err... nevermind about all that.. I was very tried and angry when I wrote it.. feeling a bit better now.

I think the idea is that by requiring users to use different characters, they avoid using whole words as their passwords (i.e. god, love, etc.). So if their password database is downloaded by a malicious user, it becomes slightly harder to guess what the hashed passwords represent, making dictionary attacks less effective.

The problem is that this practice is out of date. These days, dedicated hash cracking computers can break a hash in a matter of hours without a dictionary, so unusual passwords are less effective than longer passwords.

Using a wider variety of characters increases the space of potential passwords, making life harder for someone brute forcing your password.

Consider a password of only the numbers 0-9. A one letter password has 10 possibilities, 2 letters 100 possibilities, 3 letters 100, etc.

Now what happens if you use a lowercase letter instead of a digit? One letter leads to 26 possibilities, two letters 26^2 possibilities, three letters 26^3, etc. Capital letters gets you to 52 sigils, digits throw in another 10, a special character from each digit brings you to 72.

The more types of letters in your password, the bigger the space a brute force algorithm has to guess through. Companies requiring complex passwords are trying to make sure that hackers can't guess your passwords quite so easily.

XKCD had a few (http://xkcd.com/792/) things to say (http://xkcd.com/792/) on the subject. Reuse of passwords is a major issue for me, especially since some of them are actually quite "weak" and thus not really accepted anywhere these days - which results in making up a "strong" password on the spot out of annoyance, and immediately forgetting it.

which results in making up a "strong" password on the spot out of annoyance, and immediately forgetting it.

Try LastPass. It's a browser plugin that stores your passwords. Basically you come up with one master password. You enter that ones to unlock your vault. Then LastPass will fill in the stored passwords when you go to sites. This makes it really easy to have unique passwords for all the hundreds of sites you visit.

I recommend STRIP (http://getstrip.com) (Secure Tool for Recalling Important Passwords). It's available for Windows, Mac, iPhone, iPad, and Android devices. You can sync your passwords in the cloud by using Dropbox or Google Drive, and it's one of the few secure password managers that are actually secure.

Personally, I recommend developing a system for generating unique passwords for each site.

EXAMPLE

1. Take site's full name: Giantintheplayground
2. Take first six characters: gianti
3. Add 3's between letters: g3i3a3n3t3i3
4. Replace vowels with the word cat: g3cat3cat3n3t3cat3

Use the same system for every website, and now as long as you can remember those four rules, every site has a long, strong, unique password.



What I want to know is why some sites have a really low maximum character count on passwords.

Centrelink requires passwords to be 6-8 characters long, with letters and numbers - and ONLY letters and numbers - you have to change them every so often, and you can't reuse old passwords (at least not for a long time). Guess how many of my usual passwords meet those requirements :D

I know a pone who uses some algorithm or other to cycle through a single password on a rotating and randomized schedule to achieve a memorable password with millions of permutations.

That sounds like something you shoudl do before developing an internet presence however, since now you'd have to go back and redo everything...

XKCD had a few (http://xkcd.com/792/) things to say (http://xkcd.com/792/) on the subject. Reuse of passwords is a major issue for me, especially since some of them are actually quite "weak" and thus not really accepted anywhere these days - which results in making up a "strong" password on the spot out of annoyance, and immediately forgetting it.

And you forget correcthorsebatterystaple (https://xkcd.com/936/)? It's only the longest non-secure password that exists!

And you forget correcthorsebatterystaple (https://xkcd.com/936/)? It's only the longest non-secure password that exists!

I tend to use that sort of methodology in mine, hence my annoyance in the original post.. a lot of places wont take that sort any more.. for some reason I can't comprehend.

And my frustration at "secret question" sorts is due to them being extremely insecure for most people, since a lot of people don't just put in a second password as the "answer" for some reason.

1. Take site's full name: Giantintheplayground
2. Take first six characters: gianti
3. Add 3's between letters: g3i3a3n3t3i3
4. Replace vowels with the word cat: g3cat3cat3n3t3cat3

Wouldn't you end up in an infinite loop since you would constantly be replace the "a" in cat with "cat"? :smalltongue:

This is your new password. (https://www.youtube.com/watch?v=IPphyjkXnPc)


And you forget correcthorsebatterystaple (https://xkcd.com/936/)? It's only the longest non-secure password that exists!

Incorrect, "turquoise bicycle shoe fins actualize radishes greenly (http://www.giantitp.com/comics/oots0068.html)" is the longest non-secure password.

What I want to know is why some sites have a really low maximum character count on passwords.

THIS.

I mean, I've never gone through "must be 6-8 characters" bad, but I've experienced several that were still pretty bad. And always on accounts for stuff I'd want to be extra secure. Unimportant stuff like, "Someone on such-and-such forum is WRONG and I need an account to correct them, never posting again afterward!" never seems to have that problem.

I try to log in with what I think is the password, fail, then I try a couple of variants, fail, and then resort to the "forgot password" option. The system takes me straight to resetting the password with a new one. I try to put in what I want the password to be... "You must have at least two numbers, two letter of each case and two symbols". So then I think "I'll adjust the password I want to use to fit that criteria..." Then it tells me "You cannot use the same password as you've already used".

And that's how I find out my passwords.

And you forget correcthorsebatterystaple (https://xkcd.com/936/)? It's only the longest non-secure password that exists!
I didn't forget; I just screwed up the linking and managed to link to the same comic twice rather than to correct horse battery staple. Not sure how.

Following advice to have different passwords for things my email password was different from my YouTube channel.

I was having difficulty uploading a video as it kept telling me my username or password was incorrect. I could still log on and off with my memorised details so that clearly wasn't the case. I tried going through the change password process, which suprisingly let me keep it the same.

I then figured out that I had to upload using my my email address as the account rather than my channel name (which was different to how it worked a couple of months back).

This morning I discovered that I'd actually changed my email password because Gmail and YouTube accounts are now linked if you try to change anything.

I use my email all the time, and YouTube far less regularly. Yet I can't change my password back to the previous one. I could try the button that says "I didn't do that, must've been someone else." to maybe get it back but I reckon it'll probably cause me more problems than it'd solve.

I find it unfathomably irritating.

I do not want to be pratting around trying to remember some ridiculous string of words or using some algorythem generating dohickey every time I log into something. If it forces me to have one of those really stupid passwords (RR has had the "best" so far, must have upper case, lower case numbers and special characters) all that happens is I get to use the password recovery every time or write it down. (Which is, of course, what lots of people do on their work computers...)


And you forget correcthorsebatterystaple (https://xkcd.com/936/)? It's only the longest non-secure password that exists!

And that is exactly the point. If you make a password so complex that it can't be remembered, that it requires software to handle (you're buggered if you have a hard-drive failure, aren't you?) then it has already failed at it's purpose, because people will have to write it down. (And this applies doubly to people are disabled (like my Mum) or elderly (like my Grandparents) who simply haven't got the energy or memory to be messing around using software or trying to remember some string of numbers and letters.)

It would make so much more sense to make people have long passwords of several words than all this crap about using extra characters.

abcdefeghijklmnopqrstuvwxyz = characters 26+ 26 (capitalised)

1234567890-=#'!"£$%^&*()_+~@/? => is only 30 characters, so you've only increased the variables by 50%.

If you made everyone double the length of their passwords (and four word would easily do that), you've already increased the amount of guesses required by just using letters (and leaving the option to use characters and numbers as well...)



I swear, when I am in charge there will be a new rule for computers (and everything else) which I will call the Grandmother Rule: any basic change of operating system of basic function of computer use that is not immediately more usable (which means less faffing around) by my ninety-year old grandmother is banned and will get the instigator publically disembowled with spears as a warning to think things through properly and consider ALL the population who use computers, a number which increases over time...

