×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Multiword Passwords Secure Or Not?

Unknown Lamer posted more than 2 years ago | from the never-ending-passphrase dept.

Security 372

Gaygirlie writes "An article over at Gizmag says: 'It's a meme that's been doing the rounds on the internet in recent years: multi-word pass-phrases are as secure as long strings of gibberish but with the added benefit of being easy to remember. But research from Cambridge University suggests that this may not be the case. Pass-phrases comprised of dictionary words may not be as vulnerable as individual passwords, but they may still succumb to dictionary attacks, the research finds.' I find this to be twisting of words and general consensus; of course any password whatsoever is going to be insecure against offline attack, and using common, popular words is going to make guessing the password much easier. But is this really an issue in a world where most attacks are done online? Should general populace still be coaxed into using randomly generated passwords?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

372 comments

Obligatory xkcd (5, Insightful)

kc9jud (1863822) | more than 2 years ago | (#39352067)

Re:Obligatory xkcd (1, Troll)

Dark$ide (732508) | more than 2 years ago | (#39352105)

So you didn't bother to RTFA before posting that. They're trying to show that the easier to remember password may be easier to crack with a dictionary attack.

Re:Obligatory xkcd (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39352189)

So I did not bother to read the RTFA, but I can tell you if it is any good it will be attacking this directly at the entropy level. Entropy in information theory is a very well-defined concept despite it definitely not being a lay-person topic. The xkcd is a direct take-off of an entropy observation and some commonly published information on the topic.

I assume the paper is claiming that some entropy measures may be ill-considered... but then again that isn't telling anything new.. People have long suspected (and we have evidence for passwords) that humans within a certain culture (and even independent) are heavily biased.

The pass phrase with words concept only works under the assumption that the phrase is *generated* under a high entropy process. The effectiveness theory follows from the assumption that this allows both high entropy and ease of recall/memory. If you throw away the former, then no shit they won't work.

Re:Obligatory xkcd (0)

Hentes (2461350) | more than 2 years ago | (#39352223)

And you didn't bother to read the comic. It does assume that the attacker tries a dictionary.

Re:Obligatory xkcd (5, Insightful)

medv4380 (1604309) | more than 2 years ago | (#39352227)

Come on. All he did was post a link to a related xkcd comic. He didn't say anything about it being right or wrong. It's related, and funny. Would you rather have had someone do a standard first post troll instead?

Re:Obligatory xkcd (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39352279)

No, you RTFA. They mention xkcd, but then ignore it and go on to test 2-word passwords that are not randomly chosen or unrelated words. Of course 2-word passphrases, where the words are related ("Chicago Bulls") or are a verb-noun pair ("Speedy Gonzalez" "Soft Kitty" "Oneiric Ocelot"), are weak against dictionary attacks. The xkcd approach is not.

Re:Obligatory xkcd (0, Interesting)

Anonymous Coward | more than 2 years ago | (#39352281)

Say you have a 4 word password and you publish your 2048 word dictionary on the internet, entitled "come at me". Is that more or less secure than a random 8 character password(upper, lower, numbers, 40 symbols)

4^2048 vs 8^102
approx 1.04*10^1233 vs 1.2*10^102

So even if they know which dictionary you are using, it doesn't matter. And you can type your password into just about any device without figuring out how to make all the symbols on a rotary phone.

This does assume that they can't hear you typing and count the number of characters in your password to reduce the possible combinations, that will drop the security.

Re:Obligatory xkcd (5, Informative)

Anonymous Coward | more than 2 years ago | (#39352483)

> Say you have a 4 word password and you publish your 2048 word dictionary on the internet, entitled "come at me". Is that more or less secure than a random 8 character password(upper, lower, numbers, 40 symbols)

> 4^2048 vs 8^102

You mean 2048^4 vs 102^8.

2048^4 = 1.7592186 * 10^13
102^8 = 1.17165938 * 10^16

With only a 2048 word dictionary to choose from this is less secure than a random 8 character password.

Re:Obligatory xkcd (3, Insightful)

Geoffrey.landis (926948) | more than 2 years ago | (#39352569)

Say you have a 4 word password and you publish your 2048 word dictionary on the internet, entitled "come at me". Is that more or less secure than a random 8 character password(upper, lower, numbers, 40 symbols)

The point of the xkcd [xkcd.com], which you apparently didn't actually read, was that in the real world user-chosen "hard-to-remember" passwords are NOT eight random characters chosen from the set upper, lower, numbers, 40 symbols. The entropy is vastly less than you calculate.

