

The Worst Password Tips - gnosis
http://xato.net/passwords/the-worst-password-tips/

======
jere
>Better advice: Use a long password rather than a random password.

 _facepalm_. You can't use both? I do. This is horrible advice if taken on
face value. To be fair, the author mentions things like KeePass. Use that.
Make very long, random passwords.

>See, when it comes to a brute force attack, entropy makes no difference at
all, because a brute force attack is a sequential attempt at every possible
password, starting with the shortest first.

I think this is the biggest misconception regarding passwords. If we're using
the phrase "brute force" literally, then yes. But if I were to write a
cracker, I wouldn't be limited to that. The first thing it would do is grab
the low hanging fruit. Examples:

1\. Regarding the post, check all variations of a single digit repeating (say
up to 100 times) in 1000 attempts. That's faster than I could check all
variations of 2 character alphabetic passwords.

2\. Check the same thing, but with all common keys on a keyboard layout (e.g.
$$$$$$): < 10,000 attempts

3\. Check common words in english dictionary: ~100,000 attempts

4\. Check 10,000 most commonly used passwords: 10,000 attempts

Let me stop here and say that I can check ALL of the above in less time than
it would take to check all variations of 3 characters using alpha, numeric,
and common special characters. To put it another way, I could grab all that
low hanging fruit in _a billionth_ the time it would take to grab all the
passwords in the "weak" format (8 random characters) given by the author.

What I have come up with above is my armchair ramblings. For some people, it
is THEIR JOB to break your password. Please don't think you're going to create
a good password by being clever. And please stop dismissing the issue by
repeating the words "brute force"

~~~
m8urn
> facepalm. You can't use both? I do. This is horrible advice if taken on face
> value.

Of course you can!

I think you are taking many of my statements much too literally and
misinterpreting the perspective of this article. Of course a long, completely
random password made up of multiple character sets will always be the
strongest password, but that really isn't the point of this article and it
really isn't the most practical advice for most users.

There is a big difference between addressing where we need to be and moving
away from where we actually are. Short passwords are not strong enough no
matter how random they are. Therefore, I personally would rather see users out
there _focus_ on making longer passwords rather than focusing on random
passwords. The typical user is much more likely to memorize a less random but
longer password than trying to memorize an 8-character random password. I
didn't mean to imply that randomness is bad, and I thought that most people
got that from my article.

> Let me stop here and say that I can check ALL of the above in less time than
> it would take to check all variations of 3 characters using alpha, numeric,
> and common special characters.

These are all valid points and I could have gone into great detail on all the
different ways our passwords could be cracked, but that just isn't the point
of the article. I also didn't cover other things such as avoiding password
reuse, regularly changing passwords, etc., but that doesn't make them any less
valid and I cover them regularly through my other blog posts.

> And please stop dismissing the issue by repeating the words "brute force"

Not really sure what you mean by this or what issue you think I have dismissed
by mentioning brute force. Brute force attacks are by n o means dismissing
anything as they have become increasingly effective with ever-increasing
computing power. Nevertheless, if an attacker has to assume that you will be
using all character sets, the effort to crack your password grows
exponentially with the length of your password.

~~~
jere
I guess I don't really disagree with you on that, especially if you're
specifically targeting nontechnical users. However, the thought of someone
reading this and choosing something like an all numeric password does freak me
out because....

>Not really sure what you mean by this or what issue you think I have
dismissed by mentioning brute force.

Let me explain through analogy. I've often heard the story that a company will
request a penetration tests and then restrict what can be done: "you can
attack using method X, but not Y. A hacker wouldn't use Y."

That's a silly perspective, right? A black hat hacker is going to use any
means available. When you say brute force, you seem to be specifying the
method by which attackers will come at your password (and it's certainly not
just you, many other people are repeating the meme). I think that's the wrong
way to look at it.

Perhaps the confusion arises because you're making the assumption that someone
will use some off the shelf, automated cracking software. That's reasonable.
But automated != brute force. Again, if I were to write a cracker, it would
first grab low hanging fruit. I've already given examples. Having a long
password doesn't save you in that situation. That's why we think in terms of
entropy.