I heard a story of a security specialist, who remembered exactly one password. This password, he used for his mail account, and for all other accounts, he just used a randomised mess of characters. Whenever he wanted to log in to something, he used the "forgot your password" functionality to create a new one. With a secure mail server, this makes your Internet life as a while virtually unhackable, at the cost of having to jump through a few extra loops to log in to anything...

It would make so much more sense to make people have long passwords of several words than all this crap about using extra characters.

abcdefeghijklmnopqrstuvwxyz = characters 26+ 26 (capitalised)

1234567890-=#'!"£$%^&*()_+~@/? => is only 30 characters, so you've only increased the variables by 50%.


Oh boy oh boy oh boy I get to write about math!

First, there are a limited number of words in the English language. About 200,000 or so in common use, for a given value of common use. That means that if you dispense with letters, a two-word password is one possible combination in 40,000,000,000, or forty billion. A two word combination is one in forty billion, (Much less actually, since you can figure on some words being much more probable and thus write your cracking algorithm to prioritize those. Think about how many passwords would be boobsboobs)

By contrast, if you eliminate real words, and just do letters, then each letter represents 82 possibilities. A ten character password incorporating symbols, numbers, upper and lower case letters is thus one in 82^10, or one in 13,744,803,133,596,058,624, a number which you'll notice has several more commas in it.

Oh boy oh boy oh boy I get to write about math!

First, there are a limited number of words in the English language. About 200,000 or so in common use, for a given value of common use. That means that if you dispense with letters, a two-word password is one possible combination in 40,000,000,000, or forty billion. A two word combination is one in forty billion, (Much less actually, since you can figure on some words being much more probable and thus write your cracking algorithm to prioritize those. Think about how many passwords would be boobsboobs)

By contrast, if you eliminate real words, and just do letters, then each letter represents 82 possibilities. A ten character password incorporating symbols, numbers, upper and lower case letters is thus one in 82^10, or one in 13,744,803,133,596,058,624, a number which you'll notice has several more commas in it.

Which is why you use obscure words like homoousis or dithyrambic

Which is why you use obscure words like homoousis or dithyrambic

Sure, but how are you going to enforce that as a company? It's easy to say "Just let those peasants who don't know many words suffer the price of their ignorance!" but if you're, say, a bank, it makes very good sense to help your customers prevent themselves from being robbed.

It's easy to install a little tracker that checks whether you have upper and lowercase letters. It's a bit harder to install a tracker that checks whether "unambiguousappendix" is a sufficiently obscure combo.

And my frustration at "secret question" sorts is due to them being extremely insecure for most people, since a lot of people don't just put in a second password as the "answer" for some reason.

Whenever I make the secret question answer a second password, I inevitably forget that second password, and that's why I can't download ebooks on Pottermore.

Oh boy oh boy oh boy I get to write about math!

-snip-

True. But a string of say, 5 words (and if they're good password words (read: obscure or otherwise uncommon), that's going to be around 30-40 characters or more) is much easier to remember than a similarly long string of numbers, absent a password-generating algorithm. People, in general, have an easier time remembering 40 characters worth of words than they do remembering a string of 40 completely random characters. The passwords can be longer without compromising security (through physical means like writing things down), because people can remember the word-based passwords.

I can guarantee that most people have an easier time remembering "correcthorsebatterystaple" than they do "d*9lnA4!mYax682Ffki7", despite the second password being more secure, by hacking standards; and if they remember the password, then they won't write it down, making it more secure in a practical sense.

Also, why just English? There are plenty of other languages that use the same alphabet, so you should be able to increase the number of possibilities by a significant margin.

True. But a string of say, 5 words (and if they're good password words (read: obscure or otherwise uncommon), that's going to be around 30-40 characters or more) is much easier to remember than a similarly long string of numbers, absent a password-generating algorithm. People, in general, have an easier time remembering 40 characters worth of words than they do remembering a string of 40 completely random characters. The passwords can be longer without compromising security (through physical means like writing things down), because people can remember the word-based passwords.

I can guarantee that most people have an easier time remembering "correcthorsebatterystaple" than they do "d*9lnA4!mYax682Ffki7", despite the second password being more secure, by hacking standards; and if they remember the password, then they won't write it down, making it more secure in a practical sense.

Also, why just English? There are plenty of other languages that use the same alphabet, so you should be able to increase the number of possibilities by a significant margin.

Possum dīcere Latinam...

I can guarantee that most people have an easier time remembering "correcthorsebatterystaple" than they do "d*9lnA4!mYax682Ffki7", despite the second password being more secure, by hacking standards; and if they remember the password, then they won't write it down, making it more secure in a practical sense.

Writing down a secure password is massively better than not writing down a less secure one. If you get robbed or burgled, then sure, you're in trouble, but that's far less likely to happen than someone trying to brute-force their way into your account.

Although I certainly don't recommend taping your password to a computer screen at your workplace.

I'm going to take advantage of this title and topic to post this right here (http://www.youtube.com/watch?v=jQ7DBG3ISRY).:smallbiggrin:

I work in a hedge fund as a researcher/controller, and our information sciences division often has company meetings to discuss cryptographical security (our firm has one of the top 5 IT departments in the nation). Here's my $0.02.

From a human perspective, yes, a password like correcthorsebatterystaple is better than Tr0ub4dor&3. A difficult password to remember makes our employees easier to "socially engineer", as in, they leave those stupid post-its with their passwords written down lying around. From a more technical perspective, even under dictionary attack, correcthorsebatterystaple is better than Tr0ub4dor&3 (cryptographic entropy, see below).

Some more technical details.

(All assumptions under choices being uniform.) Cryptographic entropy is the average cost of hitting the right password using brute force (from a ruleset). If an attacker knows the password generation ruleset (of course the attacker would; just hit up some employee at a bar and complain about your office's password rules, and watch that company employee complain as well), and we have x bits of entropy, an attacker will have to try \[2^{x-1}\] passwords before getting it right on average.

According to Merriam Webster, we use around ~8,000 words. So, \[\ln_{2}{8000}\] bits of entropy per correcthorse method generation word. That's 48 bits of entropy for correct horse battery staple. So XKCD was pretty close, with its value of 44. XKCD must have been using another dictionary.

Let's take a look at Tr0ub4dor&3. Upper casing is one bit of entropy for the first ruleset search attempt. Three substitutions for three more bits. Troubador is not pulled off a common dictionary attack, so that's probably \[\ln{2}{228000}\] (228,000 being the number of total dictionary words in Merriam Webster's) bits. One punctuation sign and a digit. 3.3 bits for digit, 5 for punctuation. That's ~30.5 bits of entropy total. A little higher than XKCD's 28, but alright.

So yes, correcthorsebatterystaple is still harder to guess than Tr0ub4dor&3, even with maximal knowledge of ruleset (which is fairly safe to assume for most hackers).

In summary, easy to remember, hard to guess. Length doesn't matter, maximizing entropy does. Fortunately, choosing a password like correcthorsebatterystaple ends up having more entropy, and thus is superior to Tr0ub4dor&3 in minimizing risk to cyber attacks.

MIND YOU, if the password was Tr0ub4dor&3F1ji*0, it would actually be better than correcthorsebatterystaple. For an additional six characters the entropy of Tr0ub4dor&3 became 150% of correcthorsebatterystaple's. This is important to note, that length and possible character combinations have nothing to do with it.

abcdefeghijklmnopqrstuvwxyz = characters 26+ 26 (capitalised)

1234567890-=#'!"£$%^&*()_+~@/? => is only 30 characters, so you've only increased the variables by 50%.

Only 50%? Let's do the maths for an 8 character password.