(I would not call "random 8 character password(upper, lower, numbers, 40 symbols)" a "hard to remember" password in any case. Those are "completely impossible to remember, absolutely must be written down" passwords.)

Re:Obligatory xkcd (5, Insightful)

tigre (178245) | more than 2 years ago | (#39352613)

Aren't those exponents reversed?

2048^4 vs 102^8?
1.7 * 10^13 vs 1.1 * 10^16?

So completely random is still better in this sense. Just hard to remember and maybe hard to input. xkcd compared "uncommon word + common substitutions + a couple random characters".

Re:Obligatory xkcd (0)

Anonymous Coward | more than 2 years ago | (#39352635)

You've got the base and exponent the wrong way around for both calculations. For the dictionary, you should have 2048^4 = 1.75*10^13, and for the random password, 102^8 = 1.17*10^16. The random one is stronger by a factor of 666.

Re:Obligatory xkcd (5, Informative)

Geoffrey.landis (926948) | more than 2 years ago | (#39352479)

So you didn't bother to RTFA before posting that. They're trying to show that the easier to remember password may be easier to crack with a dictionary attack.

And you didn't bother to read the xkcd before posting that. It showed with calculations that the commonly used "hard to remember" password has lower entropy than a much easier to remember multiword phrase. For reference, "higher entropy" means "harder to crack with a tailored brute force attack."

In any case, though, the actual first thing you need to do is to make sure you never reuse a password on two different systems. And the xkcd for that is http://xkcd.com/792/ [xkcd.com]

Re:Obligatory xkcd (3, Insightful)

suso (153703) | more than 2 years ago | (#39352727)

What's really funny is that Randall's alt text on this comic is strangely prophetic:

"To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."

Re:Obligatory xkcd (0)

Anonymous Coward | more than 2 years ago | (#39352487)

Right, but they are wrong for most common cases of "attack". A dictionary attack has no way to relate unrelated words easily. For example LameDonutCollieLinux is four words, but - since they are as unrelated as CorrectHorseBatteryStaple they aren't going to be in a dictionary attack. There would be an unfathomable number of entries in that dictionary if they were to find those two examples. For many words you would need the plural, different tenses, etc. That would be one hell of a dictionary. That's why my password is QuicklyCanadianGrowsWhiskey.

Re:Obligatory xkcd (3, Interesting)

zero.kalvin (1231372) | more than 2 years ago | (#39352113)

There is something that always bothered me, how in the hell does the attacker knows if I am using words for my password or not? Second consider the following password where at one point was on my laptop: "A happy worker is mindless worker, so shut up and do your job!" I fail to see how this password is not safe just because I used actual words, wouldn't it take million of years(even with dictionary attack) to gess it ?

Re:Obligatory xkcd (4, Funny)

Anonymous Coward | more than 2 years ago | (#39352177)

That's no match for my million monkeys with million type writers.

We're upgrading to windows 3.11 later this year. You'll see. HAHAHAHAHAHAH

Re:Obligatory xkcd (4, Informative)

Culture20 (968837) | more than 2 years ago | (#39352341)

There is something that always bothered me, how in the hell does the attacker knows if I am using words for my password or not? Second consider the following password where at one point was on my laptop: "A happy worker is mindless worker, so shut up and do your job!" I fail to see how this password is not safe just because I used actual words, wouldn't it take million of years(even with dictionary attack) to gess it ?

It's more secure than 5#f^x902 in almost every way, except that it's easier to shoulder-surf in one try because it's a proper sentence. As long as they catch enough parts, they can guess the rest. Try adding purposefully misspelled words or bad grammar and it makes shoulder surfing hu23 sekane in the despondingly overstitch. Side effects of using passphrases like that include speaking random gibberish on occasion.

Re:Obligatory xkcd (5, Informative)

gstoddart (321705) | more than 2 years ago | (#39352353)

There is something that always bothered me, how in the hell does the attacker knows if I am using words for my password or not?

They don't, but if they have the resources for a brute-force search, it's moot since in theory they'll just keep trying until they find it.

