasting you for plagiarizing yourself, here's a thank you instead!

Re:Negative

[Moof123]

"Use distinct passwords, at least for the most critical uses (Work, Banking, Apple, Facebook, Google, Paypal, Amazon) and never use those somewhere else."

By far, this is the weakest link for many. I can handle maybe 4-5 passwords at a time, and quickly I find the need to have a unique one for work, a couple strong ones for my couple banks, and then just one more "burner" password for all the rest. It is impractical to expect folks to remember 10+ decent passwords. We need something newer and better to replace the whole password system. Everything else quickly turns into band-aid on the current broken system.

Re:Negative

I also give you credit for doing your research before (mistakenly) blasting him, AND telling us about your results. Thanks.

Re:Negative

Your third requirement - high complexity - is only there to help satisfy the second requirement - hard to guess - and doesn't always succeed.

Dictionary-based brute force attacks make any word (as opposed to non-word strings) easy to guess. Mixing case, numbers and punctuation in reduces the likelihood of a successful dictionary-based attack, although not necessarily reducing the ease of guesswork. "13-Oct-14" meets the criteria, but it could be brute-forced easily based on that pattern.

Re:Negative

[argStyopa]

Fantastic info, but I'd submit that part of the problem is ubiquity.
I have, at a quick guess, at least a DOZEN passwords that matter personally, and at least another dozen that are reasonably critical for work. Probably at least 200+ more that I don't substantially care about.
At least a couple of them are for systems that - for "security's" sake - require me to change the password every 90 days to a password I haven't used the last 6 times.
One system actually requires a password, then 2 layers deeper into the function, ANOTHER password, each with different rules about what's valid - the first accepts "." and spaces, the other doesn't, for example.
You could have a 128bit number as your password, and that would be hard to crack.
But the fact is that in the real world, you have to have either:
- something to write them down in
- a system to remember them, or an algorithm that you can apply to the site name or whatever that will give you your pw for that location.

Either one is vulnerable for precisely the same reasons they're useful.

Until we get absolute biometric systems - and such that can also ensure that the 'sample' tested is still attached to the live, willing human - in the words of an intelligent man: "there is no 'safe', only 'safer'".

Re:Negative

[PJ6]

DECRYPTING PASSWORDS

To decrypt the password of a user, the attacker has first to have access to the password storage. At which point the first and most critical security failure has already occurred. And the user had nothing to do with it.

When it comes to decrypting a password, the algorithm used is a more important than the complexity of the password. If the service provider has not done his home work, complex passwords offer only little protection. [...] I want to point out, that the safety of the encrypted password is not the responsibility of the user.

The first thing I learned about storing passwords is that you use a salted hash, which is impossible to decrypt back into plaintext. Am I missing something, or is this practice not standard practically everywhere now?

Re:Negative

[Culture20]

The first thing I learned about storing passwords is that you use a salted hash, which is impossible to decrypt back into plaintext. Am I missing something, or is this practice not standard practically everywhere now?

Apparently you are missing something because while common practice, it's not ubiquitous. And like all common practices, it gets spoken of less and less until new developers reinvent the wheel and decide they want passwords in plain text to make password recovery 'easier' ("click on the http link in your email and you'll see your password!")

Re:Negative

[PJ6]

The first thing I learned about storing passwords is that you use a salted hash, which is impossible to decrypt back into plaintext. Am I missing something, or is this practice not standard practically everywhere now?

Apparently you are missing something because while common practice, it's not ubiquitous. And like all common practices, it gets spoken of less and less until new developers reinvent the wheel and decide they want passwords in plain text to make password recovery 'easier' ("click on the http link in your email and you'll see your password!")

It's been many years since I've seen that done anywhere.

Re:Negative

[mseeger]

Thx for looking it up and not blasting me ;-).

I didn't want to do self-advertisement, so i did not link to my blog.

Re:Negative

[mseeger]

If you choose 4 English, non-trivial words, you already have about 40bit of entropy. Searching only 1% of the namespace would take Trillions of tries.

To have those tries, the provider (not the user) must have already screwed up. The user cannot defend against screwups of the provider of the password protected service efficiently

"Hard to guess" is aimed at direct, human guessing. If I know you love "Sarah", so "Sarah4me" makes a bad password. That would be your screwup.

My primary goal is: burden the user only what naturally belongs in his domain. Trying to offload your security as a company to the users (e.g. to reduce costs) usually backfire.

Re:Negative

[The+Technomancer]

Completely understandable. This is why I did it for you once I realized my error!

Re:Negative

> WHAT SHELL WE TEACH USERS ABOUT PASSWORDS?

csh, ksh93, pdksh, zsh... anything but the Broken Awful SHell (bash).

What?

How the hell is picking random words going to be statistically attacked?

Re:What?

How the hell is picking random words going to be statistically attacked?

How do you correctly pick "random" words? Put "horse battery staple" your head - say it five time silently to yourself - and then, pick three words that are completely unrelated to "horse battery staple." Don't think of elephants! Don't pick "cow plug pushpin" because it's related to "horse battery staple."

The simple problem is people suck at generating "random."

Re:What?

open a dictionary, choose the 5th word in the middle column to have more than 6 letters.

Solved it for you man. Wosh, that was hard...

Re:What?

[craighansen]

open a dictionary, choose the 5th word in the middle column to have more than 6 letters.

Solved it for you man. Wosh, that was hard...

OK, so you're going to carry around a nice heavy dictionary, and once someone sees you open it to generate a password and drag your finger down the middle column, they're going to have a field day with your bank account.

Re:What?

/usr/share/dict/words and a 4 line shell script

Re:What?

[rickparkerzz]

open a dictionary, choose the 5th word in the middle column to have more than 6 letters.

Solved it for you man. Wosh, that was hard...

Good idea! Now, where's that dictionary again..?
Oh yeah, that's right, I left it back in 1997 when I didn't just look up everything on the internet.

Re: What?

[silentcoder]

Grab a good old fashioned dictionary. Flip it open somewhere. Close your eyes. Poke at the page. Open them. Choose word under finger.
Repeat four times.

Or any of a dozen other ways.
We know humans suck at random so if you choose this method also teach a technique to use physics for better randomization.

Hell the site could choose four random words from the aspell dictionary (for bonus points use all the other languages with a matching character set) and just inform the user "your password is" and it would be more secure than most chosen passwords (especially if presented in a manner that prevents copy and paste) the biggest problem there is that the password will be visible onscreen in clear at some point which is a peeking risk but there are ways to mitigate that.

Re:What?

[Triklyn]

sounds like you have a stalker and bigger concerns at that point.

Your "password manager" should be your brain.

I have an algorithm I use to determine a password for any website. Which means I'm using unique, secure passwords that are simple to remember. As long as no one hacks into my brain and figures out my algorithm, finding out my Facebook password will not make an attacker any more likely to find my bank account password. I don't know why more people don't do this. It seems so obvious.

Re:Your "password manager" should be your brain.

I have an algorithm I use to determine a password for any website. Which means I'm using unique, secure passwords that are simple to remember. As long as no one hacks into my brain and figures out my algorithm, finding out my Facebook password will not make an attacker any more likely to find my bank account password. I don't know why more people don't do this. It seems so obvious.

OK. Tell us what password you'd choose for Chase, Citibank, and Wells Fargo. Tell us what bank you keep your money in. Is your password still secure?

Re:Your "password manager" should be your brain.

[ls671]

Me too:

123456slash
123456chase
123456citi

XKCD is correct

[Archangel+Michael]

Entropy is key to a good Password. Increasing the password length is one of the easiest ways to increase entropy in a password. Very few people can remember a password like "Xl5xX8lB4XI5" which would take a single computer about 25 thousand years*

However, using long words "alligatorterrorizesnewyorkcity" would take 22 septillion years*

* according to https://howsecureismypassword....

That being said, I also agree that generating new passwords should be done with a Password Manager, however the first password is always the hardest. Which is why three long seemingly random words is much easier and safer, IMHO.

Re:XKCD is correct

That measure fails to take into account that alligatorterrorizesnewyorkcity is likely in the top 1000 fake but memorable newspaper headlines, so it really would take a computer about 0.0001 seconds. 22 septillion years assumes that those letters are randomly chosen. Start with a_l_g_t_r_e_r_r_z_s_e_y_r_c_t_ and see if it would take you the "square root" of 22 septillion years to guess! (square root normalized to the rate of generating guesses)

Your quote from Agent K is also relevant: A *person* can learn to choose better passwords. People will continue to use lousy passwords (and you know it).

Re:XKCD is correct

[Forever+Wondering]

Here's another strength testing page: http://rumkin.com/tools/passwo... It rates the passwords differently

Re:XKCD is correct

[timeOday]

I don't think there is any reasonable simple definition of entropy that makes it a guarantor of hard-to-guess-ness.

According to that website the password KimKardashian would take 161,000 years to crack.

Re:XKCD is correct

[Archangel+Michael]

Assuming computer will use Fake Newspaper Headlines trying to guess a password. More likely, a computer will recognize that it is very long password, and assume that it is uncrackable and move on, not wasting CPU resources on long passwords. And I hadn't really thought of the Alligators in New York City. My original example of a city was Amsterdam but changed it to New York City, thus proving your next point about Agent K!

Thanks!

Re:XKCD is correct

[Archangel+Michael]

Length: 30
Strength: Strong - This password is typically good enough to safely guard sensitive information like financial records.
Entropy: 115.4 bits
Charset Size: 26 characters

Giving each word a Capital letter increases it.

AlligatorTerrorizesNewYorkCity

Length: 30
Strength: Very Strong - More often than not, this level of security is overkill.
Entropy: 139.9 bits
Charset Size: 52 characters

Re:XKCD is correct

[Archangel+Michael]

KimKardashian would be a dictionary attack, not brute force.

A bot net would have this cracked in almost no time.

Re:XKCD is correct

This is likely an inaccurate measure of entropy. If you have a dictionary of 65536 words and successfully choose a word with a uniform random number, that's 16 bits of entropy. (It would be less if those words are selected by average English frequency, perhaps as low as about 10-12 bits.) Using your example, with three "words" alligator terrorizes and newyorkcity (which I'm counting as one word), I'd guess the answer is closer to 48 bits. One bit encodes whether or not to capitalize the first letter of each word, so the second example is arguably more like 49 bits.

Or see http://people.seas.harvard.edu... - which sugests an average entropy of 2.6 bits per letter for English - that would estimate 78 bits. That reference also states that other estimates of entropy are as low as 1 bit per letter, which would estimate 30 bits.

IMHO, assuming that one has limited guesses, any of these are sufficient. A tougher problem arises when a hashed password is known or leaked, and unlimited guesses are therefore permitted. 30 bits may not be sufficient against a determined password breaker - as when breaking the password is known to have a high value.

Re:XKCD is correct

aaaaaaaaaaaaaaaaaaaaaaaaaaaa

Length: 28
Strength: Strong - This password is typically good enough to safely guard sensitive information like financial records.
Entropy: 120 bits
Charset Size: 26 characters

It bases it on the length, not complexity.

Re:XKCD is correct

[brantondaveperson]

It is not meaningful to talk about the 'entropy' of a single string of characters - only about the method that one might use to generate those characters.

Re:XKCD is correct

[hibiki_r]

That website fails at entropy, because it doesn't really take into account multi-word dictionary attacks. For instance, it thinks that CakeBanana is just as strong as LRssBanana, when one uses two common dictionary words, while the other has a lot more entropy.

Naive websites that give people a false sense of security on their password safety are actually hurting our security.

Re: XKCD is correct

I don't think it's as simple as that. Long passwords are a pain in the ass to type correctly if the characters are obscured. It's unacceptably slow to type in 40 letters that you can't see and very frustrating if you make mistakes six times. human factors matter

Re:XKCD is correct

Thing is, using words or corruptions of words will fall to a dictionary attack. Ideally, you want fully random, and have the password manager handle it. Even better if the random characters are UNICODE.

Re:XKCD is correct

[q4Fry]

A cute (open source?) strength tester I have been playing with recently is made by a guy at Dropbox. It has some flaws**, but it's cute and it analyzes weaknesses.

** Mostly dictionary size, but in order to run in the browser without sending the password to a server for analysis, the dictionaries need to be small enough to load in a reasonable time.

one time password

I generate a string of 20 random characters and paste it in.

The only password I keep in my head is for my email to reset passwords if I get logged out

Unique passwords?

[K.+S.+Kyosuke]

This means that instead of a password strength meter you should be ensuring that there is no skew in the distribution of passwords. If each password is guaranteed to be unique, the advantage of a statistical guessing attack is greatly reduced.

OK, guys, now I just need all of you to tell me your passwords so that I could pick a different one.

Re:Unique passwords?

[Archangel+Michael]

qwerty7890

Re:Unique passwords?

[suutar]

Sure. Mine's substr(md5(date()), 5, 15).

Re:Unique passwords?

[Jumunquo]

It says password, so you're supposed to type in "password". Gosh, can't you people follow instructions?

10k most common passwords

[innocent_white_lamb]

Here is a list of the 10,000 most commonly used passwords. Perhaps a list like this should be incorporated into account setup programs to disallow words on this list:

10,000 Top Passwords

Re:10k most common passwords

[innocent_white_lamb]

That's interesting. The link disappeared when I posted the message, even though it was present in the original.

Here it is again.

https://xato.net/passwords/mor...

Re:10k most common passwords

[Nauglamir]

Forgot the link?
https://xato.net/passwords/more-top-worst-passwords/

Re:10k most common passwords

https://xato.net/passwords/more-top-worst-passwords/

Re:10k most common passwords

[craighansen]

You buried the lede. That site states that 91% of passwords are in that list (or the 10000 most commonly used passwords). That's shockingly high (but not entirely unexpected). As a consequence of implementing your suggestion, 9/10 chosen passwords would be rejected!