Numerals 0-9 (as in a briefcase style mechanical lock)
10
10^8=100,000,000

Lowercase only
26
26^8=208,827,064,576

Lowercase and uppercase
26+26=52
52^8=53,459,728,531,456

Lowercase, uppercase, and 30 numbers/symbols (there are actually more, I counted 42 numbers/symbols on my reduced size laptop keyboard alone)
26+26+30=82
82^8=2,044,140,858,654,976

As above, but using 42 numbers/symbols
26+26+42=94
94^8=6,095,689,385,410,816

As you can see there, every single character type you can use increases the range of possible passwords exponentially. It is much more than "only 50%".

But, that's not even the point of the rules. The point is that, without such restrictions, people generate really dumb passwords. If they aren't forced to include the symbols, they make passwords such as "password", "1234", "qwerty", etc.


I heard a story of a security specialist, who remembered exactly one password. This password, he used for his mail account, and for all other accounts, he just used a randomised mess of characters. Whenever he wanted to log in to something, he used the "forgot your password" functionality to create a new one. With a secure mail server, this makes your Internet life as a while virtually unhackable, at the cost of having to jump through a few extra loops to log in to anything...

This is not an incredibly smart thing to do. Your forgotten password questions essentially become your password, which is usually much weaker and easier to guess than the password itself (especially in a case like this), and the email address can be bypassed (e.g. "yeah, I lost access to that email account, but I know my mother's maiden name and the name of my first pet"), and if they see you have a long history of forgetting your password, it makes it even less suspicious.

Plus, the reset password email is sent in the clear, meaning anyone can intercept and read it (if the new password is in the email) or click it (if a reset link is given).

A much better way is to have a computer generate a hugely complex password and store it in an encrypted keychain. You remember the one, very important, password, and it remembers 24 character completely random passwords using the full availability of characters for you. You can even back it up in the cloud so that all your devices can use it.


MIND YOU, if the password was Tr0ub4dor&3F1ji*0, it would actually be better than correcthorsebatterystaple. For an additional six characters the entropy of Tr0ub4dor&3 became 150% of correcthorsebatterystaple's. This is important to note, that length and possible character combinations have nothing to do with it.

But it isn't better if a) the user can't remember it or b) they write it down somewhere. If either or both of those apply, then the password defeats its purpose. Passwords need to be easy for the user to remember, but hard for people to guess.

Speaking of the xkcd comic, and speaking as a security specialist, I would say that it didn't go far enough. You should use both a passphrase and make it complex.

Imagine passphrases like "I like to dance 4 times a night!" (sans quotes). Very easy to remember, but even harder to crack.

But it isn't better if a) the user can't remember it or b) they write it down somewhere. If either or both of those apply, then the password defeats its purpose. Passwords need to be easy for the user to remember, but hard for people to guess.

Well, of course, I was talking about cryptographical entropy. I said earlier the biggest threat to security are people leaving post-its lying around.

I was talking about how XKCD chose to reduce the crypto entropy in a very haphazard manner that doesn't quite demonstrate how little effort it would take to make troubadour into a better password than correcthorsebatterystaple from a computational perspective.

Well, of course, I was talking about cryptographical entropy. I said earlier the biggest threat to security are people leaving post-its lying around.

I was talking about how XKCD chose to reduce the crypto entropy in a very haphazard manner that doesn't quite demonstrate how little effort it would take to make troubadour into a better password than correcthorsebatterystaple from a computational perspective.

Which misses the point of xkcd's strip entirely. The troubadour variant they listed is already far too complex for the majority of people to remember, xkcd doesn't need to suggest how to make it more computationally difficult, the password has already defeated its purpose as it is.

Which misses the point of xkcd's strip entirely.

XKCD justifies its point with an entropy calculation (those log-scale block bits in the comic). And then it mentions how computationally, one password is harder to guess than the other.

XKCD justifies using computational arguments, saying that there's no point in memorizing troubador if it has less crypto security anyways than memorizing correcthorse.

My point was that troubador-style generation accrued entropy much faster with much less input than correcthorse-style generation. That is, XKCD's computational arguments worked in that case and that case only. Which is fine, if they didn't try to generalize the computational argument to support the general case of password generation method.

Whenever I'm required to have a ridiculously complicated password with 25 characters and numbers and symbols and letters I will often write it down, then type it about 9 bazillion times until muscle memory sets in, then burn the piece of paper.

XKCD justifies its point with an entropy calculation (those log-scale block bits in the comic). And then it mentions how computationally, one password is harder to guess than the other.

XKCD justifies using computational arguments, saying that there's no point in memorizing troubador if it has less crypto security anyways than memorizing correcthorse.

My point was that troubador-style generation accrued entropy much faster with much less input than correcthorse-style generation. That is, XKCD's computational arguments worked in that case and that case only. Which is fine, if they didn't try to generalize the computational argument to support the general case of password generation method.

That's not what xkcd has done at all, you've missed the point of xkcd's strip entirely.

The troubador-style password is already too complex. It does not matter in the slightest if or how you can increase entropy in the troubador-style password, it is already too complex for people to easily remember and in doing so you will will make it even more worthless to people.

The xkcd comic doesn't need to address increasing the troubador-style password's complexity in any way whatsoever.

Then the xkcd comic strip shows how you can make a passphrase that is much easier for people to remember, while still being at least as secure to brute force as the passwords we are currently forced to create (if not more so).

Increasing entropy on the troubador-style password is entirely irrelevant. Not only is it already so difficult to remember that it defeats the purpose of a password, but you can make better ones than what we currently do while making them easier to remember.

Making them easier to remember is the key.

That's not what xkcd has done at all, you've missed the point of xkcd's strip entirely.

At no point was I addressing the "point" of xkcd's strip. None of what you typed refutes me in any manner, nor is it contradictory. (I would disagree with your wording slightly, but that's neither here nor there.)

Either I'm typing incoherently, you're typing incoherently, I'm not reading what you're typing, or you're not reading what I'm typing. Not mutually exclusive.

I was tackling one of XKCD's specific supporting arguments for being weak. Not the entire argument, which stands up on its own without needing this supporting argument. I was tackling the computational entropy issue.

Yes, you can say, "So? The point remains the same," and I've said as much myself as well. But having a final argument remain strong in spite of weak supporting arguments doesn't excuse the weak supporting arguments.

All this stuff "already far too complex" you mention is completely unnecessary, because I'm not tackling that issue. I'm just working with one specific supporting argument which I felt was weak, and provided reasons demonstrating why.

If you're going to claim that there's no reason whatsoever to consider the supporting arguments so long as the final argument is correct, I suppose the discussion will have to end on "agree to disagree".

At no point was I addressing the "point" of xkcd's strip. None of what you typed refutes me in any manner, nor is it contradictory. (I would disagree with your wording slightly, but that's neither here nor there.)

Either I'm typing incoherently, you're typing incoherently, I'm not reading what you're typing, or you're not reading what I'm typing. Not mutually exclusive.

I was tackling one of XKCD's specific supporting arguments for being weak. Not the entire argument, which stands up on its own without needing this supporting argument. I was tackling the computational entropy issue.

Yes, you can say, "So? The point remains the same," and I've said as much myself as well. But having a final argument remain strong in spite of weak supporting arguments doesn't excuse the weak supporting arguments.

All this stuff "already far too complex" you mention is completely unnecessary, because I'm not tackling that issue. I'm just working with one specific supporting argument which I felt was weak, and provided reasons demonstrating why.

If you're going to claim that there's no reason whatsoever to consider the supporting arguments so long as the final argument is correct, I suppose the discussion will have to end on "agree to disagree".

There is no weak argument from xkcd.


The troubador-style password xkcd showed is what we are already forced to use.

The troubador-style password xkcd showed is already too complex for people to remember.