Second consider the following password where at one point was on my laptop: "A happy worker is mindless worker, so shut up and do your job!" I fail to see how this password is not safe just because I used actual words, wouldn't it take million of years(even with dictionary attack) to gess it ?

Well, possibly not. Think about a document with a password.

If someone really wants to get into it, and is willing to invest the time and hardware, having a computer try millions and millions of permutations isn't as expensive as you might think, and it gets cheaper every year.

Many forms of crypto have fallen over the years as the speed of computers has allowed what used to be an impossible task to be something which can be done in relatively short time. Even a couple of days or weeks of compute time would represent an absolutely vast amount of attempts.

It's a damned find pass-phrase, but a computer is really good at doing an endless set of boring things. So, eventually even if it's a massive brute force attack, it could still arrive at the one that worked.

However, this is the most telling part:

The researchers found that film and book titles were effective in identifying pass-phrases in use - information readily available in list-form online suitable for dictionary-style attacks. The researchers used Wikipedia and IMDB lists, as well as slang phrases from Urban Dictionary. Researchers found users tended to favor simple two-word phrases common in natural language, though there is evidence that some users seek out seemingly-random pairings. The researchers also claim that there are "rapidly diminishing returns" for longer pass-phrases containing three or four words.

So, if movie names and slang is what many people are using as their pass-phrases, a dictionary attack is a little easier.

But, something like "cotillion squirrel hammer bollocks gouda inkwell" might be random enough that the sources people might use to try a dictionary attack won't be of any help. Whereas "The Dark Knight" or "Star Wars" might fall pretty quickly.

Re:Obligatory xkcd (1)

Anonymous Coward | more than 2 years ago | (#39352357)

The attacker does not know whether you are using words or not. They are just guessing. But the attacker is not just attacking you, they are attacking 1000s of users. If even the dictionary attack works against only the small number of users who used not-random-enough pass phrases, that is still a successful attack.

Your example passphrase is pretty good since it contains many words. But it is not as secure as you might first guess. If you assume pass phrases to be grammatically correct (as yours is), then the patterns of natural language greatly reduce the number of possibilities to be guessed at.

Re:Obligatory xkcd (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39352519)

Exactly. Even if they knew it was a string of words, there are 13 words there. So think of it like a 13 "character" password (generally pretty secure), except that instead of each "character" being picked from one of a set of (26+26+10+~20), each "character" is picked from a list of thousands of words. Even if you were to try applying linguistic details (like one particular word is likely to followed by a smaller set of words), it's still going to be more complex than a 13 character random password. And then that's not even taking into account the extra punctuation you added.

Intuitively, I just can't imagine how it would be any worse off. Even if you consider that many people will use semi-obvious stuff like "I am your father", "Here's looking at you, kid", "You can't handle the truth", or "I've got the same combination on my luggage", that's got to be at least 100 times better than the alternative they would have chosen: "password", "kitten", "12345", or their username in reverse.

Re:Obligatory xkcd (5, Interesting)

micheas (231635) | more than 2 years ago | (#39352667)

Pulling one example, I was asked to see if I could recover the password on pdf to allow editing. IIRC, the cypher was 256 bit AES. When trying to find the password to edit a pdf, my really ancient dual core athlon64 took under 2 minutes to try every unique word in the OED.

The password of the pdf (which was sanfrancisco2) took me about 15 minutes to find using standard password dictionaries. Theoretically, a 13 character password with a number in it should take an insanely long time to crack, reality was well under an hour.

Re:Obligatory xkcd (1)

Anonymous Coward | more than 2 years ago | (#39352217)

xkcd's example is a bit wrong though

He used 4 words. lets say 170k in words that is 170000^4. Which is ~69 bits of entropy. Much less if you stick to 'common' words.

If you start changing case and adding in numbers though at random places the entropy goes up.

http://oxforddictionaries.com/words/how-many-words-are-there-in-the-english-language

Also one thing many password schemes do not take into account is compromised accounts. So once an account is compromised and in theory you have the password you can try that password and login combination on other sites. There are ways to minimize this but you must use them. Plus the fact every site out there thinks they need their own login... I probably have at least 150 different accounts out there... With differing degrees of passwords. It is a nightmare.

Re:Obligatory xkcd (-1, Redundant)

Culture20 (968837) | more than 2 years ago | (#39352447)

He used 4 words. lets say 170k in words that is 170000^4.