Objection One:

[arielCo]

Even if we entertained the XKCD comic and started training users to select four random words instead of a complex single-word password, I argue that it would not amount to a significant increase in security.

People are not very creative and tend to think the same way when choosing passwords. This would lead to the exact same problem we have now, where a few passwords such as "password123" become very common. What is there to prevent “letmeinfacebook” from being the new most common four word password for Facebook accounts?

Umm, how would they "think" of random words? I think "random" means something like: you pick a dictionary, close your eyes, open it on a random page and put your finger; repeat as needed.

Re:Objection One:

Ask a person to pick a random number between 1 and 10 inclusive. Nine times out of ten, they'll pick 7.

Present a flush of cards to a person and ask them to pick one at random. Nine times out of ten, they'll pick the card closest to them.

Draw a line segment in the sand and ask a person to pick a random point on the line. Nine times out of ten, they'll pick a point very very near to the 35% point, or the 65% point. We don't think it's sufficiently 'random' to pick the point exactly in the middle, and likewise, we're not going to point at the ends, either, so we point at the juicy spot just to the left or right of the middle.

How did you think magicians do some of their 'pick a card, any card' tricks? People can't be trusted not to behave predictably.

Re:Objection One:

[Dynedain]

Humans are very predictable when attempting to be random. Just using your dictionary example, the vast majority of people (say 75-95%) would pick something in the middle third of the dictionary, because opening to page A or page Z would instinctively be considered not random enough.

Just ask people to cut a deck of cards. It will be exceedingly rare for the the person to cut the deck anywhere but close to the middle 25% of the deck. It's clearly not a sufficient act of randomness, which is why we shuffle, not just cut the deck when playing card games. We have someone other than the dealer perform the cur operation as a simple test to limit the dealer's ability to cheat.

Same thing with a dictionary. Your approach can work, if everyone had sufficiently random dictionaries to begin with. But to the average person, picking a "random" word will result in word association, something psychologists have a field day studying.

Re:Objection One:

[thegarbz]

So you've just statistically narrowed down your searches to words not beginning with A, B, C, D, U, V, W, X, Y, or Z.

Seriously ask 100 people to open a random page on a 100 page book, and count how many people open to page 3/4, I'm betting it's zero. I'm also betting multiple people will open to page 50/51

Re:Objection One:

[blueg3]

Humans can't think of random words. There's not a sufficiently random process available. Humans can think of semi-random arbitrary words, which are totally different.

Re: Objection One:

[arielCo]

So, it's like picking from a dictionary 1/3 the size of the one they picked up - half an order of magnitude less possibilities per word.

Re: Objection One:

[arielCo]

Inagine, as another user posited, that they only pick words from the middle third. That's roughly half an order of magnitude less search-space per word - 81x for 4-word passwords. Makes a difference but nothing to cause a commotion about.

Then there's another argument for actual-word passwords: complicated, non-memorable passwords are more prone to be trusted to a Post-It, which is the Ultimate Vulnerability (TM). I for one take a middle road and use oddly-abbreviated passphrases.

Re: Objection One:

[arielCo]

Umm, did you skip the last paragraph? I suggested that users *should not* think of the random words but blind-pick them from a dictionary (or /usr/share/dict/words, if you will). It'd be part of the whole method and if the user disregards it then [s]he may as well choose "facebook123".

Re:Objection One:

Umm, how would they "think" of random words? I think "random" means something like: you pick a dictionary, close your eyes, open it on a random page and put your finger; repeat as needed.

You seem to forgetting the human element. A new user faced with creating a password at a new site IS likely to use commonly available words based on context when tasked with selecting four "random" words. The vast majority are not going to think literally and find four truly random words.

Re:Objection One:

Some people think up random words all the time. Zippy the Pinhead, for one.

Re: Objection One:

[blueg3]

I wasn't disagreeing with you. (Weird, for the Internet, I know.) I was just answering your semi-rhetorical question of "how would they think of random words"? The answer is that they can't.

If you want some disagreement: while picking spots in a dictionary is random, it's not a uniform distribution and it's not as random as you might suspect. It's much safer to use a mechanical method that your brain has as little control over as possible to do the selection: dice, for example.

Re: Objection One:

[Dynedain]

Ok, continue the metaphor... the majority of the users will pick near the middle of the page: the sample set is reduced by an order of magnitude again. I'm sure there's a psychological predicative to the left page or the right page, there goes another 50%.

Not to mention, you started with a sample size of around a quarter-million English words to begin with, so now you're down to around 100K possible options. Humans will naturally rule out words they don't intuit are random. Like rejecting the word "random" or "password" for this scenario. You put together enough psychological conditions like this and you can easily reduce the sample set to a few hundred words that would be used by a majority of users.

A case-sensitive 8-digit alpha numeric password (no special characters or spaces) has 62^8 possible "words", and that already isn't considered secure enough.

The word system works, only if people generally don't use words. If everyone uses unadulterated words, then the whole thing breaks down into a dictionary attack with a fairly limited password space (the size of the dictionary to the power of the number of words required) .

Re:1) Choosing a password should be something you

The more often you make your users change passwords, the more likely they are to write them down on a post-it on their monitor.

Probie.

Dude, you really need to take a class in statistics.

Good article, weak summary

[swillden]

The summary quotes the article's own summary, but the headline and intro cause it to be misleading.

The article doesn't claim that "correct horse battery staple" is wrong, as in a bad way to choose a high-entropy password. It is a good way to choose a high-entropy password. The article argues (quite accurately) instead that users should not be choosing passwords at all because they will choose weak ones, even if you give them a fairly good heuristic (like the one from XKCD), or try to help them estimate the strength of their passwords, etc. Instead it suggests that we really should try to get rid of passwords entirely, and where that isn't possible we should encourage people to use truly random, non-memorable passwords and put them in password managers, essentially reducing all of their passwords to one: the password that opens their password manager.

Re:Good article, weak summary

Which means that:

1. The user will pick a weak password for the password manager and
2. An attacker needs to know only one password to access all of the others.

Password Managers are a terrible solution. The consequences of a compromise are huge.

I'll Bite

[DarkOx]

1) Choosing a password should be something you do very infrequently.

No. Passwords need to be rotated for all kinds of reasons. It results in the account being effectively disabled when account policies fail (forgotten service accounts etc). It ensures that if the password store has leaked and its not discovered strong passwords remain safe (can't be cracked in the rotation time) and that access to accounts with weak passwords is at least detected at some point. Passwords should be used uniquely person/organization for the most part, finer grains in some cases; most people form relationships with organizations frequently. So password selection actually occurs very often and should.

2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.

Most "brute force" attacks are informed and statistical the offline ones anyway; you try to get the low hanging fruit first (birthdays, names, dictionary words and usual substitutions) before you do the exhaustive search of the key space. In online attacks where the attacker is throttled this has greater impact but a password that is strong against offline attack is also strong against online attack so I don't see any reason to place emphasis here, other than to simple say the best passwords have the most entropy.

3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.

Ok I can agree with this one, but really implementation is hard, beyond the usual is it in a dictionary of common passwords (good systems already implement this), you should not be able to know if lots of other people are using that password because you are only storing salted hashes right and everyone gets their own salt right?

4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."

No the most important thing we can do is try to move away from password only security and move toward two factor, which is more and feasible now that most people are carrying a cell phone that can at least get SMS messages.

Great!

[ls671]

Reading TFA, this guy just reinvented public/private key infrastructure where your password manager acts as your keystore.

In any case where a so called "password manager" could be used, we would be better off using a keystore. You loose ease of logging in from different devices in either case. One needs to carry around its password/key database in both scenario or store it in a centralized database.

Re:Great!

[Forever+Wondering]

I use the keystore approach. Each of my devices has a unique private/public key pair. Each device has the public keys of all the others. I disable password based login [except for physical/console login].

Shouldn't be too hard for websites to implement this. Shouldn't be too hard to allow multiple public keys (e.g. just add them to the per-user "authorized_keys" file). Default this off for users at start. But, allow it to be enabled on the account management page [with a place to paste in new public keys and menus to delete/modify the existing ones].

Re:Great!

[ls671]

Gitlab web interface kind of work like that. It allows you to paste multiple public keys to access git through ssh although users don't have shell access, only git access through ssh. Next step would be to reuse those keys for web based authentication.

One problem I can see is that although browsers have been supporting cert auth for years, I don't think that public key auth is supported in a standard way yet between clients and http servers.

Oh well, going with self signed certs would achieve basically the same results I guess.

With the correct tools, the whole process could be as transparent as using a password manager for end users. For some reason, we ain't there yet apparently.

Re: Great!

[silentcoder]

Github and clones have this in place for repo management. It would certainly be feasible to use for site logins.

Re:Great!

[ls671]

And yes, a cert is just a public key bundled with other data like signing authorities and certificate chains. You still have to keep your private key apart in order for a cert to work. Anyways, this is basic PKI. It didn't fly back then for end users so I would be puzzled if password managers did now;-) Marketing approach ?

What's the UTF-8 encoding of THAT?

[jhantin]

Leave it to a Great Old One to figure out a way to completely befuddle the password policy enforcer.

Re:What's the UTF-8 encoding of THAT?

[Guy+Harris]

If by "that" you mean "a fecal sample", the Unicode encoding is U+1F4A9.

Re:What's the UTF-8 encoding of THAT?

Um. Wow. That is all.

Re:What's the UTF-8 encoding of THAT?

[Guy+Harris]

Um. Wow. That is all.

Actually, no, in Unicode 7.0 there's even more.

Re:What's the UTF-8 encoding of THAT?

[Defenestrar]

And if your passwords support Unicode 7, all you got to do is throw in that one to give your opinion to the brute forcers. With respect to passwords, it seems to me that software/touchscreen (non Windows) keyboards have led to the greatest decrease in available password security in recent times on an entropy basis. (i.e. it's no longer trivial to include extended ASCII or unicode characters).

Re:What's the UTF-8 encoding of THAT?

[jhantin]

I'd say +1 Informative except, well, already posted ...

Re:What's the UTF-8 encoding of THAT?

[wzyboy]

As a native Chinese speaker, I can assure you that even the simpliest Chinese character ("", meaning "one", http://www.fileformat.info/inf... ) cannot be found in known online md5 hash dictionaries. So if Chinese characters (or any non-combining Unicode characters) are allowed in password boxes, we asian guys can create very-easy-to-remember-but-very-hard-to-brute-force passwords since their entroy is bloody high compared to printable ASCII characters. And a friend of mine hacked his Chromium to allow Unicode characters to be input into password boxes. :-)

Mod parent up.

[khasim]

The core problem is that security has many different approaches.

A password manager is great ... as long as it is available to you on all the devices that you use to login from. Which makes it vulnerable to being cracked when one of those devices is cracked.

And that isn't even addressing things like the recent rash of credit card cracks being reported. Even if you keep YOUR password secured the attackers can still attack the system when you use the secure information.

Instead, the focus should be on the knowledge that you will, eventually, be cracked. At least partially. So be prepared to mitigate the damage done at that point.

Too many people have too much access to your information without the personal incentive to keep it secure. Or the knowledge of how to secure it. Password managers are an improvement in many scenarios. But so is writing your passwords in a book that you keep at home.

Re:Mod parent up.

[rainmaestro]

Not having the manager available is a big problem. I redid all my passwords after the Heartbleed issue, and pretty much maxed out the password for each of my important accounts. Was great on my PCs where I had KeePassX, but the first time I had to enter a 24-character randomly generated password with special characters on my cellphone to log in, I realized why it will never work for the average person. Big, long complex passwords are great until you have to type them in on a tiny ass keyboard.

Re:Mod parent up.

You don't have to type them. In KeePassX you just double click the account password and it's automatically copied to your clipboard for n seconds after which it's purged from the clipboard. The same method is available on many password managers that are available on iOS/Android devices. The only time I've ever had to manually type a password these days is when I'm logging in to a service on someone else's computer, but even then the only real nuisance is opening your smartphone to look up the password.

Also, if you ever were worried about putting all your passwords into one place and risk a hacker accessing them, all I can say is don't worry. If a hacker has access to your devices, they can just install a keylogger anyway and get even more than your passwords.

Re:Mod parent up.

[haggholm]

KeePassDroid will read the same password database. I keep my password DB on Dropbox, s.t. all my devices can easily sync, Android included. (I don’t regard Dropbox as secure, but that’s OK; the security is in the DB encryption, anyway.)

Re:Mod parent up.

[flink]

Was great on my PCs where I had KeePassX, but the first time I had to enter a 24-character randomly generated password with special characters on my cellphone to log in, I realized why it will never work for the average person. Big, long complex passwords are great until you have to type them in on a tiny ass keyboard.

Zetetic's STRIP is pretty great for this. I've been using it since it was a Palm Pilot V app. They've got Windows, Mac, IOS, and Android clients. On the desktop you you can dedicate a hot key for filling in forms, although admittedly on mobile you're stuck copy/pasting. It even has an RFC6238 TOTP generator built in so you can ditch Google Authenticator. Supports syncing between devices via cloud services, local WIFI, or a designated folder.

I usually don't shill for commercial products, but I've rarely used any one piece of software for so long and been so happy with it. And while the UI is commercial, they've released the encrypted repository that backs it as open source.

Re:Mod parent up.

[Desiree+Hindenburg]

Is not there a mobile version of KeePass that you can synchronize across various passwords? But the thing that gets me is some websites that require you to type the password, and disable paste into the password control. What good does that do?

