
Late Meditations on XKCD 936 - gambler
http://insideofthebox.tumblr.com/post/75234834370/late-meditations-on-xkcd-936
======
aragot
I had a talk in 2005 and the person was saying passwords belonged to the past.
2014 and we're still there: Why?

\- We have browserside certificates. Granted they're not sexy.

\- We have logins by email tokens. After all, that's how to do password
recovery anyway, so why not promoting password recovery to the normal login?

\- We could have thousand kinds of SIM or USB passwords, such as YubiKey,
which would have features like, you only auth while it's in the slot.

Instead the last gov website I've used to declare my payroll employees takes
the birth date as the default password. And so many others accept my mother's
maiden name as an authentifying proof.

How did we get there?

~~~
harshreality
Browser side certificates only work in the browsers you install them in; the
average computer user will need tech support to help them copy a key/cert pair
to a new browser. The key is also probably not encrypted on disk (by default).

Emailing a login token to a user every time they want to log in requires that
their email is working and that they can get to their email, and would slow
down the login process. It would waste everyone's time. I think it only makes
sense as an additional authentication measure for high security applications
where logging in at a moment's notice is not a necessity.

Yubikey is okay for one or two sites _if you have one_ [1]. They cost money,
and serve no purpose other than improving security of logins. Compare to a
smartphone running a TOTP app. Most people already have a handheld device, and
a TOTP app and setup for a website is a free one-time install with one-time
setup and no ongoing overhead. It also doesn't require working email or even
working internet, which doesn't matter in the typical case but matters a lot
in edge cases. Email might be down. SMS might be down. You might not have cell
coverage at all.

[1] Yubikey only has two slots, and so you can't store unique OATH seeds for
more than two sites, right? How many yubikeys do you expect people to carry
around? How many sites even implement HOTP rather than TOTP? If every site
implementing 2FA implemented challenge/response for yubikey, then yubikey
would be great. However, TOTP is the dominant form of 2FA, and that limits the
usefulness of yubikey.

~~~
maxerickson
Gregarious device use should sort of be on the decline. To the extent security
matters, any ol' device is less and less of a good idea.

Still, I'd like devices to be able to ask my cell phone for authorizations
(maybe with a complicated enough UI that the cell phone can limit the valid
time of the auth).

------
arielweisberg
I've actually seen people use that XKCD comic as an excuse for designing
products that prevent the use of password managers.

Pass phrases do nothing to help you manage unique passwords for every site and
then expire them when necessary.

Sure pass phrases are great for encrypting your password database, but they
are not a substitute for password management.

~~~
nknighthb
> _I 've actually seen people use that XKCD comic as an excuse for designing
> products that prevent the use of password managers._

These people need to be publicly named and shamed, they're deliberately
putting their users at risk.

~~~
arielweisberg
I agree, but haphazardly shaming products/developers is not a way I want to do
it. I don't know how long such a statement is going to hold true once I have
made it. Also glass houses and all.

If someone maintained a database of products and how they interfered with the
use of a password manager or good password hygiene and there was a way to get
off the naughty list then that would be great, but that is a lot more work.

~~~
nknighthb
I wish you'd raised that idea like, three days ago. I would have had time to
work on it. :)

------
singingfish
I'll just pop this here:

    
    
      $ cat `which xkcdpass`
      #!/bin/sh
      perl -MCrypt::XkcdPassword -E 'say Crypt::XkcdPassword->make_password for 1 .. 10'

~~~
Bootvis
For the chumps (like me) who don't know how to get the perl mcrypt module:

    
    
        sort -R /usr/share/dict/words | head -n 4

~~~
sltkr
Even shorter: (and much faster!)

    
    
        shuf -n 4 /usr/share/dict/words
    

Somewhat more seriously, Diceware works pretty well too as a low-tech, high-
quality password generation method:

    
    
        http://world.std.com/~reinhold/diceware.html
    

(My only complaint is that a lot of words in the standard wordlist are pretty
obscure.)

~~~
rockymeza
[https://www.fusionbox.com/mouseware/](https://www.fusionbox.com/mouseware/)

we wrote this one at my company. It uses your mouse movements as a seed for
the random number generator.