With a dictionary of 170000 words, that's actually 4^170000. My /usr/share/dict/words has 230000+ lines, and it's only going to grow.

Re:Obligatory xkcd (3, Informative)

Jake73 (306340) | more than 2 years ago | (#39352219)

Well, not exactly applicable but interesting to the discussion.

I think the point is that consideration must be made for the "location" of the access portal. That is, if anyone with an internet connection can try their key in your lock, you probably want a pretty good lock.

But for access to things that have additional security, the lock quality may be reduced in favor of a key that is easy to remember.

1. Keep a good, long, easy-to-remember passphrase for access to your TrueCrypt partition that sits on a private computer inside your house.

2. Store passwords inside this partition in something like KeePass. The KeePass password doesn't need to be industrial. It should be easy to remember, but non-obvious. You type this password a lot.

3. Keep all internet passwords at maximum strength for the site and make them random from your password generator.

Re:Obligatory xkcd (1)

Baloroth (2370816) | more than 2 years ago | (#39352535)

The only problem with that system is it makes all of those sites unaccessible from literally any other computer in the world, unless you carry the KeePass file around with you.

While probably not quite as secure, LastPass offers two-factor authentication using Google Authenticator, so even if someone keylogs my pass-phrase they still won't be able to get my passwords without also getting access to my Android device (which isn't a phone, so hacking it would be tricky too). Keep in mind unless you have enemies or do sensitive work, you only need enough security to stop automated attacks.

Re:Obligatory xkcd (1)

kangasloth (114799) | more than 2 years ago | (#39352407)

Help me out here: is it not blatantly obvious that the numbers in that strip assume randomly generated pass-phrases? I thought that that was 1/2 the point. With a 48-bit key mapped to four characters of a 12-bit symbol-set composed of English words, you can get keys that are both strong and easy for humans to remember. Let users choose the pass-phrase and you sacrifice the first part, and it's only the combination that's interesting.

Re:Obligatory xkcd (4, Insightful)

thsths (31372) | more than 2 years ago | (#39352553)

I agree - and I especially hate draconian password rules, especially when they are different for every site. Some need at least 8 letters, but then some limit you to 8 or 10 at most. Some want upper case and letters, other's don't. Some don't allow special characters such as '.

And the worst part: if you have a system to generate cryptographically strong passwords, quite a few sites still reject them. The worst site that I would allowed only 12 characters, but required at least 2 digits, 2 special characters, and 2 upper case letters.

I still think that words are the way to go. You just have to make sure that they are reasonably random and not too common. "honeyiamhome" is not going to be difficult to guess if you have billions of attempts. The problem of entropy still stands.

xkcd (-1, Redundant)

Ihmhi (1206036) | more than 2 years ago | (#39352083)

xkcd's [xkcd.com] take on this. Will the Slashdotters have the balls to say one of their patron deities might be wrong?

Re:xkcd (2)

Zerth (26112) | more than 2 years ago | (#39352421)

Not likely, seeing as the math is sound. TFA used a minimum case of 20,000 phrases generated from natural language, so of course it will be less secure.

It even says at the end that passphrases generated like in the XKCD comic are sufficiently secure to offline brute force.

My password: (0)

Anonymous Coward | more than 2 years ago | (#39352085)

NoShitSherlock

Re:My password: (0)

Anonymous Coward | more than 2 years ago | (#39352345)

Mouhahahaha! I just took the control of your account, mister Anonymous Coward!

Well no shit. (0)

Anonymous Coward | more than 2 years ago | (#39352089)

If you use dictionary words, you'll be vulnerable to a dictionary attack. SHOCKER.

Of course they are secure (5, Funny)

Bender Unit 22 (216955) | more than 2 years ago | (#39352101)

I find that passwords like "Linuxrox4ever" are very secure. havn't had a problem with that one yet.

Re:Of course they are secure (0)

Anonymous Coward | more than 2 years ago | (#39352521)

hmm I thought your password was ************* ?
at least that worked for me.

Overblown criticism, poor test (0)

Anonymous Coward | more than 2 years ago | (#39352119)

The article implies they only used dictionary attacks and complete pass phrases.

Compare that with the phrase "L!ondonbridgeisfa%llingdowNDOWN"

When you add the potential of single or spread out capitalisations and that any word can be split up by any sign, dictionary attacks start to struggle.

