Recently, I’ve been asked questions about password security, inspiring me to write this article.
If you’re too lazy to read the following article, here are some short suggestions:
How do we rate the security of a password? In general, we can estimate its entropy, i.e. its uncertainess. Of course, strictly speaking, a password, since it’s already determined, always has an entropy of 0. Thus, normally when we talk about the entropy of passwords, we are actually talking about the randomness of the method we use to generate the password. For example, since there are 10^6 (~= 2^20) possibilities of a 6-digit numeric password, there are about 20 bits of entropy in the case that it is randomly generated. However, the choices humans make are usually easily predictable, causing a decrease in entropy.
You might think that since a lot of websites temporary lock accounts or IPs after several failed password attempts or require a CAPTCHA be completed, the password need not be so secure. However, the mechanisms mentioned above are not silver bullets. For example, IP bans can be bypassed by the use of botnets, and CAPTCHAs can be read by the method I wrote about in this article. In addition, a lot of server hacks leak the database of login credentials, and safe passwords can also help in this scenerio. The reason is that most security-minded sevices does not store your password in plain text, but instead turn them into data that can not be reversed back to the original password via an one-way hash / KDF. As such, a cracker that obtains the database still needs to use normal brute force or dictionary attacks to get your password. However, in this scenerio, not only would the cracking speed be increase by several magnitutes (since networking is not required anymore), the limits mentioned above would not apply.
How large does the entropy of a password have to be to prevent such an attack? Consider a server using MD5, a terrible hash function. (Mainly due to its speed. Normally, a slower KDF, like PBKDF2, is used to slow down the speed of crackers) Currently, high spec GPUs (GTX1080) can achieve about 25 Gh/s = 2.5 * 10^10 hashes / second. In other words, a 8-character password consisting of lower case letters and numbers (about 2.8 * 10^12 possibilities, amounting to about 41 bits of entropy) can be cracked in 50 seconds on average, not to mention that the cracker is highly likely to use faster equipment. Also, the advancement in computing speed is another factor to be considered.
Thus, it is completely reasonable to use a password with over 70 bits of entropy. For course, this depends on the sensitivity and importance of accounts, and personal security requirements.
Here are some common and secure ways to generate passwords:
Using programs like KeePassX to generate a password randomly can achieve the highest security / length ratio. A password consisting lower and upper case letters, numbers, and punctuation along with spaces only needs 13 characters to reach 80 bits of entropy. However, for many this is rather hard to remember, and even makes some people write their password down and stick it to their screens, thereby decreasing security.
This method appeared in this XKCD strip. Basically, you randomly choose a few English words and connect them together. At first, this method may seem insecure and prone to dictionary attacks, but actually, if you randomly choose 6 words out of 8000 (with repetition allowed), there are 8000^6 permutations, amounting to about 78 bits of entropy. This is close to the 13-character random string mentioned above, while being easier to remember (by making up a story). However, since human choices are far from random, a method of choosing these words randomly becomes important. The offcial page of Diceware provides a wordlist containing 6^5 = 7776 words, each of which corresponds to a sequence of digits (1 ~ 6). To use it, roll a dice 5 times for each word, and match the results to a word in the list
To be frank, other methods, as long as it’s not randomly generated, have security issues. As mentioned above, our decisions are often predictable. In addition, some suggst using a long phrase or sentence (like Edward Snowden’s example
MargaretThatcheris110%SEXY) or the combinations of initials of said sentence (like Bruce Schnier’s
This little piggy went to market ->
tlpWENT2m). Although this is way safer than the passwords normal people use, there are the following problems:
You might think that if there’s so much fuss, why not set the passwords to all the websites the same? However, if one website is attacked (like a leaked password database), and your password is cracked because of this (as mentioned above, offline hash cracking speeds are very fast), all of the credentials of your other accounts are compromised as well. If the website stores the passwords in plain text, which happens often, they won’t even need to be cracked. In addition, if the website (or some of its employees) is malicious, it can directly capture your password, and try to log in your other accounts with it. In short, there are countless ways to leak passwords. If the passwords to all the accounts are the same, the risk is greatly increased.
However, different passwords to lots of accounts can soon become difficult to remember. Thus, many security experts recommend the use of password managers, which basically save all your passwords in one database, which is protected by a single master password. This way, only the master password needs to be memorized. The following are a few recommended password managers which are open source and provide both desktop and mobile versions.
How this program works is by doing irreversable calculations to your name, master password and website name, and use the results to generate passwords for each website. The advantage of this method is that no synchronizations are needed to use the passwords on different devices. Also, to deal with the passwords generated by the websites, it also has the functionality to save custom passwords, which, of course, need to be synchronized manually.
This program is what I’m using now. It uses the most traditional way, an encrypted local database. An advantage is better security. Though you need to synchronize the database manually for usage on multiple devices, it’s still pretty convenient to use methods like Dropbox, SFTP, …etc. Also, the recommended app on Android is Keepass2Android, which has synchronization features built in, saving a lot of trouble.
Many people recommend changing your passwords often. However, it should be noted that this hardly reduces the possibility of your passwords being cracked. (See this paper for details) Bascially, unless you realize that your password might have been leaked (e.g. a leak of the server database, logging in via an untrusted computer, …etc), there’s not really a need to change it often. After all, being asked to change passwords all the time, many users would just use insecure ones in case they’re forgotten.
Another misconception is that you shouldn’t write your passwords down. Simply put, writing them down and sticking them next to your screen (or other unguarded places) is obviously very bad. On the other hand, placing it in a wallet that rarely leaves your sight is reasonably safe, since we are used to keep a close eye on our wallets and the paper inside. An advantage of doing so is that you won’t be using insecure passwords because of the risk of forgetting them.
Send an email to firstname.lastname@example.org.