>Nevertheless, if an attacker has to assume that you will be using all
character sets, the effort to crack your password grows exponentially with the
length of your password.

Agreed, but my point is they don't have to make that assumption. We don't get
to decide what assumptions they start with.

------
jiggy2011
Not so sure about #3 (random password generator). This might be true in the
case of a true brute force where each attempt is almost free, such as somebody
getting your password from a database secured by a single round of md5.

In reality, most brute force attacks are attempted remotely where there is a
bottleneck in terms of bandwidth and many services are rate limited. In such a
case it would always make sense to try the most common passwords first.

The problem with letting people choose their own passwords is that most people
just aren't that good at it and will choose stuff like p4ssw0rd1982, because
people's minds are somewhat similar they will tend to converge on similar
"good" passwords.

I ran an IMAP service for a time. We would constantly get bots attempting to
brute force email accounts, we had fail2ban set to ban them after 5 attempts
but they could get more guesses simply by having a lot of IP addresses.

When I looked at the sort of passwords they would try they didn't start with
aaaa and move on from there, they would start with stuff that looked like it
had been pulled from a common password list.

About once every 3 months we got a call from somebody who's email had been
hacked. They all insisted that they were using strong passwords that nobody
could have possibly guessed, however when I enforced a strong password policy
on the server and offered a random password generator these problems went
away.

~~~
rquantz
Correct me if I'm wrong, but aren't you describing a dictionary attack, not
brute force?

~~~
jiggy2011
I guess I just see a dictionary attack as a subset of brute force in that it's
still a pretty naive attack, but it's not raw brute force.

OTOH I don't see why anyone would bother using a raw brute force attack
against a password rather than just grabbing a dictionary of the most common
passwords and exhausting those first.

In reality you are likely to run out of guesses before you hit the end of a
common password list anyway.

~~~
ams6110
A good system should take a significant but not intolerable amount of time to
reject a bad password. Just a few seconds will impose a huge burden on a
remote dictionary attack, while not diminishing the experience for a user who
legitimately fat-fingers a password.

Also use fail2ban to impose a lockout after a certain number of failures. The
lockout does not have to be permanent, it just has to make a remote dictionary
attack so time-consuming as to be infeasible (of course this does open up a
DOS vector, depending on how you implement the lockout).

------
casca
TL;DR:

* Simple Substitution < Add a whole word

* First Letters from a Phrase < Take the 3-4 words from a common phrase, add some punctuation

* Random Password Generators < longer password

* Personal Algorithms < longer passwords

------
aetherson
There is certainly some truth to this post, especially right at this moment in
time. But it's the most exuberant example I've yet seen in a new category of
bad password advice, to ignore everything but length.

A truly random eight character password containing upper and lowercase letters
and digits is a keyspace of size 2x10^14. A four word passphrase containing
random words selected from a 5000 word dictionary is a keyspace of size
6x10^14. They are comparable.

Right now, since almost everyone uses short passwords, length gives you
amazing protection, because attacks are geared to find the common short
password. But to the extent that the tech elite convinces the world to move to
longer passphrases, that will quickly stop being true. It's no harder to
program a brute force attack to try phrases of very common words, or very
long, very low entropy phrases of other sorts (to be or not to be), than it is
to try variations of dictionary words.

To the extent that we are giving people advice on security, it should be
advice that is robust against the possibility of its own success.

------
casca
While this list is not unhelpful, the most likely risk is that your password
will be captured when a single site that you've signed up to is compromised.

This means that the most important password choice you can make is to have a
completely different password on every site.

~~~
jiggy2011
Or, of course a keylogger which will can just sit on your PC until it's got
them all.

~~~
NateDad
That requires that you do something stupid to get a key logger installed on
your machine. And yes, in that case you're screwed. However, you're far less
likely to have that happen than some random site you're on getting hacked. You
are one target, the site is thousands or millions.