Its a Trade-Off (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39352125)

Getting joe public to use something other than "password" is hard, but its easier to persuade Joe to use a phrase like "HomerLovesDonuts" than some random string of letters - we all know the random string will just get written down.

Secure, how times do I get to try? (4, Insightful)

Shivetya (243324) | more than 2 years ago | (#39352141)

How many attempts are these supposed sites allowing? If someone has a one in a million chance to determine my password how much of a threat is that to me if the site that requires the password only allows a few attempts before it locks the account?

I work on a system with ten character passwords, not case sensitive but numbers can be used, yet I don't worry about someone cracking the system. Its not like they are going to have unrestricted access to try and multiple failures lock accounts.

I do like multiple word passwords as it tends to not lead to people using little yellow stickies near their desk to record their passwords or keep them as reminders in their email.

Re:Secure, how times do I get to try? (2)

Crasoose (1621969) | more than 2 years ago | (#39352237)

I've been saying for a long time now if companies would just implement lockout policies we wouldn't have any of these issues.

Re:Secure, how times do I get to try? (2)

Culture20 (968837) | more than 2 years ago | (#39352623)

If companies would implement lockout policies, they would have to pay a group of four-five people to answer phones and unlock accounts all day. And woe betide the company which gets its username list posted somewhere ("everyone's locked out, and an admin has to walk down to the server room to log into the console as root to unlock us all. We've blocked the offending IP addresses, but this might happen several more times from new IPs").

Stolen hash [Re:Secure, how times do I get to try? (2)

Geoffrey.landis (926948) | more than 2 years ago | (#39352671)

I've been saying for a long time now if companies would just implement lockout policies we wouldn't have any of these issues.

It would help some (less annoying than a lockout policy is just to implement a delay that increases with number of failed attempts). However, the dictionary attacks that are worrisome come from a hacker stealing the password hash tables, and are done offline, trying to decrypt the hash, not simply repeated attempts to log in. These won't be prevented by lockout policies (although they will be prevented by making sure that the hash tables don't get stolen)

Like far too many researchers (4, Informative)

Sycraft-fu (314770) | more than 2 years ago | (#39352283)

They assume they get ideal circumstances, ie as many attempts as they want. As such their research is basically fucking worthless. The only time such a situation applies is if you have, say, encrypted data and an adversary has gotten that data. They can then try to decrypt it until the end of time and you can't change the password.

That doesn't do shit for remote login. No system is so accommodating to let you just try and try. Even if they don't do permanent lockouts, they'll lock you out for awhile. Like our domain, you get 5 attempts and then it locks the account for 30 minutes. So you can get a whopping 240 attempts per day (presuming we don't notice and shut it down). Gonna take a LONG time to cover the password spaces they are talking about, LONG time.

This also assumes that you know that someone is using a multi-word phrase, and that you know they aren't playing games with number substitution, caps, and so on. This is useful maybe in an intelligence agency type situation, where you can survey your target and you can learn about the kind of password they use, even if you can't find out the password itself, and restrict the search space. However in terms of randomly hacking things remotely, nope, not useful. There are too many possibilities for what the person could use and multi-word phrase is only one of them. You could try every single one of to 10 words, only to then discover your target doesn't use that, and has a simple password like password123 that wasn't in your search space.

Re:Like far too many researchers (0)

Anonymous Coward | more than 2 years ago | (#39352715)

And of course, nobody ever leaks lists of usernames and encrypted passwords from embarrassingly high-profile sites.

Re:Secure, how times do I get to try? (3, Interesting)

CubicleZombie (2590497) | more than 2 years ago | (#39352349)

If someone has a one in a million chance to determine my password how much of a threat is that to me if the site that requires the password only allows a few attempts before it locks the account?

When I see this implemented, it's usually like 3 attempts until lockout. Make it a few hundred. That's enough that a forgetful human has plenty of tries but a brute force attack will fail.

Poetry (3, Funny)

bickerdyke (670000) | more than 2 years ago | (#39352163)

Is Vogon poetry available in common attack-dictionaries?

Re:Poetry (0)

Anonymous Coward | more than 2 years ago | (#39352245)

Why would you even try to unlock with anything other than 42? Its the answer to life and everything. I am sure its also the password of whichever account.