The passphrase method xkcd showed is at least as difficult to break as the troubador-style password.

The passphrase method xkcd showed is much easier to remember.


XKCD has shown that you can create a password that is at least as difficult to break as the type we are already using, while being easy to remember. There is absolutely no reason for xkcd to even consider making the troubador-style password more complex, and not doing so does not make their argument weak. It's irrelevant. It is not a supporting or contradictory argument. It has no bearing on what xkcd said at all.

A much better way is to have a computer generate a hugely complex password and store it in an encrypted keychain. You remember the one, very important, password, and it remembers 24 character completely random passwords using the full availability of characters for you. You can even back it up in the cloud so that all your devices can use it.

Very much agreed. I use KeePass these days, but Password Safe should also be fine, and any of several others; I remember my main password, and about four or five others all told (one email account, one IM account, a few OS logons), and the other 562* I keep in the database.

Years ago I used to have a custom mental algorithm for generating passwords based on change count, some vaguely-associated random factoid or idea that the password use made me think of, and a few other things. I still use it occasionally for things I have to be able to remember on my own, but everything else is 20-character passwords, except when a website has 8-, 12-, or 16-character limits.

*This is not an exaggeration.


And that is exactly the point. If you make a password so complex that it can't be remembered, that it requires software to handle (you're buggered if you have a hard-drive failure, aren't you?)

If you are incapable of backing up a 200 KB database once in a while, I fear for your general data availability. Seriously. Just email it to yourself on an IMAP account! Or put it on some file sharing site, even**!

**Assuming, of course, that your password database is encrypted. This is not difficult to arrange; see above.

Only 50%? Let's do the maths for an 8 character password.

Faircon's math was better than mine (to be fair, I wasn't trying very hard), though the point I was ineptly trying to make was mainly that doubling the length of passwords using less characters was going to be very nearly if not as secure but easier to remember.



I concur that a passphrase would be easier and even more secure.



There is also an argument to make, though, that if you ensure that passwords had the option to be as complex as the places that enforce complexity are now and really long, that decryption software would have to take that into account.

(By the time you have a password that is, I dunno, the made-up names of the your last four characters seperated by, I dunno "?" or "{" or something - fairly easy to remember - and big business started issuing what is effectively autheticators of random charcter strings), you ought to have made the job a frack-ton more difficult.)

The real problem is just that passwords that require special software/hardware or writing it down is just not something many people are going to bother with, because it's a nuisence. Or you end you resetting your password every time. Now, granted, if you made people have a passphrase, they'd moan like heck anyway (but that's no different to now), but it'd be not much if at all less secure (and conscientious people would be much more secure) but more people would be likely to remember it and the hackers would have a harder job all roads round.



Like I said, for stuff like passwords, WE are not the people we need to be considering as the end-users, as we have the time and energy (if not the inclination); it's people like my ninety year old Nanny who uses the internet for all her shopping and communication because she's basically housebound now. Whatever you do has to be easier to THEM (especially since they're more vulnerable.)

There is also an argument to make, though, that if you ensure that passwords had the option to be as complex as the places that enforce complexity are now and really long, that decryption software would have to take that into account.

No, it wouldn't. See here:

But, that's not even the point of the rules. The point is that, without such restrictions, people generate really dumb passwords. If they aren't forced to include the symbols, they make passwords such as "password", "1234", "qwerty", etc.

People like us would use complex passwords, but other people wouldn't. So, all of the "other" people will be targeted, and attackers will go back to the much quicker methods of brute force.


Like I said, for stuff like passwords, WE are not the people we need to be considering as the end-users, as we have the time and energy (if not the inclination); it's people like my ninety year old Nanny who uses the internet for all her shopping and communication because she's basically housebound now. Whatever you do has to be easier to THEM (especially since they're more vulnerable.)

And she is exactly the type of person that these rules are designed to protect. If it didn't force her to use a complex password, she would use one of the above, and her account would be extremely vulnerable.

The passphrase method xkcd showed is at least as difficult to break as the troubador-style password.

XKCD has shown that you can create a password that is at least as difficult to break as the type we are already using, while being easy to remember. There is absolutely no reason for xkcd to even consider making the troubador-style password more complex, and not doing so does not make their argument weak. It's irrelevant. It is not a supporting or contradictory argument. It has no bearing on what xkcd said at all.

The bolded is supported computationally in XKCD.

http://imgs.xkcd.com/comics/password_strength.png

1. First panel, we have generation method. Caps, substitutions, expanded dictionary word, order, numerics, and punctuation.

2. Fourth panel, we have a competing generation method. Four random common words.

3. Those empty grey boxes are log-bits of entropy. The second panel makes it clear by summing them up on top to ~28.

4. Now, my first assertion was that these claims are correct, although the entropy calculations are a little optimistic. Nothing to worry about though. "What's the point?" There is no point, much like most of academia. I was making an assertion-observation.

5. The words under all the panels read, "Through 20 years of effort, we've successfully trained everyone to use passwords that are that are hard for humans to remember, but easy for computers to guess."

6. The italicized words above are backed up by the entropy calculations in the panels.

7. These words finalize panels comparing the troubador method to the correcthorse method; or, the comparison between the troubador method and the correcthorse method was meant to lead up and support these words.

8. The words use the general terminology, "hard for humans to remember, but easy for computers to guess", and provide the comparison between the troubador and correcthorse method as an example.

9. A brute force dictionary attack is assumed for the calculation of entropy, otherwise he would not have ended up with those values.

10. I assert that, by making minor variations to the troubadour generation method, that still fulfill the all assumed criteria, plus within reasonable reasonable limits (i.e., still exposed to a brute force dictionary attack, less than half the length of competing generation method), one can create passwords that are harder for computers to guess (a la entropy) than the correcthorse method, even with additional allowances for correcthorse.

11. I still agree with the assertion made in 5.

12. I show that the comic comparisons given in 7 and 8 are not sufficient to actually demonstrate 5, as I have shown in 10. A counter example which challenges a portion of 5, shown in 8, is sufficient to weaken the argument, or to consider that a supporting argument has been weakened.

Now, if you refute 10 on the basis of the assumed criteria, full stop. These assumed criteria are pragmatically useful for IT security or crypto academicians, the demographic meant to be targeted with the comic's topic, but there's no in-comic reason to have assumed them. It doesn't make me wrong, since you can't justify that the comic exists separately of the IT industry or crypto, it just means I'm talking about something you're not interested in.

There. That's a full, unambiguous, not-entirely-formal but otherwise low-academic robust series of assertions. If you plan on further refuting me, it would be best to refute any one of these assertions, because otherwise you'd just be wrestling a straw man.

I tend to use that sort of methodology in mine, hence my annoyance in the original post.. a lot of places wont take that sort any more.. for some reason I can't comprehend.

And my frustration at "secret question" sorts is due to them being extremely insecure for most people, since a lot of people don't just put in a second password as the "answer" for some reason.

Oh man, that would be much better than actually answering the damn questions why didn't I think of that?!

I just finally for into my first email account from back when, after like fifteen years!


I try to log in with what I think is the password, fail, then I try a couple of variants, fail, and then resort to the "forgot password" option. The system takes me straight to resetting the password with a new one. I try to put in what I want the password to be... "You must have at least two numbers, two letter of each case and two symbols". So then I think "I'll adjust the password I want to use to fit that criteria..." Then it tells me "You cannot use the same password as you've already used".

And that's how I find out my passwords.

They don't do that anymore. Now it's "we are going to randomly generate you a new password, log you in and/or let you make a new one on the spot".

Baggers.