Re:Mod parent up.

[kaiser423]

Exactly. There need to be better hooks. I'd love for KeePass or similar to be able to hook into Chrome securely or something like that.

Re:Mod parent up.

[rainmaestro]

Yeah, I tried KeePassDroid, but it always ran into issues trying to open my DB. Dunno why, I could open it everywhere else. Had to resort to typing it manually.

Re:Mod parent up.

But so is writing your passwords in a book that you keep at home.

Or writing them on a 3x5 card that you keep in your billfold.

Re:Mod parent up.

[rainmaestro]

There is, sort of. Each port is largely separate but provides binary compatibility with the database, but there can be issues. For example, the Droid version doesn't work properly with v2.0 KeePass databases (nor does the QT port at this point), only the older 1.x branch. You can get things to play nicely together if you are careful about which ports and which database versions you opt to use, but it isn't hard to get yourself in a situation where you have a nice database that can't be accessed on some new device.

Re:Mod parent up.

Get keepass for phone, sync via owncloud, job done.

Re:Mod parent up.

Oh yeah, I remember connecting my tablet to my wireless network...

The password was generated with
dd if=/dev/random bs=64 count=1 | uuencode | head -1 | cut -f2-
(The last cut is to remove the length byte, which is always M except on the last line).

That's about 72 bytes of letters, numbers, dashes, slashes, etc.

And that without being able to see what I'm typing.

Ended up entering the password in a text editor, and cut'n'pasting it to the password field. That only took three tries AFTER switching to the editor.

(On a PC it's simply insert USB stick, open notepad, copy password, paste in password field, done).

Re:Mod parent up.

That is because your password manager sux. It should produce passwords along the lines of correct horse battery stable, which you CAN enter on your phone.

Re:Mod parent up.

FYI, there are KeePass-compatible password managers for cellphones too. You don't need to enter your passwords manually there either.

Re:Mod parent up.

[MrNiceguy_KS]

https://play.google.com/store/...

Here's a version compatible with KeePass 2.0 databases. This version also has native support for syncing databases stored in DropBox, Gdrive, or even over FTP, (which beats my old method of using a 3rd-party file syncing app)

Re:Mod parent up.

I felt the same way when I had to type in a 63-character WPA2 password. It was OK when it was just for laptops, but on a mobile device, ugh, especially with the different keyboard layouts between Android devices. In the early days, I would connect a Bluetooth keyboard just for the wireless password phase.

Whenever my friends visit, they ask for it, then give up when I informed them of the length of the password. Eventually, I had to create a new SSID with a shorter password just for them (which is not a big deal since I use a Tomato firmware), then turn it off when they leave.

Re:Mod parent up.

[Agent0013]

I use KeePassDroid to store my passwords. I love it. It rarely will allow me to paste the username and password into a website though. Something with the browser or the way pasting works on my phone just pastes nothing there even when KeePassDroid has put them into the clipboard.

Password reUse

[Amtrak]

While I agree with the researchers point that dictionary attacks are the biggest risk for passwords and that you shouldn't use the same password for every account you have I don't think that a password manager is required for all situations. For example I use the same password for Slashdot, Engadget, Toms Hardware and a few other entertainment accounts. None of these accounts can really cost me money so who cares if someone gets the password? I can just make a new one. So I don't think that sharing passwords in this case is bad. I call this password my "Insecure" password. Now for other services such as my bank, email, windows log in, work password. All of these passwords are unique but I don't have many of them so it isn't hard to remember them.

Security through obscurity

[ChadSmith4920]

Relying on a potential attacker's lack of knowledge as a means of security. It's not so much how strong a password is. If the password has to be entered in an obscure way. Require the user to enter a charter then wait 2 seconds etc.

Password Manager

The article's author seems to think that a password manager is the One True Solution to passwords. You know what password managers are: They're those software programs, often web-based, that allow you to generate, store, and retrieve passwords. All you need to access your passwords is a single password. Also note that these passwords must be stored in a way that the original plaintext MUST be able to be retrieved at a later time. This means no hashing.

So now attackers have a wonderful target. All they need to do is figure out one password and they are given all of the others for free. Or, worse, a compromise of the whole system allowing them to get passwords to many different systems for all associated users - all at the same time.

A password manager is not the solution. It's a step backwards.

So far, people cannot crack into my brain and download the information. I am unconvinced that Correct Horse Battery Staple is not the way to go.

Not a good solution

[mjm1231]

Password manager tools are only useful when you are logging in from your own device. What do you do when you need to hop on a friend's computer, or the one at the public library? Or are there cloud based password managers out there (and if so... that just raises further questions).

Re:Not a good solution

Indeed. But password managers (or rather, what they evolve into) are the end game here. Passwords will be like rotary telephones in 10 years - you might come across one every once in a while, but for the most part, you will have a device for authentication. Securely scaling to tens or hundreds of logins is simply beyond the capabilities of the average human brain, and SSO is too centralized for people to trust.

XKCD is wrong, but not really for the reasons mentioned - it simply ignores scaling issues.

Re:Not a good solution

Password manager on your phone? Seems like a pretty straightforward answer. Just make sure the manager uses good encryption, you have a strong master password, and your phone has a way to remote erase it. You don't have to sync it to the cloud if you don't want to. If you are worried about cloud storage, you should probably be worried about browser integration with a password manager too anyway.

Or go ahead and use the CorrectHorseBatteryStaple method, but I know from experience that does not work on a lot of sites. So, eventually you will need the strongest password you can generate and a manager to store it because you won't remember it.

Re:Not a good solution

What do you do when you need to hop on a friend's computer, or the one at the public library?

As soon as you do that, you're insecure. They could have a keylogger. You're only secure when connecting from your own device, which you alone control.

Re:Not a good solution

Thumb drive with the encrypted password database and the password manager binaries.

Re:Not a good solution

You've clearly never used a password manager, or even studied them at all.

Otherwise you would know that Lastpass is available on any device that has an internet connection and a web browser.

Read up before you even think about replying with something uninformed like: "but but but the cloud something something isn't safe."

Re:Not a good solution

LastPass is a common cloud-based password manager.

Re:Not a good solution

Many password managers have a means to synchronize their databases between multiple instances of the application. Many of these do in fact use cloud services.

For instance 1Password supports synchronizing through DropBox (one of many approaches) and seemingly iCloud. I currently use DropBox (and yes it is on my short-list to re-evaluate the decision). The database itself is encrypted using your master password so the contents are presumably inaccessible even if someone were to gain access to your DropBox account. Additionally the database itself can be decrypted in a standard web browser by browsing the files locally using a web-page they package into your database. AgileBits has a detailed security analysis on their site and blog if you are interested.

This means that you can retrieving a passwords when logging in from a device you don't own by logging into DropBox, and viewing/decrypting the password database in your browser. You need to remember your dropbox and 1password passwords to do so enabling you to not know 99% of the credentials for your other accounts.

But even that is too inconvenient. If I am compelled to use a device I don't own (a rare occurrence), I just look up what I need from my phone which is also synchronized and type in the relevant credentials.

Re:Not a good solution

[mjm1231]

Would you believe that not everyone has, or even wants, a data plan on their phone?

I'm not worried about cloud storage, but rather about how a cloud client would work in environments where you have no ability to install a client, browser plugin, or other software. Or have any control over what version of java is on the system you are using. Or any of the other things that could contribute to such a system just not being able to work where you happen to be at the moment.

Re:Not a good solution

Why on earth would you trust your friend's computer with your passwords? Never trust a public library computer!

Get a Linux distro on a stick - boot encrypted, has a browser and password manager. If you can't boot a computer with the stick, don't use the computer. Who doesn't carry around their own computer with them now days anyway?

Re:Not a good solution

[Grizzley9]

Password manager tools are only useful when you are logging in from your own device. What do you do when you need to hop on a friend's computer, or the one at the public library? Or are there cloud based password managers out there (and if so... that just raises further questions).

There are a few such as the popular Lastpass that store passwords in the cloud but encrypted. Many have browser plugins which make filing in forms and storing that info straightforward. That or you could simply look up on your phone while at another PC (numerous mobile password managers). If you lost your phone and that's why you are using a strange computer you could still wipe it remotely and if Apple you could just restore to a new device via icloud. I'm sure Android has numerous password managers that sync with Dropbox as well. (1Password, Lastpass, KeePass, etc)

Re:Not a good solution

If I need to log in a website to public computer (something I rather not do ever, but for the sake of example). I could pull the password up in LastPass on my smartphone and type it in.

Re:Not a good solution

Some password managers can sync their database to your mobile phone. You may not be able to directly copy the passwords to an external computer, but you will always have them with you.

I use KeePass and Dropbox for this, but there are lots of options.

Re:Not a good solution

[david_thornley]

If you're the paranoid type, you estimate the probability that somebody's cracked into your friend's computer and installed a keylogger or something. I certainly wouldn't want to use a high value password at a public library.

banking websites

[BradMajors]

My banking websites would be much more secure if they disallowed any access from Eastern Europe.

Re:banking websites

[Camel+Pilot]

Not effective. Proxies are too easy.

Re:banking websites

[Voyager529]

Not effective. Proxies are too easy.

It's not a silver bullet, but it is a partial solution. 1337hax0r will vpn/proxy from another address intentionally, but he then has to get his whole botnet to do so. Sending internet traffic overseas slows things down tremendously to the point where an end user would be more likely to notice and run an antivirus.Maybe it'll cut it down by 10%, maybe by 75%, who knows...but even a 10% decrease is 10% in the right direction, with relatively minor inconvenience to customers.

Base your passwords on jargony buzzwords

[chandoni]

Like "incentivize" or "impactful." Mine is "Leverigize123."

Re:Base your passwords on jargony buzzwords

[mythosaz]

I've had my buzzword password for a long time, and we've got 1-cap, 1-num requirements, so it's just "Synergist1c"

Re:Base your passwords on jargony buzzwords

That doesn't appear to be your current slashdot password. You seem to have learned the first rule about how to keep your password secret.

Re:Base your passwords on jargony buzzwords

this is great - I bullshitize you untill clouditters come and synergize shit into oblivion.

Use a password manager

[KozmoStevnNaut]

I've used Keepass for a long time, but I recently moved to Lastpass because getting Keepass to sync reliably is a major hassle, plus Lastpass works really well on Android, even for apps. I have a strong master password, which is easy to change regularly because I only have to remember that one password. I also have 2-factor authentication enabled through Google Authenticator. Every other password is randomly generated, I don't even know them.

Re:Use a password manager

Keepass can load a file from a web server.
Even the old Blackberry version did this.
The official Keepass app on Android can't, but there's a nonofficial app that can. It even doesn't bitch about a self-signed HTTPS cert.

Re:Use a password manager

[KozmoStevnNaut]

I know, and I had a reasonable setup running with browser plugins for Firefox and Chrome, while syncing the keystore onto my Google Drive.

Lastpass is like a million times easier, though. Well worth $12/year for the premium version.

I disagree

[nine-times]

Password managers don't really solve the problem. Many of them aren't really cross platform (by which I mean, they sync with and are accessible by all your programs/browsers for all of your devices), and as he recognizes, there will be some passwords that you can't store in the manager (e.g. the password to the manager itself, and for the devices that access your password manager). Beyond that, I didn't see any recognition anywhere that there are at least some services that you might want to access somewhere where you don't have access to a password manager. For example, the selling point of both webmail and services like Dropbox are that you can access your data on another person's computer. Are you going to want to download, install, and sign into a password manager on another person's computer.

So yes, password actually do need to be both memorable and strong.

However, I'd agree with him that really, passwords need to die. Or not actually die completely, but most sites should not require their own password. What we really need is some kind of standardized identity management system-- like you know how you can sign onto various sites using either your Facebook or Google+ sign-on? Like that, but standardized. We need a true single-sign-on solution that is easy to manage, hard to screw up and lose your identity permanently, and usable everywhere.

This has been obvious for well over a decade, but we can't do it because we don't create standards anymore. For any solution, Microsoft wants to have their solution, Facebook wants theirs, Google wants to do it their own way, and Apple wants to do something different from all the rest. Each company pretty much wants a solution that will benefit themselves and screw over their competitors. None are really focused on creating the best solution for social/economic/computing progress, and if they were, it would still be impossible to get others on board. So that's the real problem. Unwillingness to create standards.

Re:I disagree

Nor do I want Microsoft, Facebook, Google or Apple to know all the passwords to all my favorite websites.

Re:I disagree

[Dynedain]

We do, it's called Open ID, which is what Google leverages for their single-signon (not sure if FB is their own solution or not). It was a really popular thing about 5-10 years ago and got a ton of attention. I think even MS enabled it.

The problem with it is this: everyone was willing to let open their servers be the authenticating source for OpenID, but no one was willing to trust a 3rd party's servers to do the same.

So I can create identity authentication galore at mydomain.example.com, but if Google isn't willing to trust mydomain.example.com, then it's not very useful as a unified login authenticator.

Re:I disagree

For you and I, the password-manager-password is a solved problem: Write down a mashed-keyboard-generated p/w to it on a sticky, and put that sticky in your wallet (and hide a copy somewhere at home). Eventually you'll enter it from muscle memory without even looking.

If someone is willing to physically attack you, able to find and burgle your home, or threaten/blackmail/bribe your contacts IRL, to gain access to these... then you need to stop looking at internet security forums and contact your organization's security division because both of you have a major problem on your hands.

Re:I disagree

We need a true single-sign-on solution that is easy to manage, hard to screw up and lose your identity permanently, and usable everywhere.

Sounds like a good way to create a single point of failure, or lose privacy.