------
vezzy-fnord
Most people who quote XKCD #936 miss the point. It has a decent message, but
taking it literally is a grave mistake.

This style of concocting passphrases (chain dictionary words together) as a
whole has a low Kolmogorov complexity, and can easily be imported by attackers
through wordlist mangling or using some advanced software features, such as
Hashcat's combinator attack.

Finally, humans are fallible. They'll always go for certain predictable
combinations, and certain permutations will be more widespread among those.

If an attacker has any suspicion you're using the XKCD algorithm literally,
it's trivial for them to make a move.

~~~
leephillips
Can anyone explain to me why he assings only 2^11 bits of entropy to a word?
Doesn't that correspond to choosing from only about 2000 words? If we choose
from the more typical adult vocabulary of 100,000 words, isn't that
log2(100,000) = 17 bits? Or am I doing it wrong?

~~~
bredman
I think he did this to show how even with a very restricted dictionary you
could still build a relatively secure login system. Having a restricted
dictionary could also help with the issues other people are discussing with
humans being socially programmed to select certain word orders as their
password under this scheme.

------
dnautics
I never bought into the XKCD 936 concept. Imagine using 20 web pages
regularly, and having to remember 20 unique word combinations of 4 words.

What I do is the following:

I have a function that reliably converts the name of a service -> some string,
easy to compute in the brain

passwords are salt + f(service)

where salt is a strong string of characters for critical services (financial,
personal info, etc)

and a weak string of characters for stuff i don't care about.

~~~
Fargren
That's effectively security through obscurity. If someone got one of your
passwords, he could try to figure out f()^-1 and reverse your funciton,
supossing its inversible; that would grant him all of your passwords with the
same salt. Specially since you just now published an outline of your scheme.

~~~
dnautics
All passwords are effectively security through obscurity, with varying sizes
of trapdoors. If someone got a hold of your piece of paper that has all of
your passwords written down on it, then you're hosed as well. _If you 're
being targetted, you're basically in trouble no matter what._ Sometimes
security just has to be good enough, for most users, good enough is such that
having one password compromised by a trawling operation is sufficiently
firewalled against having the other passwords compromised by an automated
agent.

Even so, you can bet that for things I really care about that are difficult to
reverse (such as, like, say a bitcoin wallet) I'm not going to use this
scheme.

------
giantrobothead
Pass phrases are more memorable and at least appear more resistant to password
cracking attempts, but as Mat Honan's experience and this recent post here on
HN
([https://news.ycombinator.com/item?id=7142916](https://news.ycombinator.com/item?id=7142916))
both show, your account security can come down to a successful social
engineering hack on a minimum-wage customer service employee who has the power
to reset your account password.

~~~
batoure
This is true however a close read of the article you site would show that part
of the reason that that hack is possible is because in our current paradigm
the idea that someone would have completely forgotten their password. If pass
phrases became more common then perhaps customer service reps would be able to
be more skeptical of the social engineering ploy that was put to use in this
scenario

~~~
giantrobothead
Perhaps. Unfortunately, that's probably a pretty big "if".

~~~
batoure
True but it would be interesting to see some data on how many over the phone
password resets big service providers do on a day to day basis. That kind of
data would at least be a litmus to invalidate the current paradigm.

~~~
giantrobothead
I would like to see some numbers on that. Is it as pervasive as it seems, or
are the ones that get through just dramatic enough to set people on edge?

------
DanBC
I dislike the idea of allowing permutations in word order. Remembering a
strong passphrase involves muscle memory and finger typing, so having random
order for words in a pass phrase would not help most people.

Passwords are _horrible_. I can't wait for the day when we have 2FA with
something like a Yubikey (but better) and a short password.

~~~
gambler
Muscle memory works well for commonly used password, but what about rarely
used ones?

Words can be blended into a single impression or narrative for easy
memorization, and giving the user the ability to order them to support that
narrative will greatly improve usability. (Besides, if you're consistent, your
muscle memory will work just fine.)

------
invalidOrTaken
"The golden goose crows from the cliff."

I don't know if _this_ is the answer, but I like where the author is going. I
like the way PG approaches these things: will we be remembering ridiculous
combinations like r@bb1t24 in 50 years? Somehow I doubt it.

~~~
dnautics
I remember my amazon password from ~15 years ago.