I heard a story of a security specialist, who remembered exactly one password. This password, he used for his mail account, and for all other accounts, he just used a randomised mess of characters. Whenever he wanted to log in to something, he used the "forgot your password" functionality to create a new one. With a secure mail server, this makes your Internet life as a while virtually unhackable, at the cost of having to jump through a few extra loops to log in to anything...

I heard a story about a security specialist who got taken for everything because he left a receipt with his last 4 digits of his card in the trash, a hacker used that and went to apple* an said "here are my last 4 digits, what's my email?" And got the email to an alternate account where he said "hey, Yahoo*, here's my email, what's my alternate log in number?" Or something and basically crossed three sets of innocuous data and got that one easy-to-remember password to the email, reset all the guy's bank accounts and cleaned him out.

Last I heard, he was offering a reward to the thieves along with anonymity just to learn how they did it so he can try to stop it in the future. Tech security guy after all.


Oh boy oh boy oh boy I get to write about math!

First, there are a limited number of words in the English language. About 200,000 or so in common use, for a given value of common use. That means that if you dispense with letters, a two-word password is one possible combination in 40,000,000,000, or forty billion. A two word combination is one in forty billion, (Much less actually, since you can figure on some words being much more probable and thus write your cracking algorithm to prioritize those. Think about how many passwords would be boobsboobs)

By contrast, if you eliminate real words, and just do letters, then each letter represents 82 possibilities. A ten character password incorporating symbols, numbers, upper and lower case letters is thus one in 82^10, or one in 13,744,803,133,596,058,624, a number which you'll notice has several more commas in it.

But you aren't limited to words. You've got a password that's like twenty characters minimum, that asks you to use a phrase if you're feeling lazy. Allow spaces and suddenly people are typing in "and that's how they made me their chief!" As a password. Quotes and all.


I work in a hedge fund as a researcher/controller, and our information sciences division often has company meetings to discuss cryptographical security (our firm has one of the top 5 IT departments in the nation). Here's my $0.02.

From a human perspective, yes, a password like correcthorsebatterystaple is better than Tr0ub4dor&3. A difficult password to remember makes our employees easier to "socially engineer", as in, they leave those stupid post-its with their passwords written down lying around. From a more technical perspective, even under dictionary attack, correcthorsebatterystaple is better than Tr0ub4dor&3 (cryptographic entropy, see below).

Some more technical details.

(All assumptions under choices being uniform.) Cryptographic entropy is the average cost of hitting the right password using brute force (from a ruleset). If an attacker knows the password generation ruleset (of course the attacker would; just hit up some employee at a bar and complain about your office's password rules, and watch that company employee complain as well), and we have x bits of entropy, an attacker will have to try \[2^{x-1}\] passwords before getting it right on average.

According to Merriam Webster, we use around ~8,000 words. So, \[\ln_{2}{8000}\] bits of entropy per correcthorse method generation word. That's 48 bits of entropy for correct horse battery staple. So XKCD was pretty close, with its value of 44. XKCD must have been using another dictionary.

Let's take a look at Tr0ub4dor&3. Upper casing is one bit of entropy for the first ruleset search attempt. Three substitutions for three more bits. Troubador is not pulled off a common dictionary attack, so that's probably \[\ln{2}{228000}\] (228,000 being the number of total dictionary words in Merriam Webster's) bits. One punctuation sign and a digit. 3.3 bits for digit, 5 for punctuation. That's ~30.5 bits of entropy total. A little higher than XKCD's 28, but alright.

So yes, correcthorsebatterystaple is still harder to guess than Tr0ub4dor&3, even with maximal knowledge of ruleset (which is fairly safe to assume for most hackers).

In summary, easy to remember, hard to guess. Length doesn't matter, maximizing entropy does. Fortunately, choosing a password like correcthorsebatterystaple ends up having more entropy, and thus is superior to Tr0ub4dor&3 in minimizing risk to cyber attacks.

MIND YOU, if the password was Tr0ub4dor&3F1ji*0, it would actually be better than correcthorsebatterystaple. For an additional six characters the entropy of Tr0ub4dor&3 became 150% of correcthorsebatterystaple's. This is important to note, that length and possible character combinations have nothing to do with it.

Yeah. But it's like buying in bulk; better unit price, but only if you can afford it in the first place.

No reason to make an immemorable password more secure, because its still immemorable. You're just locking yourself out at that point.


XKCD justifies its point with an entropy calculation (those log-scale block bits in the comic). And then it mentions how computationally, one password is harder to guess than the other.

XKCD justifies using computational arguments, saying that there's no point in memorizing troubador if it has less crypto security anyways than memorizing correcthorse.

My point was that troubador-style generation accrued entropy much faster with much less input than correcthorse-style generation. That is, XKCD's computational arguments worked in that case and that case only. Which is fine, if they didn't try to generalize the computational argument to support the general case of password generation method.

I think you missed the gist.

Like any good salesmen, XKCD knows the specs. They can tell you what works, what doesn't, and why. They also have an easier to understand but less vital explanation for people who don't grok Maths. The secondary explanation can be slap dash as that's fine, because its really not a vital part of the explanation but a shiny gewhaw to keep the jackdaws busy while grown-ups talk.


Whenever I'm required to have a ridiculously complicated password with 25 characters and numbers and symbols and letters I will often write it down, then type it about 9 bazillion times until muscle memory sets in, then burn the piece of paper.

Heaven help you if you change keyboards! :smalleek:


*


The only account Ive never had hacked and never had to reset my password for, is an old and cancelled email. The password was a movie title about a password the characters were trying to crack. I believe that is called "Refuge in Audacity", no?

I heard a story about a security specialist who got taken for everything because he left a receipt with his last 4 digits of his card in the trash, a hacker used that and went to apple* an said "here are my last 4 digits, what's my email?" And got the email to an alternate account where he said "hey, Yahoo*, here's my email, what's my alternate log in number?" Or something and basically crossed three sets of innocuous data and got that one easy-to-remember password to the email, reset all the guy's bank accounts and cleaned him out.

Pretty sure that was a tech journalist, and while the attackers could have charged a bunch of crap to his Amazon account, they didn't, because that wasn't the point of the attack. And they actually found out part of his card number through Amazon, IIRC.

Cleaning out someone's bank account with their online banking password is pretty unlikely in any event. Good banks might let you view balances, statements, and the like with just a username and password, but actually transferring money to someone else usually requires your debit card and PIN.

Cleaning out someone's bank account with their online banking password is pretty unlikely in any event. Good banks might let you view balances, statements, and the like with just a username and password, but actually transferring money to someone else usually requires your debit card and PIN.

Paypal is another story altogether, however...

Paypal is another story altogether, however...

There are plenty of ways to end up charging a bunch of crap to someone's card, yes, but I'm pretty sure you have at least some recourse available if that happens to you (ignoring dedicated crime victim funds and the like). Once a bank transfer has cleared, there's usually no going back, even if it was fraudulent.

Pretty sure that was a tech journalist, and while the attackers could have charged a bunch of crap to his Amazon account, they didn't, because that wasn't the point of the attack. And they actually found out part of his card number through Amazon, IIRC.

Cleaning out someone's bank account with their online banking password is pretty unlikely in any event. Good banks might let you view balances, statements, and the like with just a username and password, but actually transferring money to someone else usually requires your debit card and PIN.

My bank doesn't. Account transfer is pretty immediate too.

And I could have sworn it was a security job, because his reason for wanting contact was because "I'm supposed to prevent this kind of thing". He also noted that if he had just connected his accounts to his cell number instead of just each other, he would have been fine.

The bolded is supported computationally in XKCD.

http://imgs.xkcd.com/comics/password_strength.png

1. First panel, we have generation method. Caps, substitutions, expanded dictionary word, order, numerics, and punctuation.