Re:I disagree

[Voyager529]

What we really need is some kind of standardized identity management system-- like you know how you can sign onto various sites using either your Facebook or Google+ sign-on? Like that, but standardized. We need a true single-sign-on solution that is easy to manage, hard to screw up and lose your identity permanently, and usable everywhere.

This has been obvious for well over a decade, but we can't do it because we don't create standards anymore. For any solution, Microsoft wants to have their solution, Facebook wants theirs, Google wants to do it their own way, and Apple wants to do something different from all the rest. Each company pretty much wants a solution that will benefit themselves and screw over their competitors. None are really focused on creating the best solution for social/economic/computing progress, and if they were, it would still be impossible to get others on board. So that's the real problem. Unwillingness to create standards.

I completely agree with this - and it gets even worse: who gets trusted? SSO works in a corporate Windows domain because the answer to "who gets trusted" is "the company's internal systems...and it's the company's data anyway." Logging into the company's AD/Exchange/Sharepoint is just fine, because the systems authenticating stuff and the systems storing stuff are effectively the same.

Now on the greater internet, who do we trust? I have a friend who trusts Apple with basically everything, a friend who trusts Google with literally everything, a friend who trusts Microsoft with more of everything than not, and me, who trusts my own systems and no one else's. You own Nine-Times.com, a vBulletin forum for cat enthusiasts. You trust Google and Apple, but not Microsoft. two friends can SSO in, the other two of us can make internal accounts for the forum. Google friend owns androidfanbois.com, another vBulletin site. He allows Google's SSO. Three of us need accounts now.

So, we then do something like the US Federal Government having a standardized "internet identity", available to anyone who wants it. Well, we can forego corporate fanaticism this way, but now we've legislated digital identities and said goodbye to even the illusion of anonymity, and have a digital treasure trove of data for not only hackers and identity thieves (do you REALLY think the federal government is going to have bulletproof security on this thing?), but now you tell me that the NSA isn't tapping all of *that* "metadata", and I've got a password storage device for you. More to the point, if you google 'voyager529', you will indeed see my photo in the very first set of image results, and have a pretty good idea of who I am and what I do. I have a completely separate digital identity that is *not* tied to 'voyager529' in any sense.If the federal government gets in the online identity business, I sincerely doubt I'd get two.

We've eliminated corporate, and we've eliminated government, which leaves us with two obviously-even-worse options: self-signing and crowdsourcing. Self-signing gives us no real concept of who the person is, which is why Usenet devolved into the spam garden it is today. Requiring X number of people already joined to a website to validate that you are who you say you are turns logging into stuff into a popularity contest.

Passwords get stuck to monitors and under keyboards. Password managers are treasure troves to compromise and aren't cross compliant. Possession-based authentication (RFID card, NFC/Cell phone, etc.) makes losing your wallet ten times worse and you still need an issuing authority to oversee unique cards tied to a particular human. Biometrics are nice, but cross-device biometrics still have the problems of password managers, and having all ten fingers enrolled is a good idea, because one lapse in tomato slicing safety precautions and you won't be accessing your Gmail for a week.

No matter how we slice it, "proving that a person is the correct person on the internet" is a problem inherently

Re:I disagree

[misexistentialist]

What we really need is some kind of standardized identity management system

This is why the FDR gave us Social Security Numbers, after he invented the internet he knew we'd need them, but unfortunately humanity doesn't have the capacity to understand his plan.

Re:I disagree

[Palinchron]

What we really need is some kind of standardized identity management system-- like you know how you can sign onto various sites using either your Facebook or Google+ sign-on? Like that, but standardized. We need a true single-sign-on solution that is easy to manage, hard to screw up and lose your identity permanently, and usable everywhere.

Is there any particular reason why we shouldn't just use public key authentication as the standard authentication method to use absolutely everywhere, optionally delegated to some remote single-signon service of your choice which is not in any way visible to the service you're authenticating against? This seems like the obviously correct solution to me, but for some reason I never see it mentioned in threads about replacing passwords as an authentication scheme.

Re:I disagree

[nine-times]

Yes, that's essentially what I would suggest-- replacing passwords with a standardized public-key system. But we need to develop a system for key management whereby the keys are kept secure from attackers, while being very accessible by the authorized users, and being very difficult for authorized users to lose access accidentally.

Re:I disagree

[nine-times]

Yes, and it's brilliant the way that we've used SSNs as both an identifier and a form of authentication.

Re:I disagree

[nine-times]

Now on the greater internet, who do we trust?

You raise good points, but I think we need to take a step back from this question and ask, "What are we trusting them with?"

For example, I've long been a proponent of the idea of putting SSL certificates into signed DNS records so that we don't need to go through a certificate authority in order to use SSL on our web page. I've had people challenge me and say, "But that doesn't seem helpful. It's just a self-signed certificate!" To which, I point out that I've stuck it in my domain records, and it's verifiable from there, so it's less vulnerable to man-in-the-middle attacks. To that, I've gotten the response, "But that doesn't prove anything! If you want to prove you're really who you say you are, you need extended validation with identify verification. Otherwise your website could be fake, which means it's not absolutely secure." Again, true, but kind of missing the point.

Security is not about absolutes, but about understanding the likely attackers, the likely form of the attack, and establishing what trust to extend under what circumstances to guard against those attacks. In the case of trust, trust doesn't need to be absolute in order to accomplish the goals of security.

So going back to my example, if I create a website called "nine-times.org", create a self-signed SSL certificate and assign it to my site, then I can encrypt my traffic, preventing various kinds of easy attacks on my site and on the visitors to my site. That's a big security win, but since it's just a self-signed cert, I leave myself open to a MITM (man-in-the-middle) attack.

If, however, I put the self-signed certificate into a signed DNS record, then visitors could potentially verify my browser, preventing MITM attacks by verifying that the certificate that they've been provided is the correct certificate for the "nine-times.org" website. Now, this doesn't prove that the "nine-times.org" website is run by me. It doesn't prevent you from setting up a fake-but-similar website on "nine-times.com" and stealing my traffic. But that doesn't mean that my certificate validation isn't helpful or meaningful.

What it would mean is, when you connect to "nine-times.org" you can trust that you're actually talking to "nine-times.org", which has been verified by the person who owns that domain. That's all you're trusting that certificate validation to prove-- and that's a lot! Now, whether the "nine-times.org" website is a trustworthy site, or whether it's the site you intended to visit... that's a different issue. Sorry, I don't have as easy a method for verifying that. However, if we can establish that the site is trustworthy, as least the DNS-verified certificate would let you know that you're communicating with who you intended to communicate.

So I see this concept of identity management in a similar way. We don't actually need much trust to make it work, to prove that the identities are reputable people or even real people. We just need a method to verify that the digital identity you're dealing with is the same as the digital identity that it purports to be.

In fact, even if you wanted to use these identities for payment, you could greatly increase the security of transactions without necessarily linking the identity to a real person. You could have a method of payment where you could verify through a third-party trusted institution that "nine-times" in fact does have $[x] in an account without that institution knowing who "nine-times" is. The account could be with any kind of institution or currency, but as long as you trust that institution, you could know with cryptographic certainty that the "nine-times" you're talking to is the same "nine-times" that has possession of those funds.

Now, if you wanted to enable those digital identities to be used for legal purposes, tax purposes, passports, or something along those lines, *then* you'd need to get the Federal government involved. They would need to decide what level of authentication is required to verify that the digital identity is linked to a legal entity, but that doesn't mean that they'd necessarily have to do the identity management themselves.

Re:I disagree

[nine-times]

Yes, I'm aware of OpenID. Even if Google technically uses it, effectively they don't, because it's not treated as an open/standard protocol, but as a proprietary authentication system that is offered by Google. As you said, "no one was willing to trust a 3rd party's servers". And I don't think it's really an issue of trust. Google, Facebook, and Microsoft have all offered a form of this service, and it's always really just a ploy to wrangle you into using their services.

Re:I disagree

You can have a version of your password manager on your mobile phone, for when you need to use another computer.

Re:I disagree

[Cro+Magnon]

Yup! It would be like I used "Cro Magnon" as my slashdot pw.

Re:I disagree

[Dynedain]

The problem exactly is trusting 3rd party services.

Google, Facebook, MS may have all implemented it, but none would trust third party authentication. They all made their authentication available to website providers.

As a result, since no-one trust arbitrary unknown services, the result is the only commonly accept 3rd party auth servers are Google, Facebook, MS, twitter, etc.

OAuth, OpenID, OpenID 2.0, and any other truly distributed login systems are doomed to failure. They serve as nice protocols, but ultimately the relationships of trust between the managing entities are more important. Yes, you can run your own auth servers. No one will trust you as an individual implementer because there is fundamentally no way to differentiate you from a malicious person who can also run their own auth servers.

Re:I disagree

[nine-times]

The problem exactly is trusting 3rd party services.

My point was, it's an issue of "trust" in the technical sense of authentication, but not trust in the sense of whether something is trustworthy. Google, Microsoft, and Facebook refuse to "trust" 3rd party authentication providers, but it's not because they can't trust them. It's because they want control and leverage over their own userbase, as well as having access/control/information about other developers who might be willing to use their authentication services.

Re:I disagree

[Dynedain]

I also am talking about "trust" as in "trustworthy", not the security technical definition. I think we're saying the same thing, but I lay the blame on an inherent aspect of the system, not on the Google/MS/Facebook big players in the space.

Any site owner (be it Google or Mom's BBQ Shack) cannot accept third party authentication, without implicitly relying on whatever user creation policies that third party uses to control their audience.

If tomorrow Google suddenly opened the floodgates and said spambots could create all the Google IDs they wanted, then practically overnight you would see wholesale disabling of Google ID authentication on sites that currently use it.

The reality is that no-one other than the really big players get enough public attention to be considered trustworthy for 3rd party authentication. Allowing unrestricted third-party authentication services by definition means allowing anonymous accounts. And truly anonymous accounts are diametrically opposite from having logged-in users.

My point is that this isn't a Google/big data tracking/hate the corps issue. The point of user logins are to provide you (the site owner) controls over your userbase. If you offload your logins to 3rd parties, you are sacrificing most (if not all) of those controls.

Here's a real example - I run a site that has a private area. Users are authenticated using Facebook (because I don't want to force extra logins on them). It's cut down on the vast majority of bogus signup attempts, but only because Facebook is relatively good about preventing spambots from creating accounts. But there's no way in hell I would allow Mom's BBQ Shack to provide authentication (aka, OpenID) because I have no visibility or public evaluation on how Mom's BBQ Shack creates logins. For all I know, Mom's BBQ Shack is really just a spam king, and I just allowed spambot logins on my system.

We have a couple of great examples of truly anonymous, distributed systems, where every node is equal allowed behavior: Email and Usenet. Spam problems on both are fundamentally insolvable without breaking the systems to rely on outside methods of trust. The same applies for an authentication service. You cannot have a fully open and anonymous system, without it allowing for anonymized abuse.

Re:I disagree

[nine-times]

If tomorrow Google suddenly opened the floodgates and said spambots could create all the Google IDs they wanted

Already you completely misunderstand. Other companies wouldn't create GoogleIDs, they'd create other IDs. All Google would have to do is say, "I trust Facebook to be in charge of Facebook IDs. This user is claiming to be nine-times@facebook.com, and Facebook says that's true. Therefore, I'll trust that the user is nine-times@facebook.com, and they should have access to anything that nine-times@facebook.com is supposed to have access to."

What "nine-times@facebook.com" is supposed to have access to in Google's services is a whole other issue that Google can work out how to decide. This setup doesn't solve all problems, but it would solve a bunch of them.

The problem isn't trust. The problem is that these companies want walled gardens that they control.

Re:I disagree

[Dynedain]

No, you misunderstand me.

If I trust Google IDs, and allow people to signup to my site with Google IDs, that is a fairly good way of limiting malicious bots from signing up on my site. But I've now accepted Google's signup policies as my own.

When Google suddenly lets spammers create 1000s of IDs, my site is now vulnerable to massive automated signups. Because I have no way of identifying a legitimate Google ID user from a spam Google ID user. I have offloaded my trust to Google.

Multiply that out to an infinite number of ID providers, and it makes relying on logins for user verification a useless exercise. At that point, I need an additional channel of confirmation (hence the "2" in "2 factor authentication").

The problem isn't trust. The problem is that these companies want walled gardens that they control.

Wrong, wrong, wrong. If I don't trust Facebook or Google's account creation policies to prevent Nigerian spammers from creating spambot accounts, how in the world could I ever expect them to trust mine? It has nothing to do with a walled garden, and everything to do with trusting a 3rd party to have good policies in place.

Re:I disagree

[nine-times]

No, you misunderstand me.

No, you misunderstand. Authentication and authorization are fundamentally two different steps.

* First step, authentication: Some guy is claiming to be "Dynedain". I've checked the [certificate or password or whatever] against the [certificate authority or password has or whatever] and it checks out. Therefore, yes, I believe that this is "Dynedain".
* Second step, authorization: Now, let me look at my records to see what "Dynedain" is supposed to have access to. Is he allowed to have an account yet? Nope. He hasn't been authorized. Close the connection.

So in this case, you were authenticated, but not authorized. So Google could "trust" other servers in terms of authentication (This guy says he's "Dynedain@Slashdot.org" and "Slashdot.org" says that's true, so I'm going to believe that he is "Dynedain@Slashdot.org") without automatically trusting the user to the point of authorizing them to do anything.

If I trust Google IDs, and allow people to signup to my site with Google IDs, that is a fairly good way of limiting malicious bots from signing up on my site. But I've now accepted Google's signup policies as my own.