~~~
RexRollman
Out of curiosity, would a key logger be able to capture of the contents of a
cut and paste? I currently use 13 character randomly generated passwords and,
usually, I don't type them in manually.

~~~
nwh
If you're storing them in plain text, then they can grab them regardless.

If you're storing them in lastpass, then they can grab them regardless.

If you're storing it in an encrypted partition, then they can grab them
regardless.

Once somebody has access, it's game over.

------
Bloodwine
I disagree with his "First Letters from a Phrase" point. I find mnemonic
passwords very useful and keeps me from having to open up KeePass every time I
want to log in to a system because I can't remember the random password.

I agree that longer passwords are better, which is why I use very long phrases
to generate my mnemonic passwords (typically 20-26 characters in length).

~~~
dllthomas
I find "first letters from a phrase" harder to type than the phrase itself,
because it doesn't behave like the rest of the typing I do. Given that it also
has less entropy (necessarily, because of collisions), why not just type the
whole phrase?

------
drucken
Not good advice.

1\. Use a different password for every application, especially every site.

2\. Use a strong random password generator, typically software, to generate
your passwords.

The first tip, which is not mentioned at all by the article, is particularly
critical.

~~~
olivier1664
I'm a human: I'm too dumb to rememer more than some passwords (even worst if
they must be 16 letters long). And I'm too lazy to use a software to manage my
passwords. And worst of all, now, I've my bad habits with passwords.

The password problem is here to stay...

------
pbreit
I've used the same 6/8 char passwords (no symbols or caps) where possible for
the past 20 years or so with no discernible problems. I'm not sure what to
make of this post beyond relief that I don't make myself miserable trying
follow such guidance.

~~~
freditup
And sure, let's say in 90% of cases using the same 6 char password for
everything is okay. But let's take a not unlikely scenario - one website that
you frequent is compromised and an attacker gets an unsalted hash of your
password. Because your password is so commonplace, they can easily get it as
well as a lot of other users' passwords.

Now for every password and email combo they have, they try to log onto a
google account or bank account with the same information. Since you use the
same password everywhere, they succeed. You're essentially now screwed and the
attackers could do all kinds of devastating things.

Perhaps you say the scenario is unlikely - I'd say it happens more often then
you would think. And this is the case where you're not even being individually
targeted.

Overall - a little preventative action is hardly a burden and goes a long way
to securing yourself online.

------
Samuel_Michon
Relevant XKCD: <http://xkcd.com/936/>

~~~
laumars
That's another common misconception as that advice is only true for brute
force attacks, which are usually only the last resort for password crackers.
Dictionary attacks are pretty sophisticated these days so I really wouldn't
gamble on a short list of common words being secure these days.

~~~
ajross
You misunderstood the algorithm. Any single word is subject to a dictionary
attack. But given a list of 4096 words (12 bits), choosing 4 of those randomly
gives you a 48 bit password. There are no feasible dictionary attacks against
a 48 bit space.

Or think of it this way, this algorithm can create a secure password from just
48 words chosen from a dictionary with just two entries! (let's call them "1"
and "0" just to be contrary).

~~~
laumars
Using your example, it's equally secure to an 8 character password using
base64 characters. Recently a pen tester published[1] that he can crack a 9
char pass (w/o punctuation, so 62^9) password in _90_ seconds by parallel
processing across several top end graphics cards. So I really wouldn't argue
that a 48bit password is secure any longer.

[1][http://arstechnica.com/security/2012/08/passwords-under-
assa...](http://arstechnica.com/security/2012/08/passwords-under-assault/2/)

~~~
dllthomas
Right, the necessary strength of passwords increases. Thankfully, the comic
gave us a good method of generating passwords to an arbitrary strength, by
increasing either the size of our alphabet (dictionary from which words are
drawn) or length of our string (number of words), and shows how to calculate
the resulting entropy. As I've pointed out elsewhere, 5 words drawn from
alphabetic entries in /usr/share/dict/words (over 62 thousand) is very nearly
80 bits strong, or stronger than a 13 character completely random base64
string (which is going to be quite substantially harder to remember). If 62^9
(54 bits) takes 90 seconds, 80 bits takes nearly two centuries, and computing
the hashes for phrases is actually going to take longer for each try to boot.

~~~
laumars
You keep thinking of dictionary attacks as being based on a verbatim English
dictionary and I keep telling you that they're not. It's a refined dictionary
with common terms used in real life passwords. However I do completely agree
with your point about adding a number of more words. Passphrases are
definitely another option, proving the service in question doesn't impose a
restrictive maximum character limit (it's idiotic practice, but some do)

~~~
dllthomas
> You keep thinking of dictionary attacks as being based on a verbatim English
> dictionary and I keep telling you that they're not.