2. Fourth panel, we have a competing generation method. Four random common words.

3. Those empty grey boxes are log-bits of entropy. The second panel makes it clear by summing them up on top to ~28.

4. Now, my first assertion was that these claims are correct, although the entropy calculations are a little optimistic. Nothing to worry about though. "What's the point?" There is no point, much like most of academia. I was making an assertion-observation.

5. The words under all the panels read, "Through 20 years of effort, we've successfully trained everyone to use passwords that are that are hard for humans to remember, but easy for computers to guess."

6. The italicized words above are backed up by the entropy calculations in the panels.

7. These words finalize panels comparing the troubador method to the correcthorse method; or, the comparison between the troubador method and the correcthorse method was meant to lead up and support these words.

8. The words use the general terminology, "hard for humans to remember, but easy for computers to guess", and provide the comparison between the troubador and correcthorse method as an example.

9. A brute force dictionary attack is assumed for the calculation of entropy, otherwise he would not have ended up with those values.

10. I assert that, by making minor variations to the troubadour generation method, that still fulfill the all assumed criteria, plus within reasonable reasonable limits (i.e., still exposed to a brute force dictionary attack, less than half the length of competing generation method), one can create passwords that are harder for computers to guess (a la entropy) than the correcthorse method, even with additional allowances for correcthorse.

11. I still agree with the assertion made in 5.

12. I show that the comic comparisons given in 7 and 8 are not sufficient to actually demonstrate 5, as I have shown in 10. A counter example which challenges a portion of 5, shown in 8, is sufficient to weaken the argument, or to consider that a supporting argument has been weakened.

Now, if you refute 10 on the basis of the assumed criteria, full stop. These assumed criteria are pragmatically useful for IT security or crypto academicians, the demographic meant to be targeted with the comic's topic, but there's no in-comic reason to have assumed them. It doesn't make me wrong, since you can't justify that the comic exists separately of the IT industry or crypto, it just means I'm talking about something you're not interested in.

There. That's a full, unambiguous, not-entirely-formal but otherwise low-academic robust series of assertions. If you plan on further refuting me, it would be best to refute any one of these assertions, because otherwise you'd just be wrestling a straw man.

Look at point 5, read it carefully. "Through 20 years of effort, we've successfully trained everyone to use passwords that are that are hard for humans to remember, but easy for computers to guess."

The troubadour style password is the password generation method we have been trained to use.

Look carefully at these words, "hard for humans to remember".

Those words are very important. Those words are the cornerstone of the xkcd argument, the sole reason it exists.

The xkcd comic strip sets out to solve this problem. The xkcd comic strip sets out to produce a password that is at least as strong as the current method (preferably more), but is easy for humans to remember.

There is absolutely no reason whatsoever for the xkcd comic strip to even consider a harder troubadour style password, in the style you mentioned, because it doesn't fulfil the basic requirement of being easy for humans to remember (in fact, it would be harder).

Regarding point 10, yes, you can make harder passwords using absolutely random characters and appending them to your password, no argument there, but it is completely and totally irrelevant to the xkcd comic strip's argument.

There has been no weakening of the xkcd arguments, because the password you mention is completely irrelevant. It is invalid and does not fulfil the basic requirement of being easy for humans to remember.

Pretty sure that was a tech journalist, and while the attackers could have charged a bunch of crap to his Amazon account, they didn't, because that wasn't the point of the attack. And they actually found out part of his card number through Amazon, IIRC.

Ooo, are we talking about Mat Honan (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/)? If so, the point of the attack was... to get into his Twitter. Yeah, they thought it was cool that he had a three-character Twitter handle, and apparently didn't care for much else that they had access to. Except to delete files, but the lost files he cared about the most (photos of his daughter) he was able to recover (http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/).

What I'm taking away from this is that when I'm not using LastPass or equivalent, for maximum paranoia and rememberability I should go with XKCD style 4 word phrases plus a special character or two somewhere in the middle. "hysteric inaner 50% shell reserve" ought to do it. (Thanks, /usr/share/dict/words)

I'm also amused that the GITP board is arguing about another webcomic entirely.

Look at point 5, read it carefully. "Through 20 years of effort, we've successfully trained everyone to use passwords that are that are hard for humans to remember, but easy for computers to guess."

Those words are very important. Those words are the cornerstone of the xkcd argument, the sole reason it exists.

You're missing my point?


There is absolutely no reason whatsoever for the xkcd comic strip to even consider a harder troubadour style password, in the style you mentioned, because it doesn't fulfil the basic requirement of being easy for humans to remember

You make an assertion, you have to defend it. Prove that this is a basic epistemic requirement for this discussion.


Regarding point 10, yes, you can make harder passwords using absolutely random characters and appending them to your password, no argument there, but it is completely and totally irrelevant to the xkcd comic strip's argument.

Regarding the bolded, I did no such thing. What makes you think I was adding random characters?

And regarding the rest of that quote, I've already addressed it in point 10, the argument you're trying to use to refute it.

If you're in IT security, then you should be aware of the pragmatic differences between the two generation methods. And, given that XKCD's targeted topic with its joke is IT security, the variations to troubador and correcthorse I pointed at are indeed very relevant, the same way analysis is relevant to algebra. Yes, your basic college algebra texts don't talk about analysis. No, pragmatically, for a mathematics student, you cannot actually ignore analysis by declaring it irrelevant.

:smallconfused:

I'm not interested in debating a webcomic so fervently. I'm discussing security right now, and the implications of the computational complexity drawings in the XKCD comic.

You're discussing what the comic was really trying to say, which is "missing the point", as you like to say, of my assertion. The fact is, XKCD still drew those entropy bits, and specified a generation method. That is what I'm addressing.

If my assertion is really so uninteresting despite its relevance to security, best to ignore it, not throw out vague refutations.


I'm also amused that the GITP board is arguing about another webcomic entirely.

This is how you know you're on the internet. :smallamused:

First, I apologise if this post contains any formatting or quote errors, or misses anything. I'm writing this on a touchscreen only tablet, on a plane, using cached versions of the site.

Now, let's establish what I'm not asserting.

I'm not asserting that you can't make the troubadour style password more difficult for computers to crack. But, unless you can make it more difficult for computers to crack while simultaneously making it simple for humans to remember, this is irrelevant.

I'm not asserting the accuracy of the bits of entropy listed in the xkcd comic. If the listed bits of entropy are incorrect, then that does weaken the argument it presents.

I'm not asserting anything that has nothing to do with the comic. I'm only arguing against your claim that it has a 'weak' argument.

I'm not asserting that correcthorsebatterystaple is the best style of password. I personally think it doesn't go far enough, entropy wise. But, entropy wise, it is better than what we are currently 'trained to use'.


You're missing my point?

No, I'm not missing the point. I'm asserting that it it is entirely irrelevant to the xkcd comic's argument.


You make an assertion, you have to defend it. Prove that this is a basic epistemic requirement for this discussion.

I don't have to prove it. The proof is in the comic itself. It lists one of the most basic problems that it needs to solve is that passwords are too difficult for people to remember. If a suggested password generation method is difficult for humans to remember, then it does not solve this basic problem and is completely irrelevant to the argument the xkcd comic is presenting. Ignoring irrelevant types because they don't meet this basic requirement established in the comic itself does not in any way weaken the argument. The only thing the xkcd comic asserts is that there are better methods for generating passwords out there that are easier to remember. The correcthorsebatterystaple password is one of them, it exceeds current entropy, and solves the problem of passwords being too difficult to remember. Thus, the point the comic made is proven, with no weak arguments in sight.