Yeah, see, right here, you're looking to Google to create a walled garden. You're saying, "I don't just want to trust Google's authentication, but I also want to trust that anyone who is using Google's authentication is *also* automatically authorized to have full access to my services." That's pretty much exactly what it means to have a walled garden-- creating a closed ecosystem with defined limits and restricted access to the outside world, in the hopes of creating a "safe area".

You're saying that you don't want Google to trust authentication from anywhere else because you want to trust that any authentication coming from Google is equivalent to valid authorization, which helps you prevent spambots from signing up for your service. It's not fundamentally different from saying that Google should only allow Gmail users to receive email from other Gmail users, which would prevent spam from reaching your inbox. You're not entirely wrong, but the reason it helps crack down on misuse is that walled gardens are easier to control. The higher level of control is both a good thing and a bad thing.

In the case of email and in the case of authorization, the negatives of walled gardens far outweigh the benefits. And Google knows this. They have smart people working for them. But then, they also want to push people toward using Gmail and Google+, and having a walled garden helps them accomplish that.

Re:I disagree

[Dynedain]

I understand the difference between authentication and authorization. Onsite signup provides both authentication and authorization in a single process. 3rd party signup (OpenID) can *only* provide authentication, it can never provide authorization. An additional step is required tIn this regards it's no different from shared public keys.

OpenID is more complicated for the end user to manage, AND it puts additional technical burden on them to understand. How am I (the average user, not the site admin) supposed to know my OpenID is compromised? How do I fix it? How do I know the server that provides my OpenID is compromised? Keeping track of a password phrase is fundamentally a much simpler problem for the end user. Where do you want to place more burden of responsibility? Site operators, or end users?

You're saying that you don't want Google to trust authentication from anywhere else because you want to trust that any authentication coming from Google is equivalent to valid authorization, which helps you prevent spambots from signing up for your service

No, I'm saying as a site owner, I don't want to trust authorization from just anywhere, because logged-in users are core to my service model. To make things easier on my users, I allow signups with common third party ID services, because I understand their authorization mechanisms. But now I've sacrificed my control over my users.

Fully peer-to-peer authorization (which is what OpenID provides) is effectively fully-public authorization. In which case, if it's public, why do you even need peer-to-peer authentication?

Again, we're saying the same thing about the fundamentals of the mechanism and problems. But we differ in our beliefs on the motivations. You say the failure of OpenID is malicious intent on the part of the big corporate players to create locked-in ecosystems. I say that's a side effect and the failure stems from the inherent need of a site owner (big or small) to effectively manage their userbase with minimal burden on the users.

Re:I disagree

[nine-times]

OpenID is more complicated for the end user to manage, AND it puts additional technical burden on them to understand.

This is a dramatic shift in your argument. I don't want to start a whole new argument at this point, but in short, I would admit that OpenID as it stands is not a good/complete solution. I would only argue that the industry should be working together to develop a better solution, either by improving OpenID dramatically or developing a replacement that works better. I've argued in the past that such a solution should not merely provide SSO, but also include a more complete form of "identity management".

But now I've sacrificed my control over my users.

So again, you want a walled garden. Walled gardens are all well and good until you want to do something that falls outside the wall, or if you disagree with the gardener.

You say the failure of OpenID is malicious intent on the part of the big corporate players to create locked-in ecosystems.

Not malicious. More like "not benevolent". They aren't working toward a better solution that would be beneficial to us all, improving the way the Internet works. They aren't working on a superior technical solution that can work as a model for the future. They're working toward their own business interests, which includes corralling people into their walled gardens and locking them in. The shepherd isn't malicious towards the health of his sheep, but his intention is to slaughter them for meat.

Re:I disagree

[Rich0]

Honestly, I really wish the US Government would just issue national IDs, including an electronic component with a standardized interface (cheap enough to be deployed to any PC, and usable for remote applications in a secure way). This would make identity theft nearly impossible (or at least much easier to clean up after-the-fact), and kill off many social engineering attacks and the need for passwords in general.

The usual fear is that a US government ID would create some kind of big brother system. The thing is, we already have that - the US doesn't need an ID to identify everybody, since they operate on such a large scale they can just scan every yearbook, facebook account, email, security camera, etc to identify everybody all the time. They undoubtedly assign a unique ID to every person they identify, so they basically have that government ID system already, and we get to suffer all the downsides of that. What we don't get to experience are any of the upsides, since while the US government might be able to tell who I am while posting this, nobody else can.

There is also no reason that a government ID couldn't be used in a semi-anonymous manner. When I authenticate to slashdot they could give slashdot a unique identifier for me which is traceable to me upon issuance of a warrant, but which is different from the ID they issue for any other website. That means nobody else can log in as me to Slashdot, and I don't need any slashdot-specific credentials, but I can still be a pseudonym as far as Slashdot is concerned (but I can only create a single account). We could even allow somebody to have multiple IDs for a single domain all traceable to the same real person (with a warrant). Obviously there needs to be a lot of policy around who can insist on having a real identity vs a pseudo-one, or when somebody is allowed to have sock-puppets, etc.

Probie.

he must have missed that class in school.

Seems flawed, but what do I know?

[pavera]

It seems to me the most likely machine to be compromised is probably a user desktop. Servers and web services can implement pretty effective countermeasures against brute force attacks (3 tries and you're done for an hour, 5 tries and you're done forever). Not to mention multi-factor authentication.

Putting all of your passwords no matter how complex on a windows 7 desktop with a single (easy to remember, easy for computer to guess) password, which can be trivially retrieved with a keylogger seems like completely broken security to me. One zero day in IE, keylogger installed, access to all user passwords for all sites granted.

You're literally a single hack away from having bank accounts, social media, email, everything hacked. Or am I wrong somehow about password managers/keyloggers?

Re:Seems flawed, but what do I know?

[goulo]

If you're worried that your computer is unsafe and surreptitiously keylogging, then you shouldn't even read your email from that computer anyway, since your email account will typically give access to all that other stuff too.

Re:Seems flawed, but what do I know?

[craighansen]

Nope. You got it first try.

Re:Seems flawed, but what do I know?

The moderately paranoid use a password manager which pops up a keyboard on the screen so you can enter the master password via mouse clicks rather than a potentially hacked keyboard.

The seriously paranoid don't keep their passwords in a password manager on the machine they're using for access, and use two-factor authentication.

The truly paranoid don't use this stuff at all and live in a Faraday cage.

Re:Seems flawed, but what do I know?

The encryption on the password database can use many many more rounds of encryption than a web server can as consuming a second or more of CPU to decrypt is not a problem on a single user device that isn't attempting to service hundreds, thousands or tens of thousands of hits per second.

If someone gets hold of your keepass database, brute forcing it is much more difficult, they'll effectively only be able to make one attempt or some other small number per second, rather than millions or billions per second against your typical website's password hash.

Re:Seems flawed, but what do I know?

[Blaskowicz]

indeed my bank uses a "keyboard" popup with randomized keys. It's only digits though and not many of them.

two form

[Twillerror]

Two form authentication is the real solution. Given enough time and computing people will break your hashed password. Heck with the oncoming quantum computers who knows if they will be secure at all.

Oh and heres an idea. Why don't we do a much better job of protecting the hashes in the first place. Encrypted the hash so a simple sql inject only returns even harder to see data. Put the data in another table. Use a stored procedures ( I know *GASP* ) to only allow one password hash to be retrieved at once. Use database schema permissions ( if available ) to make select password_hashed from hashes not allowed by the front end server.

I think honestly we hashed the password and then rubbed our hands together and patted each other on the back.

Information Theoretic password strength meter

[Jizzbug]

Somewhere along the line, about when Fedora's Anaconda installer UI was redesigned, Fedora introduced an information theoretic password strength meter that measures apparent bits of randomness.

Here it is in use in the Anaconda source: https://git.fedorahosted.org/cgit/anaconda.git/tree/pyanaconda/users.py#n130

Here is its official site: https://fedorahosted.org/libpwquality/

It would appear this information theoretic meter has made its way into Ubuntu and Arch.

lost password process as an attack vector

[roc97007]

Even with the best password, memorized or securely stored doesn't protect you against a password recovery process that's improperly engineered. Often an institution, even a BANK, will give you as a recovery password a choice from perhaps six possibilities, any of which can be divined from publicly available information or a little social engineering. Your password may be q4ot38yhewa;okl, but your password recovery phrase will be the street you lived on in high school or the name of your first dog. This is not secure.

And don't even get me STARTED about pin code security. When I set up my AmEx corporate card, the phone menu suggested strongly that I use digits that are easy to remember, like my mother's birthday. Ignoring the directions and entering a random code, I got rejected because my pin WASN'T A VALID DATE. I called tech support, told the tech monkey the error I was getting and he immediately said that I was to set it to my mother's birthday. I said I didn't want to use something that would so easily be discovered, and he seemed nonplussed. He had to consult with a supervisor. They eventually decided that I could use a random number, but I had to tell him the number over the phone so he could override the menu's requirements to use a valid date. This was AMEX!

Back to the lost password process, I give random strings as answers to the challenge questions, but I figure eventually banks won't let me use strings that aren't a valid dog's name or a listed street name in my home town.

I know why they do this -- it cuts down on service calls to require shlubs to use passwords that are easy for them to remember. But geeze... I foresee a time when we'll all be required to use the common name for an eating implement. Everyone will choose "spoon". The institution will be able to cut customer support back to one person in north-eastern Poland. Or perhaps they already have.

(I use Poland not to denigrate the Poles, but because a company I do business with was quite proud of the low low DL price they got for customer support hotline personnel in eastern Poland. To cover North American accounts. Because that makes sense. Really.)

Re:lost password process as an attack vector

[TapeCutter]

" your password recovery phrase will be the street you lived on in high school or the name of your first dog. This is not secure" if the email account it sends the password to has already been compromised.

Re:lost password process as an attack vector

[roc97007]

" your password recovery phrase will be the street you lived on in high school or the name of your first dog. This is not secure" if the email account it sends the password to has already been compromised.

So you use a secure random string for your email (I do) and they also have a password recovery system that's easy to social engineer. And if you're lucky that only goes to another email (rinse, repeat) or to a text on your cell phone... See today's /. article on cell phones being hacked.

Re:lost password process as an attack vector

[gewalker]

You can use email distribution of reset passwords at least a little intelligently. Make the reset password expire soon and make it a single use password so password sent via email immediately expires when first used.

Low cost support of users is important to companies too. Email based password resets are very cheap.

Re:lost password process as an attack vector

This is not secure.

Sure it is.

My first car was your mom, and my favorite animal is a head of lettuce.

Re:lost password process as an attack vector

I do the same thing.
I fill in BS answers in the security questions.
It bit me in the ass though, since I lost my password for paypal and I can't seem to close the account without it.
Oh well, it's not connected to any of my real accounts and it has all of 3 cents in it, so I don't really care.

Re:lost password process as an attack vector

[roc97007]

This is not secure.

Sure it is.

My first car was your mom, and my favorite animal is a head of lettuce.

I do that too, with even more obscure answers, but let's face it; most people will answer the questions honestly.

Re:lost password process as an attack vector

[roc97007]

This is why a password keeper is a good thing to have. Something with really good encryption.

Re:lost password process as an attack vector

The company using support in Poland, begins with A and ends with S?

Re:lost password process as an attack vector

[jittles]

Even with the best password, memorized or securely stored doesn't protect you against a password recovery process that's improperly engineered. Often an institution, even a BANK, will give you as a recovery password a choice from perhaps six possibilities, any of which can be divined from publicly available information or a little social engineering. Your password may be q4ot38yhewa;okl, but your password recovery phrase will be the street you lived on in high school or the name of your first dog. This is not secure.

No one says you have to be honest about these answers. I never put the correct answer for those questions, but have a list of fake answers that vary based on the question. Granted, if someone were to figure out one of my fake answers, they may be able to reuse that on another site, but at least they can't log into ancestry.com or look on something like an intellisus report to get my info!

Fun facts about security

[WillAffleckUW]

1. Security is really about perception, and perceived barriers to entry.

2. Overly complex passwords end up being written down. Great if you already have secure locations that are difficult to access, bad if you have many public entries.

3. Sadly, MSFT was right about Security through Obscurity. The less visible a resource and entrances are, the less likely people are to try to hack them. The more boring, the better.

4. The most effective way to defeat security is through human social engineering. Every time. Without fail.

5. see 4.

6. But password encryption rules! see 4.

7. The greatest number of security breaches has always been through portable devices not secured properly and physically stolen or borrowed. Laptops, cell phones, those all have Internet. There's your most likely security breach.

8. See 7.

9. If you're worried about the NSA CSIS or other agencies, you're wasting your time. They're already in your systems. But they're stupid, and have no idea about old school WW II and thereabouts tradecraft. Use that. It will drive them insane.

10. Most security methods from WW II are still useable. Dazzle paint still defeats human facial recognition. Ministry of silly walks still defeats pattern analysis of human following on security vids. Really. Kind of surprising, but true. Mostly because modern intel agencies are too stupid.

Bang for buck

[Hotawa+Hawk-eye]

If 500 people each use the "correct horse battery staple" approach to generating pass phrases, then an attacker who wants to compromise 5 of those 500 accounts is going to have to break 5 passwords.

If 500 people each use the same password manager, then an attacker who wants to compromise 5 of those 500 accounts needs to break just one security mechanism -- the password manager itself. In addition, that attacker may have help in doing so, from all the other attackers that want to compromise a different set of 5 accounts from that group of 500.

If the security for that password manager is sufficiently stronger than the security of those pass phrases (think Fort Knox versus your local bank branch) then attacking the individual accounts will be easier. But if the password manager's security has a vulnerability (a back door into Fort Knox, manned by a guard who's just two days away from retirement) then that leaves not just one person vulnerable, but all 500.