That has never, ever been my assertion. I keep saying a dictionary attack is a
variation of a brute force attack (in that you're not looking at the hash
itself), but adjusting the order in which you try words based on a priori
guesses about what passwords are likely to be more common. My point has been
that Randall's approach _ASSUMES THIS KIND OF ATTACK_. It, in fact, assumes a
much more targeted one, where the dictionary the attacker has is completely
accurate. IN THE FACE OF THAT, these passwords have the computed amounts of
entropy.

(There is a separate discussion to be had of just how much entropy is
necessary, but that's obviously going to increase as time goes by.)

I couldn't agree more that a maximum character limit (that's anywhere in the
range anyone might conceivably type) is idiotic.

~~~
laumars
So basically the first part of that argument is tryingto rebuttal an argument
I never made (I had already said that passphrases -so long as they are that
and not just 2 concatenated words) are secure). And you're last part of that
is also agreeing with me.

Internet arguments are fucking dumb. Half the time it's just miscommunication
lol

~~~
dllthomas
FSCKING HELL. Okay, at this point I'm inclined to think you're just trolling,
but one last swing...

Yes, the last bit was agreeing with you; the lead-in with "I couldn't agree
more that..." was something of a clue.

Regarding the earlier pieces, you said in your original comment:

 _"That's another common misconception as that advice is only true for brute
force attacks, which are usually only the last resort for password crackers.
Dictionary attacks are pretty sophisticated these days so I really wouldn't
gamble on a short list of common words being secure these days."_

That is what I have been rebutting (in various forms, in various sub-threads),
and it is incorrect. THE ENTROPY ESTIMATES IN THE COMIC ASSUME A MAXIMALLY
'SOPHISTICATED' DICTIONARY ATTACK, so "dictionary attacks are pretty
sophisticated these days" is inane and misleading AT BEST. If you want to
avoid miscommunication, communicate clearly, and either own what you say or
say you were mistaken.

~~~
laumars
I WAS HUNGOVER AND TYPING ON A TOUCH SCREEN PHONE WHILE TRYING NOT TO THROW UP
ON A MOVING BUS. Of course I was going to explain myself badly, I did after
all appolagise for the confusion and tried to explain myself better but you've
been too fucking stubborn to even care about what my point actually was.

I really don't know who many fucking times I need to say this before the penny
finally drops for you. Or maybe you just prefer acting like a dick online?
Perhaps you're the troll?

------
kingkawn
It's a subjective impression, but it seems that most password compromise comes
from phishing not brute force cracking. Maybe those are just the ones that
make it into the media.

------
tete
It is safe to use dictionary words:
<http://world.std.com/~reinhold/diceware.html>

------
guard-of-terra
The worst password tip is using a password-protected system in the first
place.

Passwords are neither theoretically or practically reliable. They off-load
security to the user, who is the weakest part of all the scheme obviously. Who
is obviously uncapable of remembering by heart dozens of long passwords of
random gibberish.

We should know better than use passwords.

~~~
simonbrown
What should we use instead?

~~~
guard-of-terra
Something based on public key cryptography. Private keys contained in some
kind of protected device where they can't be easily stolen from. Or, even
better, distributed.

~~~
gnosis
Are you going to protect your private key with a password? Or are you
recommending we use password-less private keys?

Also, please let me know when you've convinced the major banks and web service
providers to use public key cryptography instead of passwords.

~~~
guard-of-terra
I'm going to store my private key in an arrangement you can't read it from
even if you control the system.

For stupid services we can generate long random passwords, store them along.
Not bothering the user with that.

------
bizarref00l
echo "mykitten name"|sha1sum. will get me a very good password?

~~~
dllthomas
Not if anyone knows that's what you're doing (or can guess because others are
doing similar). It would be slightly better than the bare string in terms of
crackability, because running the hash would take some time if they're doing
it live, but only slightly.