{table=head]Password|Easy to remember?|Hard for computers?|Relevence?
Tr0ub4dor&3|No|No|What we are currently trained to do.
Tr0ub4dor&3F1ji*0|No|Yes|None, irrelevant. Does not solve the basic problem established at the start, being easy to remember.
alphabet|Yes|No|None, irrelevant. Does not solve the basic problem established at the start, being hard for computers to break.
correcthorsebatterystaple|Yes|Yes|Shows that there are better password generation methods than we are currently using which are both easy to remember and hard for computers to break. Fulfils both basic requirements established at the start.[/table]

Argument proven without any weak arguments.


Regarding the bolded, I did no such thing. What makes you think I was adding random characters?

F1ji*0 - I see a second word (fiji) with letter substitutions, and two new random characters. Something the xkcd comic has already asserted as being too difficult when used only once.

---

You can discuss other generation methods until the cows come home, but you cannot correctly assert that the lack of demonstration of making the troubadour style password more difficult makes the xkcd comic's argument weak in any way. That modification quite simply does not meet the basic requirements established by the comic, that being both easy for humans to remember and difficult for computers to break.

Now, if you want to argue that increasing the length of the troubadour style password in order to increase its entropy makes it a good password as an entirely separate issue and without trying to assert that not including it in the comic somehow weakens the xkcd comic's argument, then I am happy to argue against you on the grounds that passwords are already becoming too complex for humans to remember and that any entropy gains are lost in the human factor. But the increased complexity troubadour style password is an entirely separate issue to the argument raised in the xkcd comic and not one I have been addressing directly. It is quite simply irrelevant to the xkcd comic's argument and plays absolutely no part in it.

Thank you for taking the time and being more verbose in this reply. I enjoyed reading your post.

I concede I'm wrong (on one point).

to assert that not including it in the comic somehow weakens the xkcd comic's argument

I shouldn't have said that in one post, because as you say, this is in fact false.

Was this what you disliked about my argument? Because then I guess the argument ends there, but this was not what you initially refuted, and nor was this the focal point of my argument.

I was talking about how XKCD chose to reduce the crypto entropy in a very haphazard manner that doesn't quite demonstrate how little effort it would take to make troubadour into a better password than correcthorsebatterystaple from a computational perspective.

Which you refuted on the basis that it misses the point of the comic. Which I never said anything otherwise about (minus one bad statement). I thought you were trying to tell me that XKCD never chose to reduce the crypto entropy at all, which of course I vehemently disagreed with.

My initial primary argument was that the method of crypto entropy reduction doesn't hold true under pragmatic circumstances.

It turns out, like most internet arguments, that we weren't even talking about the same thing.

I try to log in with what I think is the password, fail, then I try a couple of variants, fail, and then resort to the "forgot password" option. The system takes me straight to resetting the password with a new one. I try to put in what I want the password to be... "You must have at least two numbers, two letter of each case and two symbols". So then I think "I'll adjust the password I want to use to fit that criteria..." Then it tells me "You cannot use the same password as you've already used".

And that's how I find out my passwords.

I'm always annoyed when I go to some site I almost never use (like say that company I applied for a job with 6 months ago and want to refurbish my resume before the next career fair at university), and, even though I remember the password, I cannot remember what it needs to contain.

E.g. a password that I remember as "Annabelle Smith", but was really "An@b31leSMit4". Now, if I could remember the password required 3 capital letters, a symbol, and 3 numbers, I could recreate the password. But there is nothing to tell me that I needed those 3 numbers, symbol, and 3 uppercase characters.


Writing down a secure password is massively better than not writing down a less secure one. If you get robbed or burgled, then sure, you're in trouble, but that's far less likely to happen than someone trying to brute-force their way into your account.

Although I certainly don't recommend taping your password to a computer screen at your workplace.

After I submit notice that I am leaving my current job, 5 years or so from now, I might start leaving notes on my computer with bogus passwords on them. I expect it to last about a day before the head of security calls me up to have a little chat.


Imagine passphrases like "I like to dance 4 times a night!" (sans quotes). Very easy to remember, but even harder to crack.

But the quotes make it harder to crack!

Also, passwords that do not allow spaces are evil. They should be banned.

I'm not sure that I dislike anything about the assertion that entropy can be increased for the current passwords, other than the fact that I would disagree on it being a good idea for passwords humans have to remember if anyone were to assert that, based on the human factor.

Personally, I feel that we should go to entirely multi factor authentication, such as a USB security token which contains huge machine generated completely randomised passwords which you unlock by entering a pin on the device itself (better yet, certificate based challenge authentication, but passwords encrypted this way can be implemented on existing password based systems). This eliminates the human memorisable requirement and greatly increases entropy. But, doing so on a universal scale would be incredibly expensive...

As a stop gap measure, we need passwords that are better than what we are currently using, but easier to remember. And I do think that the xkcd comic suggestion can be much improved, from an entropic standpoint, while maintaining memorability.

Here's a discussion question I'm interested in. Our IT department has been throwing around the idea of changing passwords every 90 days. For example, if an attacker obtains a shadow password file, they can brute force against it at their leisure. But so long as the hash algorithm holds them off for 90 days, they won't get anywhere.

On the other hand, it guarantees that every employee will have post-its of their passwords under their desks.

Our firm isn't particularly worried about this (for various firm-specific reasons), but I'm sure this is a huge issue in other companies.

Besides that, if the attacker breaks into the system between password expiration dates, s/he can install backdoors for easy access thereafter. So it doesn't really protect against good attackers.

Our final verdict was No, but well, the idea is popular in universities, who need the security a lot less than our firm does.

Actually, I'd argue that 90 days is a good number. 4 passwords per year, not that much strain on users, gets people to change things up a bit. Unlikely to add many sticky notes to monitors.

I'd argue against 30 days in most situations and be very dubious of 60 days, but 90 days is what I would generally recommend, and I do recommend having some form of password expiry.

After I submit notice that I am leaving my current job, 5 years or so from now, I might start leaving notes on my computer with bogus passwords on them. I expect it to last about a day before the head of security calls me up to have a little chat.

As I said, I don't recommend writing all of your passwords down on post-it notes in your workplace. But a couple of notes left at home with passwords written on them is less of an issue.

I really doubt that people who steal computers and laptops from someone's house stay to look for notes that have the passwords on - unless it's on a very, very obvious spot next to the computer.

I mean, my mum has all of her passwords written on some paper, but it's not in an obvious place and even I don't know it (which is rare, her "hidden" spots don't usually live up to the whole hidden thing). If someone steals her laptop, they steal the laptop, possibly loot our CDs as well, and then run off.

Then again, what do I know. I'm no burglar. *shrug*

Here's a discussion question I'm interested in. Our IT department has been throwing around the idea of changing passwords every 90 days. For example, if an attacker obtains a shadow password file, they can brute force against it at their leisure. But so long as the hash algorithm holds them off for 90 days, they won't get anywhere.


In my experience that leads to password1, password2, ... passwordN. Is that buying you much more randomness?

Here's a thought. I'm not sure how you'd set this up though, but what if you had a salt that changed every 90 days? Users could keep their passwords, but the contents of /etc/shadow gets updated with each new salt?

(For those of you who aren't familiar with the term, a salt is a bit of extra text that gets padded onto passwords before they're saved and whenever they're checked. This way, even if the atttacker has a precomputed hash of "mypassword" looks like "d84c7934a7a786d26da3d34d5f7c6c86" when its encrypted for all alphanumeric passwords below 16 characters, a user can use "mypassword" as a password, but it will be hashed as though as it's really "here's some salt on your password-mypassword".)

In my experience that leads to password1, password2, ... passwordN. Is that buying you much more randomness?
It is a terrible, terrible practice.

The salt change, if it can be implemented reasonably across multiple systems that companies usually use, sounds a LOT better. Thank you for posting this idea.

I'm not a IT Security guy, I'm just a security conscious programmer with too many passwords in my head.