Re:Bang for buck

[umghhh]

Quite a few intelligent posts here this time. Bit shocked really - is this still /. ???

But I digress - the point here is this: once you fix the security of primary access you will find out that password recovery is shit, one you fix this you will find out that the password DB of the site was at the same time not properly hashed and not properly protected from theft. One you fix this you will notice that your device is compromised, your 'yellow stickers' with pwd to password manager have been seen by evil person (wife?) and somebody compromised not only the reader of your chip card but also the they eavesdropped pin of that. Then we find out what the best way of the authentication and authorization are - NSA, IS and other friends will use it to track you in a perfect way.

To me it looks like lose-lose situation and one that thanx to galloping technology and 'user friendliness' is getting worse as we speak.

randal munroe is still right.,

[nimbius]

1) Choosing a password should be something you do very infrequently.

horse battery type passwords encourage this by making the password relateable as well as affording excellent bruteforce protection. Bruteforce accounts for most password compromises outside of data breeches, which ultimately serve as a direct path toward and a source from which additional attacks can be performed.

2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.

yes but this is infrequent and has little to do with password structure. in the article the NSA is sighted, but thats not exactly how they work. Youre more likely to have a secret court order Google to cough up your data, not your password. Your computer password on the other hand would be demanded at penalty of spending the rest of your life in contempt of court or guilty by default. either way they win.

3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.

I would argue the question is whether this password has ever been compromised or the breadth to which it is used online. more exposure means a greater chance of compromise. horse battery tries to get people to think creatively to avoid duplication however its not perfect.

4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords.

absolutely. this and two-factor, which is mentioned in the article, are critical steps in ensuring online services and applications encourage strong passwords. I think the attacks on horse-battery passwords are unmerited, and ultimately irrelevant once paired in a two-factor environment with a private or yubikey solution. intelligent service responses to bruteforce attempts, RBL's that blackhole compromised machines and subnets, and application support for longer than 8 character passwords are also important.

He's right

[roc97007]

I used "Correct Horse Battery Staple" as my credit union password and was hacked almost immediately. As was nearly every geek I know who works here. So clearly he's right.

!news - password security is already known

[Sigma+7]

1) Choosing a password should be something you do very infrequently.

Choosing a password should only need to be done once per site, not "infrequently".

2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.

Passwords are generally leaked because someone either got the list of passwords, tricked the user into entering the password on the wrong area (e.g as with any phishing site), .extracted them from a local store on the person's hardrive because Firefox still doesn't auto-block random plugins be default, or used the rubber-hose decryption algorithm.

3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.

So, don't use a single password that appears on a dictionary attack. Trivial.

4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."

It's moot when the various websites come up with inconsistent password types, where your randomly generated password is rejected because it didn't happen to include a capital letter (even though it contains a punctuation mark), is rejected because it contains punctuation, is rejected because it's too long, etc.

Disallowing common passwords is as easy as downloading a list of common passwords and refusing anything with an exact match. If you have free extended strings, there's more than enough variation to kill anything statistical, leaving only the dumb users that pick something obvious that most sheeple do.

Better password

[Simonetta]

I suggest that you use the initials of all the people that you had crushes on when you were in middle school. You won't forget them, and brute-force cracking software is unlikely to detect your password.

  For example, if you had crushes on Carly, Janis, Gina, Wanda, Jane, Janet, Joan, Julie, Sally, Cindy, Alice, and Farah, then your general password would be: cjgwjjjjscaf. Which is a wonderful password. [You can't help it: you're a hopeless romantic.]

Unfortunately, nitwit system admins are requiring people use passwords with numbers and "special characters".
Which brings us to the number one rule of passwords: Always Let The User Pick Their Own Password!
Rule number two: Never force anyone to change their password if they don't want to!

If you are serious about having unbreakable passwords, then forget all this number and special character nonsense and allow backspace to be a character in the password that your user chooses.

One more thing. If you're not guarding hydrogen bombs, then you don't really need hydrogen-bomb-level password security. You don't minimum 10 unique_characters_plus_numbers_and_special_character passwords for your kitten video website.

Wow, nice.

Did you know that slashdot makes star`s if you write your password in your post? Mine is ********

Re:Wow, nice.

[unique_parrot]

Did you know that slashdot makes star`s if you write your password in your post? Mine is ********

awesome *********.

Re:1) Choosing a password should be something you

[Moof123]

This. Far better than having us change our passwords often would be to display a short logfile at my first morning login of all recent login attempts (24 hours mid-week, 72 hours on Monday morning.). If I saw anything odd i could nip it in the bud. The 60-90 day routine just causes bad practices.

Compound frequency that with an obnoxious policy for maximum length, random characters, and so on and I'll tend to either keep hint on a sticky (say FB1 for FuBar1), or just cycle through a trailing unique number (FuBar2 for the next one, for example). Stupid policies have lead to stupid behavior, and frankly it is getting hard to feel bad about it.

What gets me is that most companies have RFID cards in or with their badges, why not stick a reader on every machine? Almost ANY password that required you to swipe your badge before entering it would be vastly better than almost any password on its own.

The problem has gotten bad enough that it sure feels like something is going to give soon and we might soon enter a post password world.

yea no

[Charliemopps]

Bullshit... this guy is working in some fantasy world separated from reality.
Anecdotal example: I used to work for AT&T back in the 90s. They wanted to improve the security of an application so they changed the password requirements and had it require a 30 character pass phrase that included capitals, lower case, numbers, special symbols, no numbers could repeat, etc... The result? Everyone had a posit note with their password stuck to their monitor within a week.

All of your security measures are meaningless if no-one follows them. There was no way in hell we were going to remember our 30 character password without writing it down.
Password safe huh? And how do I log onto the computer in the first place? Or remember the password for the password safe? I need 2 passwords just to get into the safe! I have to pick a less secure password to protect the thing I keep all my passwords in?!?!

6 to 8 characters
make us change it every 90 days
Special characters don't matter
4 attempt lockout
done

If they can guess your password in 4 attempts, they know your god damned password.

Re:yea no

90 days is good. But it's insane to make passwords short. Demand 12 chars and advise on reasonable pass-phrases. (I have never been to a class at any employer where reasonable password safety was preached. I've gotten lots of "Pick some words and 733t them up. Make it exactly 8 chars." but never been told pick something which is conveniet, makes sense to you, with several words at least one which is not spelled right." Or anything else which made sense.)

Fire people with post-its on the monitor after one official warning. If they can't make up a phrase they can remember, and can't take security at all seriously, you don't want them at your company.

Re:yea no

[Charliemopps]

No, you're wrong.

If 4 attempts = account lockout.
Even if your password is only 1 alphanumeric character, there are 52 possible answers (upper and lower case)
So your probobility on 1 attempt is 0.019 (1.9%)
Given 4 attempts, if my binomial equations correct (and its been years since I've done this so...) your chances of guessing a 1 character password before account lockout is 7%
That's ONE character.

Yes, if there is no brute force protection... ok, you need a long complex password. And I'd not recommend a single character password. The fact of the matter is the attacker could try it once a week until they got it. But by the time you get to a 6+ character password? There's no way... Again, this assumes you have basic forms of security on your site. If you're relying on the password alone to protect you then you have bigger problems than the length of peoples passwords. (i.e. if someone can try and brute force 10,000 accounts a minute and you wont notice they'll eventually get one by shear luck.)

Re:yea no

[RuffMasterD]

Our Computer Science department does that here. Very Long password, numbers, lower-case, upper-case, symbols, dissimilar to previous passwords... I end up writing long sentences on a piece of paper, even just to remember it long enough to enter it a second time. If it's not random enough then the system rejects it and I write another sentence and try again.

Sure enough, next time I try to login I enter the wrong sentence, get the character case wrong and max out my failed attempts, or simply don't have the paper with me. Then I go to the helpdesk and they give me a shiny new (SHORT!) password, on a sticky note. Every single time! Something is seriously broken when the quickest and simplest way to log into my student account is to ask for a password reset each time.

Re:yea no

You have totally not taken into account offline password hash cracking. your 6-8 character password will be brute forced within a couple of days. THe encryption on the password database doesn't have to service millions of hits per day so it can be slower and more complex than a password hash. TLDR: you don't know what you're talking about.

Which password manager by the way?

[thetagger]

So, which password manager do you use that is open source, safe, works on Linux, does not rely on or expose your secrets to a centralize party?

Re:Which password manager by the way?

KeePassX? Or was the question meant to be rhetorical? :-)

Re:Which password manager by the way?

KeePass

Re:Which password manager by the way?

[slacker001]

KeePassX

Anti-Captcha

[mbone]

There are now lists of millions of stolen passwords, and frankly none of them are safe. Why shouldn't someone set up a password security app (like captcha, but in reverse) so that a large web site could

- download a large stolen password list (even 1 billion would only be a few GBytes)
- checks (a salted hash) of your password against the list (say, salts changed every day or hour or...) and
- if yours is on the list, tells you to do better

It seems this would be much safer than just having some app that counts punctuation characters and tells you your password is strong if it has more than 3.

Re:Anti-Captcha

Very reasonable. Here's how to make this happen: Sue someone for not doing it. Legal will force everyone to do it overnight.

XKCD for me

[Cheirdal]

I disagree with the author that the XKCD method isn't a good one. The XKCD comic presented the idea of using 4 completely unrelated words, but the author used a four word example using a sentence. His main issue seems to be that people are too stupid to remember multiple username/password combinations for multiple sites.

Give me a civilian CAC already

[Camel+Pilot]

Why haven't we moved to using smart cards to access important sites like on-line banking? A smart certificate card + pin provides much better security.

Stay Away From Single Points of Failure

[NotSanguine]

Assumptions:
1. People aren't very good at choosing hard-to-guess passwords
2. Complexity (Case, numerics, special characters) don't significantly add to entropy
3. Password managers can create and store high-entropy passwords
4. Password managers must be secured with extremely strong, crack resistant passwords
5. People need to set the passwords for (4). See (1) above

And there's the rub with TFA's assertion that password managers are the band-aid to help us past the era of passwords. If we can educate people to create strong, memorable passwords/passphrases for the password manager, then people can do the same for other passwords. Which makes a password manager redundant.

If we cannot educate people to create strong, memorable passwords, then the likelihood is that password manager passwords will be just as weak as those the TFA is decrying, rendering password managers just one big target.

And since a password manager presumably contains lots of passwords for a variety of logins (including sensitive accounts), it becomes a much better target (especially when you can steal the password DB and perform offline cracking activities) than trying to crack passwords online.

The author of TFA is correct that there are issues with passwords, but his recommendation is poorly thought out and might be even more hazardous than the problem it purports to mitigate.

Re:Stay Away From Single Points of Failure

[Shados]

The password manager only needs 1 password, and the file could be anywhere (ie: different people will keep them in different places), making mass harvesting tricky. And you have to get to the file in the first place (ok, if everyone puts in on iCloud we're back to square 1...)

Getting people to create 1 strong password, and use the manager for the others is one thing.

Getting people to do it 50-100(!!!) times and remember all of them, for all the accounts and services people have to manage in 2014, is insane and won't happen.

I agree its definately an half solution, but its better than the alternative. The password could be biometric too, solving part of the issue.

IMO the biggest problem left is input of long, complex password. Typing out an extremely long password on systems where I can't copy paste (ie: my TV or on home appliances) is crazy.

Passwords are too hard.

[Shados]

I use keypass for my passwords. The thing is, as is well known, a huge attack vector is to compromise a service provider (let say Sony or Adobe), get a password database, then go and find all users who used the same password everywhere. I can have the strongest password EVAR!~, if I use it more than once, and someone who stored it improperly gets hacked, its over (thus why the moment a new MMO comes out, a bazillion people get hacked, because their account infos are in every password database available as torrents).

So that means, obviously, you need 1 password per service. Now, looking at my keypass file right now, and including "family" passwords (ie: accounts both myself and my wife need access to), I have _123_ distinct accounts. Some of them include stuff like my router's password, so let say I have 100~ passwords for 3rd party services.

100. A hundred fucking different passwords. These are just the ones I have needed in the last 1-2 months, from services like Hulu and Slashdot, to my town's website to pay taxes, going by banks for every one of my credit cards, and everything in between. It adds up.

No normal human being will be able to efficiently manage this amount of accounts and keep them all secure, keep up with which one recently got hacked to replace passwords, etc. The password managers are too complex for the average joe.

Want to make it worse? When I want to enter a password on my Nest thermostat, it takes fucking forever. Include a mistake or two and i just spent 15 minutes entering a semi-secure password. The Funimation channel makes me do the same thing on my TV. Its just insane.

So what does the average Joe without patience do? Of course, their password is now ABCD123. DONE.

Passwords are a flawed security mechanism, its just easy to implement. We need a new one.

Ugh blowhard city

[TheCarp]

I agree with this guy mostly, except in his assessment of the advice. The xkcd in question is very good advice for the times when you need to choose a password, and makes the case for why itself, I have nothing more to add to the comic than what it says on that topic.

Where I see this article as wrong is that it misses that xkcd is telling us how and why to use that method. It does not even attempt to address the point this guy is trying to make, which, is entirely different.

Yes, less passwords good.... password manager to replace passwords with random keys and protect them with a single good password....yes very good. Good advice but....you still need to choose a password for your fucking password manager.... leaving you right back where you started.

He failed to even address the point of the xkcd comic and instead is calling it wrong in order to make an entirely unrelated point. Perhaps because without mentioning xkcd, nobody would listen to his rather banal points that others have made before?

Re:Ugh blowhard city

[ysth]

He not only makes the unrelated point, but then goes on with nonsense about when you do need to choose a password:

Even if we entertained the XKCD comic and started training users to select four random words...[w]hat is there to prevent âoeletmeinfacebookâ from being the new most common four word password for Facebook accounts?

Bzzzt. Failure to understand the meaning of the word "random" rules you out as an authority on passwords.

Re:Ugh blowhard city

[weiserfireman]

I agree with his contention that we need to start teaching people about password managers.

I have been using one for 2 years, my wife just found out last week. She was furious. She struggles with trying to come up with good passwords all the time. Based on past experience, she does come up with good ones. The last one I know about is 13 characters long.

Password managers make the process of having a different password for every website trivial. Some of them will generate random usernames too.

Mine generates 10 character passwords, by default. Capitalization, Symbols, Numbers and lower case randomly throughout.

Re:Ugh blowhard city

[TheCarp]

> I have been using one for 2 years, my wife just found out last week. She was furious.
> She struggles with trying to come up with good passwords all the time. Based on past
> experience, she does come up with good ones. The last one I know about is 13
> characters long.

I talked my wife into trying one out, and she setup keepass. It is really unfortunate it doesn't set auto save on every change as a default option in the config because she changed every password she had one night, went to bed without saving, and had windows updates reboot her computer in the night.

The morning was not a happy time. She spent much of the next day resetting passwords.

It was about 2 years before she was willing to try again.

Strong passwords are irrelevant

[Aethedor]

Having a strong password is not really relevant. If it complies to the basic rules of password strength, it's good enough. Because cybercriminals will not try to guess or crack your password. They'll hack the server or your computer, probably via malware or an exploit. What's more important is: did the website developer stored the password in a secure way and did you use a different password for every website?

Password managers

[Faux_Pseudo]

After Heartbleed I brought up my password manager and changed 140 passwords in a few hours. If it wasn't for my password manager I would have never even known I had 140 passwords to change.
These things are amazing. Randomized passwords for all my accounts. In the event of a catastrophic failure all I have to do is remember three passwords to get everything back. My email password. my cloud password and the password to the encrypted db of passwords. As a person who deals every day with people who "don't even remember setting a password for that" I wish more people used these.

Need a Hardware Wall

[Tablizer]

I don't understand why passwords are not stored on a hardware device that limits the frequency of confirmation requests to only what's needed through hardware. If you put the passwords on regular disks, then somebody can copy them and run brute-force guess-A-trons on them.

Have 2 run in parallel so you have a spare.

Re:Need a Hardware Wall

[dog77]

A secure device solution is what I want too, but before it can be effective, an open standard for authentication needs to be established. An open authentication standard that allows authentication to be securily proxied to the dedicated security device (or whatever security manager you want to use). Without a secure authentication protocol, the authentication material will still be vulnerable to a corrupt application getting at the authentication material.

You could go as far as proxying the entire secure connection through the security device, but I would still securily tunnel the authentication protocol inside the encrypted TLS/SSL connection rather than combine them in a pure TLS/SSL solution for various reasons.

Evolution Of Passwords

[Tablizer]

1978:

  password

1983: Rule: Don't use 'password', too common.

  passgas

1990: Rule: Must contain at least one digit

  passgas7

1995: Rule: Must contain mixed case

  Passgas7

1999: Rule: Must contain at least one punctuation character

  Passgas7&

2004: Rule: Must change every 2 months

  Passgas7& ... Passgas8* ... Passgas9( ... Passgas1! ...

2015: Rule: Must be at least 20 characters long

  Passgas711111111111$ ... Passgas177777777777$ ...

2017: Rule: Can't use any patterns guessable by AI

  Oh f$ck it, just hack me already, dammit @666

(Courtesy c2 wiki)

Re: Evolution Of Passwords

Most of our users are stuck in 1978 then. Don't forget the 1970 ATM - 1111

Can you trust the password manager?

[HeckRuler]

Ok, so he wants people to use a password manager. That's not that crazy. A viable alternative for the general populace.

But for me? I need to log into stuff from all over the place, so the manager has to live out on the net. It can't reside safely in my own semi-trusted computer. I need to log into stuff from my computer, my phone, work, occasionally a friend's computer. Not all scenarios are completely trust-worthy and I REALLY don't want to enter the same password I use for throw-away sites as the one I use to aid and abet ISIS durka durka muhamed jihad. I mean my porn. I mean my bad twilight fanfic. I mean my completely innocuous twilight-ISIS crossover fanfic with pornographic tendencies.

Anyway, do you REALLY think that everyone is going to choose the high road like Lavabits? Even Lastpass's corporate overlord, Marvasol, is based in Virginia. And I've no doubt that they've received a visit and a gag order from a three letter agency.

Re:Can you trust the password manager?

[Shados]

You can have something like Keypass on a dropbox account (or on your own server, ownCloud or whatever), then sync it on your mobile device and access it from there. If you lose the phone or dropbox gets hacked, someone can get your file...then they can start having fun brute forcing your ONE strong password you actually remember for the next 15 years, at which point you probably reset all the passwords anyway.

The main issue there is the input method. If you have it on your phone, you need to look the password and enter it. Entering a randomly generated 20 character password with your TV remote is something directly from hell. Even doing it with a keyboard is NOT fun.

Re:Can you trust the password manager?

[Blaskowicz]

And if you can't copy-paste or scp it or whatever.. time to carry a pen or pencil at all times, write the password for further entry on a little piece of paper and then eat the piece of paper when done.

Sorry

[saikou]

"You can't use PasswordABC as your password, because user Smith15 already uses it as a password"
Oh wait :P

NSA approved password manager

The LAST thing I want is some NEW binary that I type my password into. Sounds like a one-stop-ownyface shop.

And email addresses as usernames is good?

I'd rather have a random string for both my username AND password. It would be much harder to guess someone's account.

Good article, weak summary

Which then means that if their password manager is compromised they're completely fucked.

Where does one get a password manager again?

Not a good solution

[clgoh]

There's at least 1: lastpass.

https://lastpass.com/how-it-wo...

Someone

[mynamestolen]

stole my last /. pw. Prolly one of those crazy young American sexist pigs that like to hang out here.

I intentionally use poor passwords

[FeelGood314]

If I don't give a shit about a website that wants me to log into it I'm not going to create and memorize a new password. Most site administrators need a little more humility. Your site is not important enough to me for me to go to the trouble of creating a new password. If your site is mildly interesting I will use a common password that I use on all mildly interesting sites. Unless your password policies piss me off. Then the password will be P@ssword123. For the 4 or 5 sites that it would cause me personal pain or monetary loss if I was impersonated I will use 4 or 5 random words. I will use those 4 or 5 words all lower case and with no spaces or punctuation because that makes it easier for me to remember. For these sites I will also disable any kind of alternate password retrieval. I don't think it's that hard to figure out my mother's maiden name, my city of birth or my first public school.

Use more words

[morgauxo]

Use a seven or eight word password made from common words. Actually, just make it a sentence. That will make it much easier to remember. So the password crackers can 'limit' their search to valid words. So what? If you had a seven character password of random, hard to guess characters a password guessing script would have to get seven positions correct with about 70 or so possible characters for each position. If you had seven words AND even if the password guessing script was written to expect words it would stil have seven positions to guess. With how many possibilities per position? How big is the dictionary?

Can we please stop supporting these "license plate" passwords already. They are just a pain in the ass.

Oh, and password managers? Really? So you can spend all that time making separate passwords for every place you need them just to place them all behind one password that gives an attacker the keys to everything. Yup, that makes a lot of sense!

Number of Passwords / Sites Risk

[retroworks]

"The fact is that the number of passwords you should memorize is pretty small..." ...Says the author. I mostly agree with him but feel that any password is as weak as the weakest internal security of the weakest site you use it on. It drives me nuts when coworkers use a complex password on a news site or to register to leave a comment somewhere. Unless you know all the employees at Slashdot, /. should be the weakest password you use. What, someone's gonna steal your mod points? The use of complex passwords on low risk sites confuses users who, when they forget their passwords, wind up "guessing" important passwords onto weak sites.

And you're screwed

When your password manager is compromised and all of your passwords are now available.

What an idiot.

System generated passwords

[fulldecent]

Why even let the users choose passwords? Just have the system run UUID() and give them the result. That is their password. Can't remember it? Click here to have it sent to your email address again.

Only addresses one side of the equation...

[TemporalBeing]

Password security is only partially maintained through what the user does.

If you care about password security you also have to think about the server-side. And there we are doing things that are also just as bad as passwords are often stored using a single encryption algorithm if they are encrypted at all; and often that algorithm is a simple MD5 or SHA1 hash of the password.

In addressing the server-side, we must also make things more variable by introducing settings that the server administrators set. The password is split according to the rules with each part passed through different algorithms, and the results merged using rules as well. One part of the password might pass through scrrypt, while another may pass through SHA512, and only portions used to get what is stored on disk.

Myanmar Shave

[tepples]

If these signs
Were here today
The final one
Would likely say
Myanmar Shave

OpenID and OAuth

[Foresto]

"We do, it's called Open ID, which is what Google leverages for their single-signon (not sure if FB is their own solution or not). It was a really popular thing about 5-10 years ago and got a ton of attention. I think even MS enabled it."

OpenID 2.0 accomplished something very cool: allowing a user to use any ID provider for authentication on any compatible web site, even if the two sites had never heard of one another. Unfortunately, it has two major problems:

• It's too complex to easily implement. This became less of a problem once OpenID libraries like Janrain's emerged, but there are still subtle details left up to website developers to get right, and since many of them don't bother, a lot of sites that supposedly accept OpenID actually fail with some providers.
• Perhaps more importantly, the URL-based IDs are not user-friendly enough for non-geeks. Several high-profile sites tried to solve this problem by replacing* the OpenID URL input box with a simple button for each well-known provider, but that meant limiting the user's choices of provider. At that point, the distinguishing feature of OpenID was lost, so lots of sites chose the simpler-to-implement OAuth 2 instead. The Login with Facebook service is one of them. Even Google eventually deprecated their OpenID service.

In my opinion, the issue of relying parties not trusting someone else as an identity provider was not such a big deal; certainly not enough to have killed OpenID. For every such distrustful site, there are dozens more simple web forums and the like that would be happy to get rid of their password database.

*stackexchange is a notable exception; they still offer the input box if you click a link.

Re:OpenID and OAuth

[Dynedain]

Nope, still the same problem. Very few sites (even tiny web forums and such) are willing to trust arbitrary 3rd party. Google and FB, sure, because they are so big and a known entity, but not an arbitrary 3rd party.

Remote 3rd party authorization solves only on piece of the problem that onsite auth solves: confirming user login to an existing account. There are other problems, like ensuring unique, non-spam/bot users, that can't be done with remote authentication unless you trust the policies of the remote autnenticator.

If tomorrow Google suddenly opened the floodgates and said spambots could create all the Google IDs they wanted, then practically overnight you would see wholesale disabling of Google ID authentication.

OAuth, OpenID, OpenID 2.0, and any other truly distributed login systems are doomed to failure. They serve as nice protocols, but ultimately the relationships of trust between the managing entities are more important. Yes, you can run your own auth servers. No one will trust you as an individual implementer because there is fundamentally no way to differentiate you from a malicious person who can also run their own auth servers.

Re:OpenID and OAuth

[Foresto]

"Very few sites (even tiny web forums and such) are willing to trust arbitrary 3rd party."

Those sites wouldn't be trusting a third party; they would be trusting the user. Specifically, they would be trusting the user not to delegate his identity to an impostor-friendly provider, just as they are now trusting the user not to re-use his password on any site that will some day have a database leak or cleartext login form. Anyone who thinks his onsite auth buys him greater security than OpenID either has some magic way to force people into choosing unique passwords, or is sadly mistaken. I'll let you guess which is more likely. :)

I'm curious where you got the "very few" metric. Anecdotal evidence? A study with a large and diverse sample size? If you have some study results, I'd like to bookmark them. I guess it would just go to show that very few admins have a good understanding of overall security.

"There are other problems, like ensuring unique, non-spam/bot users, that can't be done with remote authentication"

Local password authentication can't solve those problems either. Bot and spam problems are solved by other means, like captchas and request rate throttles. Sane sites do this when an account is created, not every time a known-good user wants to log in. Some really careful sites take additional steps during login (like click/request/response timing), but those steps are invisible to the user and can be applied regardless of whether a local password is used.

Re:OpenID and OAuth

[Dynedain]

So your answer is "trust the user". Basic security and site administration tells you "don't trust the user".

My "very few" comment comes from this. You cannot trust the user. Widespread OpenID (or any similar system) effectively devolves into peer-to-peer authentication. This can be a good thing, for limited scenarios. But widespread adoption would require many services to fundamentally change what their service offers, not just how they authenticate.

Re:OpenID and OAuth

[Foresto]

So your answer is "trust the user".

No, my answer is that we are already trusting the user, a password authentication system cannot ever be more secure than that trust, and neither system can solve the problems upon which you based your assertion.

That's okay. I don't need to draw this out any further. I just wanted to unerstand how you came to your conclusion, and now I believe I do.

Good passwords are everywhere.

[140Mandak262Jamuna]

Just look at the usernames in slashdot. They all make very good passwords. Take my username, please. It is a damn good password. If I can casually waste it as user id, imagine how many more goodies where it came from. 263Bhaskar 264Kuppa 261Shyam 260Thomas 259Raghu 258Siva ... Passwords just make themselves...

XKCD 936 most of addresses your points

[GuB-42]

1) Choosing a password should be something you do very infrequently.
2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.
3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.
4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords.