I'm not a IT Security guy, I'm just a security conscious programmer with too many passwords in my head.

Ditto. I was a student sysadmin while in college, which gave me a healthy dose of paranoia, but it's hardly something I've been keeping up with. I really hope my salt idea isn't a novel one and I'm expecting Rawhide or faircoin to point out what's wrong with it promptly.

I really hope my salt idea isn't a novel one and I'm expecting Rawhide or faircoin to point out what's wrong with it promptly.

I'm not IT security either. :P I'm a controller, so the IT dept. has to run its ideas by me before it gets the go ahead. Which is unfortunate, because I have no IT credentials whatsoever, so it's questionable whether or not I actually know what I'm doing. My background is physics, into finance.

I'll ask the IT dept about the salt idea. They'll probably give me a look like I'm dumb, then explain to me why it works (and that they're already doing it) or doesn't work.

Re: changing passwords every 90 days. I was required to do so by my school. I had a rotation of 3 14-character passwords that I'd use each semester, and every time I used it again I put a roman numeral at the end. Slightly better than password1 password2 and password3, but not much better.
The practice isn't that secure. Don't do it.

Salts can protect against a hash database (database of pre hashed passwords), salts will NOT protect against a brute force against the hash, as the salt value is public.

Salts can protect against a hash database (database of pre hashed passwords), salts will NOT protect against a brute force against the hash, as the salt value is public.

I had a sneaking suspicion that would be the case. Even if you keep it "secret" the basic premise here is that they've already got your shadow file, so what's to keep them out of your salt.txt file?

Oh, another thing salts do, is to prevent two people with the same password having the same hash.

I'll ask the IT dept about the salt idea. They'll probably give me a look like I'm dumb, then explain to me why it works (and that they're already doing it) or doesn't work.

Standard salting practice is for each user to have their own unique, random salt and for a salt to be generate each time a password is created or changed. Changing salts without changing passwords isn't a standard tactic for several reasons, the most important of which is that if an attacker gets the password (or the password database, as Rawhide noted) through some means then any amount of salt changes won't matter--and humans are often much more susceptible to social engineering, laziness, insecurity, etc. than secure servers are to being hacked.

If you could trust your users to look after themselves, it could work. For instance, I personally have an easy-to-remember (for me) algorithm for generating long (30+ character) passwords that I always use, never re-use passwords for different accounts, am extremely paranoid when it comes to network security, and never give anyone else physical access to my laptops, so no one's going to get my password any time soon and if I were to set up security for my own network using salt-changing without password-changing it could be secure. But you should always design for non-tech-savvy grandmothers who are trusting of kind strangers, and for the vast majority of the population changing passwords is more secure.

Note: By hash database, I was referring to massive lists of common passwords together with their hash already calculated. Saves time as you don't need to actually generate the hashes for each password, they are already calculated.

Note: By hash database, I was referring to massive lists of common passwords together with their hash already calculated. Saves time as you don't need to actually generate the hashes for each password, they are already calculated.

Right. You mentioned a brute force against a hash, which usually requires that you have access to the password database where the hashes are stored, which is the database I was referring to.

Right. You mentioned a brute force against a hash, which usually requires that you have access to the password database where the hashes are stored, which is the database I was referring to.

The main database is not the only way to get the hash. Windows networks will, by default, cache a hash of your password on the computer you log into.

Ooo, are we talking about Mat Honan (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/)? If so, the point of the attack was... to get into his Twitter. Yeah, they thought it was cool that he had a three-character Twitter handle, and apparently didn't care for much else that they had access to. Except to delete files, but the lost files he cared about the most (photos of his daughter) he was able to recover (http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/).

Interesting. I'll correct mysel in the future then, after I brush up on details.



It turns out, like most internet arguments, that we weren't even talking about the same thing.

Well yeah, that's what we were trying to tell you XD


Actually, I'd argue that 90 days is a good number. 4 passwords per year, not that much strain on users, gets people to change things up a bit. Unlikely to add many sticky notes to monitors.

I'd argue against 30 days in most situations and be very dubious of 60 days, but 90 days is what I would generally recommend, and I do recommend having some form of password expiry.

Depends on how often they move physical systems. The desk setup is a mnemonic. I find myself still using my password from two iterations ago at one terminal because I use it so infrequently.


In my experience that leads to password1, password2, ... passwordN. Is that buying you much more randomness?

Yeah. My work computer has gone from [employee name][store number] to [other employee name][store number]. The computer has absolutely nothing of value on it, but it's still cringe-worthy.

I think most folks who actually care about the security of their lg-in wont do this, though, even if they have to be burned once to be twice shy. The usual mode I hear about is each password connects to another, unspoken topic. It allows for seemingly randomized stuff while giving te user a mnemonic device.

The main database is not the only way to get the hash. Windows networks will, by default, cache a hash of your password on the computer you log into.

I'm assuming the hash is still cached in a hopefully-somewhat-secure main database, though? I work mostly with with Linux enterprise-scale security and haven't used Windows in years, so I'm not really familiar with how Windows security works these days.

As a general observation, salt is to protect against an attacker who already has your hash, i.e., a rainbow table to look up against your databases.

Salt just murders the practical limits of rainbow-table brute force (with KDF and all those other caveats).

What rawhide said is true, a salt is public, so to speak. What I do wonder though is that this changing salts could still be helpful, i.e., an attacker who accesses the admin's salt before s/he tries to access our database, and then screws up all our stuff.

I really have no idea what conditions need to be met for an attacker to get our salts before accessing our database. I don't think it's possible with a competent IT staff, but who knows.

You want stupidity? The software that manages grades, transcripts, enrollment, payroll, billing etc at my university requires a precisely eight digit password that must contain one number and has some restriction on repeated characters as well. It's like they actually don't understand how combinatorics work.

You want stupidity? The software that manages grades, transcripts, enrollment, payroll, billing etc at my university requires a precisely eight digit password that must contain one number and has some restriction on repeated characters as well. It's like they actually don't understand how combinatorics work.

Humans make very poor random number generators. Without the second caveat, there would be someone with admin powers who used the password "aaaa8888", and thought it was good. Not that it is any more likely than "arn4lk19" if both were completely chosen at random, but it is more likely if chosen by a human.

Did that make sense?

Humans make very poor random number generators. Without the second caveat, there would be someone with admin powers who used the password "aaaa8888", and thought it was good. Not that it is any more likely than "arn4lk19" if both were completely chosen at random, but it is more likely if chosen by a human.

Did that make sense?

There are at least two things very wrong with the restrictions in place.

1) Can be no more than 8 characters, which is barely adequate as it is and stops people from making better passwords.

2) Must be exactly 8 characters. An attacker knowing this knows they only have to target passwords that are exactly 8 characters, greatly lowering the range of passwords they have to check.

Personally, I recommend developing a system for generating unique passwords for each site.

EXAMPLE

1. Take site's full name: Giantintheplayground
2. Take first six characters: gianti
3. Add 3's between letters: g3i3a3n3t3i3
4. Replace vowels with the word cat: g3cat3cat3n3t3cat3

Use the same system for every website, and now as long as you can remember those four rules, every site has a long, strong, unique password.



What I want to know is why some sites have a really low maximum character count on passwords.


The problem with this is, if your password is found for that site, the algorithm you use can be figured out. Then your passwords for any site is known to who ever got a hold of the first password.

The problem with this is, if your password is found for that site, the algorithm you use can be figured out. Then your passwords for any site is known to who ever got a hold of the first password.

That's true if you're specifically being targeted by someone willing to spend a few hours hacking you personally; otherwise, I don't believe ordinary password cracking tools are capable of adapting in that way, and are simply intended to guess the most common passwords and password generation algorithms in a mass of data.