XKCD 936 addresses 2 and 3
With four _random_ common words, you have 44 bits of entropy, guaranteed, and no informed statistical attack will change this. OTOH, common password schemes using clever tricks are more vulnerable (Tr0ub4dor&3 only have 28 bits of entropy if the cracker is smart enough). And with 44 bits of entropy, it is unlikely that someone has chosen the same password.
As for strength meters and all this Randall strongly implies that we should focus on length rather than numbers, case and special characters.

Pass phrases are the best

Nobody will ever guess Hunter Two!

This is amazing

[WaffleMonster]

Find myself disagreeing on virtually all points.

Bottom line in the real world saying no to correct horse battery staple and yes to FcD($*#)@2zJ7&Cd!23 is worse because your asking something unreasonable of your users when a more reasonable solution is available. This doesn't serve to help anyone or make anything more secure.

Wishing everyone use password managers won't make it so nor is it necessarily an ideal solution. Password managers and use of passphrases vs passwords are separate issues and should be treated as such.

Mnemonics

[Karmashock]

The horse battery staple idea is not unreasonable it just isn't complete.

What you want to do is get a memorable text string and then turn it into gibberish using some sort of system.

Take this:

4MhalLwFwwaS4

Looks like gibberish but it is extremely easy to remember with mnemonics.

First:

Mary had a little lamb who's fleece was white as snow.

That is the text string you have to remember.

Then you have rules that turn it from that into gibberish.

So as a test, I had these rules:

1. Take the first letter of every word.
2. Capitalize nouns.
3. cite the number of letters in the first word at the start of string and the number of letters in the last word at the end.

Easy to remember. All you have to do is remember "mary had a little lamb".

Disagree.

http://world.std.com/~reinhold/diceware.html is information-theoretic AND dictionary-attack resistant when you use enough words and pick them randomly, even if the attacker knows the word list.

You're right only that users should not be CHOOSING passwords (and that's the flaw in correct horse battery staple). Use a Diceware-like technique, which IS secure.

The NSA can, and do, try a trillion passwords per second in an offline attack. Short passwords of any strength will fuck you up.

Simple, my password is

Trying to defeat the lameness filter by writing shit first.

vi1PcjPanzD7ZSv1ZOgD7sLZNX0qpB0Ypa2fV6gJc46csFi3DN3JqafZPmhWiFxhpik09HVFgDTh3EG

Re:Simple, my password is

..and thus I've discovered that the lameness filter has an 80 character password limit.

Easy to remember

[Loki_666]

My password is 1234

Wrong Wrong Wrong

A password should be:

- random (6 chars or even 6 digits should be enough)
- only being used once per application
- locked after 3 failed attempts in a row. Only to be unlocked after at least 24 hours. And monitor for too many lock-outs!

That's it.
Why should a password have a high complexity? If you can only guess 3 times per day?
And if you are worried about it being reversed via the hash: if the attacker obtained the hash, the security is already broken. The password is then the least of the problem.

Re:Wrong Wrong Wrong

[mseeger]

The idea does not work: If you do this, i can lock you out from your service every 5 minutes. The prevention of password guessing is a bit harder and therefor you need a bit more.

In a parallell world without XKCD 936

[jantangring]

”What is there to prevent “letmeinfacebook” from being the new most common four word password for Facebook accounts”

Chance. XKCD 936 says to choose the words at random.

Diogomonica is wrong. And so was Bruce Schneier, and for the same reason – he missed that the words are to be chosen at random.

https://www.schneier.com/blog/...

This means for example picking a up a few books and selecting pages and words at random. I picked a poetry book and used only words starting with an "o". Not optimal, but nice.

Password managers are better, definitely. So sure, mention the password manager first. But nine out of ten of your readers will not install them. What will you tell them? Nothing?

RTFM

"Research" done by people who clearly don't read the tooltips.

...or denigrate a moronic political figure

Try something like "Kim Jong Un did 22 shits in his pants." - easily memorable, has upper case, lower case, numbers and punctuation. It has 186 bits of entropy according to this checker. Even without the spaces "KimJongUndid22shitsinhispants.", it still meets the upper/lower/number/punctuation requirements and has 152 bits of entropy.

Write it down

[tepples]

and passwords will be written on sticky notes pasted to the underside of keyboards

I think that's the point. Bruce Schneier has been trying to get people to write down passwords for years. Think about it: Unless you're a hardcore Dave Ramsey fanboy, you probably already carrry a plastic card in your wallet with your credit card number embossed on it.

Re:Write it down

Yeah.. my dad's got something in his file cabinet with all my passwords. About the only thing I have against just writing them down, instead of also keeping an encrypted file with them included, is that as I've gotten older and after having suffered (unsuccessful) attempts to break into my accounts, subsequently I've ended up with absurdly intricate passwords that, if I don't copy and paste, leaves me making password errors more times than the max amount of login attempts allowed. Even though I don't use certain letters, such as O, this stuff happens all too often. I do keep thinking about getting a password manager, but I have very many accounts I have forgotten about, or no longer use over the last, almost 20 years. I really don't want to log back into them as I hope they've scrubbed my account.. many have bitten the dust, such as AOL ones or Geoshittys.. and some only appeal to.. ahem.. younger people.

Soooo......

[balbus000]

I should update my password to incorrecthorsebatterystaple?

He's Right

[sudon't]

The xkcd idea is a good one for those few passwords you have to remember. But this guy is right - the issue is password managers. I've been railing about this for years. I have two passwords I remember. The other 800 or so I've collected over the years are stored in the password manager. I don't choose the passwords, I let the password manager do that, with the bit slider set to create passwords of 80 to 90 entropy for most things, and greater than 130 for those wanting better security. I've never had an account compromised. We need to train everyone to use password managers now, so that we won't have to put up with annoyances such as multi-factor authentication in the future.

Category error

[LaissezFaire]

The XKCD comic is about what can be done right now; changing the password checking algorithms is a small cost in most places. The article is about the future -- how to change innumerable systems structurally to make a better password system. Heck, most systems today can't even do two-factor authentication, and the number that can do hardware authentication is smaller again. Even systems that can do software PKI is a tiny number.

The random-password tracking tools are great, and they work for a lot of people. But to be used universally, they have to work in 99% of cases, which they're unlikely to. Can you use your favorite one at a library computer? Without your laptop? In a place that forbids USB drives? Without Internet access? It's a similar problem set to why we aren't all using software PKI or GPG email. How do I get the dang keys around to where I am, securely? Here, it's how do I get my password list around to where I am, securely?

no good password manager

[Mr.+Slippery]

The problem with this article is in this sentence:

Users don't need password memorization schemes, they need to be incentivized to use a good password manager.

There is no such thing. A password manager either runs on my PC, which means when I'm away from my PC (laptop at the coffee house) I can't get my passwords; or on a device I have to always have with me, meaning all the inconveniences of a login token -- I can't login when my phone has a dead battery or is lost in the couch cushions or forgotten at home on my desk; or it runs in the "cloud", which would be a security joke.

There is no such thing as a good, or even adequate, password manager for general day-to-day use.

This is not a zero sum issue

[EnempE]

I agree and yet I disagree with the article

I think that the solution to this issue will both overcome true brute force and selected sample attacks (aren't these called rainbow table brute force ? )

I reject the password manager as the default as many people switch between multiple machines some of which are not in their control as such assuming that people own the machines that they use is designing a scheme that does not work for a large number of people. It would be difficult for the multitudes in developing countries that use shared (internet cafe, school etc) computers to get online to implement this scheme.

I agree on changing passwords rarely, but again this depends on the type of use and different users should be able to adjust their behaviour to suit their personal risk profile. For example if I had no choice but to use hotel and airport wifi and access services often I would change my password more frequently than if I only used a machine in the office or at home due to the increased risk from less secure networks and surveillance of my activities.

We are struggling currently to change habits that were introduced 20 years ago. If we make the learning curve too steep we risk the majority finding someway to avoid the process. People tend to ration the mental effort they dedicate to security based on the perceived risk (https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-florencio.pdf). If we make the effort too high then they may develop a coping strategy that is not productive.

I think that Diogo Monica makes a very good point. But the implementation should be slow and should follow the widespread adoption of pass phrases. In the meantime, if all (some already do) password assessment tools could give a poor mark to the top ten passwords, and passwords containing the service name, user name or birthdate.

2 or 3 factor

I know people don't like they idea as it slows down things in our lives, but 2 or three factor authentication is the only way to secure things. The fact that online systems that deal in cash and identity information don't use 3 factor is beyond me.

There are only so many characters available if we do not include ascii so given enough time brute force always works.
Systems currently all have their own limitations - 8 charters here and 26 characters there - only letters and numbers and everything goes.
Long passwords have created their own issues on systems and the way hackers can find them -beyond my understanding.

Rotating passwords

[ale2011]

As a user, I hate it when a security rule requires to change password. Why?

The only practical reason why a password would smell is that it is weak and somebody tried to guess it a few times. However, to implement that policy, I'd need to track attempts. Given the number of attempts and an estimate of the entropy, a system can say when it's time to change a password, without inordinate annoyance.

Why isn't it customary to track failed logins per account?

Would users choose better passwords if they were rewarded with proportional expiration times?

Forum passwords need not be strong because they're unimportant, or because nobody actually tries to crack them?

Re:Rotating passwords

[nine-times]

As a user, I hate it when a security rule requires to change password. Why?

From your post, I think you're assuming that password rotation is meant to prevent against brute-force attacks. As in, "My password would take 20 years to crack via a simple brute-force, so I should rotate it every 20 years," or something like that. Though that makes sense, but there's a little more to it.

Essentially, most forms of attack that would compromise your password take some amount of time. Whether it's brute force, a dictionary attack, a hash-lookup, social engineering, or anything else, it takes some amount of time to execute the attack, get access to the password, and then make use of that information. Plus, most attacks are not targeted, but instead carried out in bulk. The attacker might try a dictionary attack on a large number of known email addresses, or the attacker gets their hands on a password table of a website, and they try looking up the password hashes for all the users of that website. By executing an attack on thousands of users at the same time, they can scoop up some low-hanging fruit, but that means that it will take a bit of time before they make use of that for any particular user.

So what rotating your password does is to shrink that window of time. If you rotate your password every two months, then an attacker has at most two months to compromise your account and then use the fact that your account compromised before they have to start over. If, on the other hand, you haven't changed your password in 10 years, then they may have compromised your account at any time over the past 10 years, and if they have, they can continue to access your account for whatever purpose they like. Yes, someone may have started a brute force attack 10 years ago, and they might have just cracked it today. Or, your ex-girlfriend might have seen your password 7 years ago, and he might have been reading your email for the past 7 years. Or a hacker might have gotten access to the website's hashed password list 3 years ago, taken 10 months to confirm all the passwords worked, sold your password 2 years ago, used access to your email account to watch for emails from your bank with important banking information over those 2 years, and just gotten access to your bank account yesterday.

The point is, you don't know how your account could be compromised, and does get compromised, you won't necessarily notice. If, however, your rotate your passwords on a regular basis, you're mitigating your risks.

Re:Rotating passwords

[ale2011]

That's all true. Notifications of IP and time of my last logins help judging if my account is cohabited. Indeed, they are often available. IP and time of bad logins are less often available, and I never saw them being collected. A password's crackability is not measured in time units, but in number of failed attempts. So it would be useful to collect them.

If there is evidence, or even likelihood, of a compromise, such as stealing a password file or using plain login on unencrypted connections, the relevant passwords are to be changed ASAP. I don't know how long it takes for a compromised account to be sold, but it's useless to wait for the password to expire, in such situations. During normal wear and tear, IMHO, it is more important to educate users than to impose policies. And it seems that the latter two tasks are conflicting with one another.

Re:Rotating passwords

[nine-times]

A password's crackability is not measured in time units, but in number of failed attempts. So it would be useful to collect them.

A big part of what I was saying is, a password may become cracked with 0 failed attempts. There are other ways that an attacker can acquire a password.

Re:Rotating passwords

[ale2011]

Sure. But in those cases the strength of the password doesn't matter, and periodic rotation might not be enough to prevent damage.

Re:Rotating passwords

[nine-times]

But in those cases the strength of the password doesn't matter...

Correct.

...and periodic rotation might not be enough to prevent damage.

Also correct. It might not be enough to completely prevent any damage, or it might. If it doesn't completely prevent any damage, it might limit the amount of damage that's done. Often, security is not about the removal of risk, but about the mitigation of risk.

Um... one researcher?

[bitterblackale]

Why do we care about "at least one security researcher," when MOST security researchers (i.e. many many more than one) show actual data on how picking phrases, e.g. three random words, is as good as password protection can be?

The Solution is not Passwords, it's Certificates

[The+Other+White+Meat]

Figuring out a better way to create and manage passwords is only a stopgap, and a suboptimal solution at best. What we really need is a straightforward and easy way to use client certificates. You should be able to receive a signed client certificate when you pick up your driver's license. You should be able to receive a signed client certificate when you visit your bank. You should be able to receive a signed client certificate at your local library. Certificate in hand, it should be easy to install that certificate on your devices, with a certificate management system that grandma can use.

The technology is already here, it would eliminate so much of this grief, and set the stage for the next level of secure monetary transactions as well.

From "Veep" on HBO

[gzuckier]

Group trying to unlock cell phone. Series comic relief guy says "Give it to me, I can hack it". They do. "OK; 0001. Nope. 0002. Nope. 0003. Nope" etc.

Insecurity questions

[Archwyrm]

These are to be known as "insecurity questions" and their answers should always be nonsense that you save in your password manager.