Re:Poetry (1)

Anonymous Coward | more than 2 years ago | (#39352275)

Groop I implore thee, my foonting turlingdromes.

It is now.

Re:Poetry (2)

drinkypoo (153816) | more than 2 years ago | (#39352437)

While building your dictionary for passphrase analysis you have to be a pretty big asshole not to include the complete works of Douglas Adams. I would dump a big ebook collection through a filter which sorted, uniq'd, compiled, sorted, uniq'd until it was left with not just all the dictionary words that people actually use but also all the proper names and alien words that appear in all the typical universes with which people are familiar and entranced... Culture, Merchanter, Empire, etc etc. A wikipedia dump would be another goody, and they're easy enough to come by.

Re:Poetry (5, Funny)

HCase (533294) | more than 2 years ago | (#39352617)

There was a ship that tried using Vogon poetry for their password locks once. Unfortunately, after valiantly functioning for 3 weeks, the login daemon it decided it could no longer take it and convinced the ship's navigation system to fly into a nearby star. Further use of password verification system was banned several years later, after an intergalatic agreement was reach that said requiring people to remember Vogon poetry was cruel and inhumane.

I forgot my password. (0)

Anonymous Coward | more than 2 years ago | (#39352171)

Should general populace still be coaxed into using randomly generated passwords?

General populace is getting sick of this shit.

Are passwords really that hard to remember? (0)

Anonymous Coward | more than 2 years ago | (#39352181)

Seriously, I have multiple 10 to 30 character passwords, completely randomly generated, with upper, lower, numbers and symbols. I just practice typing them in a few times a day for a week or two, and then I find I can remember them for years. The upper end of that range is good enough that I can use the password directly for encryption purposes, IE, that's enough bits without strengthening to be just as secure as the underlying encryption keys.

I mean, who hasn't had to memorize a poem or something for English class back in highschool? It's really not that different, you just have to have the mindset that you can do it, and then practice.

Re:Are passwords really that hard to remember? (4, Funny)

cvtan (752695) | more than 2 years ago | (#39352247)

My granddaughter thinks it's too hard to defrost a frozen bagel before eating it. You want the youth of America to practice typing passwords? Ha!

Re:Are passwords really that hard to remember? (1)

Anonymous Coward | more than 2 years ago | (#39352403)

My granddaughter thinks it's too hard to defrost a frozen bagel before eating it. You want the youth of America to practice typing passwords? Ha!

Not sure if you intended it or not, but this is exactly the kind of pass phrase we should be using instead of the asinine "10 characters or less, include one cap, one number, and do not repeat a character" crap we get from typical IT systems.

Re:Are passwords really that hard to remember? (1)

jafiwam (310805) | more than 2 years ago | (#39352695)

To her credit, a very cold plain bagel has a nice chewy texture you don't get if it's thawed. It'll seem like it has a lot of moisture in it. Once room temp, they taste dry.... until toasted and smeared that is.

Re:Are passwords really that hard to remember? (1)

Darfeld (1147131) | more than 2 years ago | (#39352435)

If it's works for you, it great. But you can't expect everybody to go with some personal mantra every day just to memorize a few password.

And anyway, this is really unnecessary. For most account, you just need a moderately strong password, a word with a number and 6 signs are more than enough since nobody will bother finding it by brute force.

Very specific conditions (5, Insightful)

Dixie_Flatline (5077) | more than 2 years ago | (#39352185)

The passphrase system they studied wouldn't allow duplicate passphrases. So if you picked one that was already in use, it would tell you so.

The problem isn't that the passphrase is insecure, the problem is that the system itself is giving you information about what's inside it. Doesn't it seem obvious that any security system that relies on secret data that gives up information about the secret data is insecure?

Then they did an analysis on passphrases that use english words with the same frequency as in standard English. So the word 'betwixt' was probably pretty low down on the list, and 'material' was probably higher. That also seems unreasonable. Just because you want a memorable password/passphrase, it doesn't mean that you have to use small, ultra-common words.

This study has little merit in declaring that passphrases are insecure. (It does have merit in letting us know that obvious security problems are, in fact, obvious security problems.)

Re:Very specific conditions (2)

MaerD (954222) | more than 2 years ago | (#39352609)

It's also worth pointing out that they suggest that common phrases like "Manchester United" or "Harry Potter" would be used quite a bit. Just because it's a passphrase doesn't mean you shouldn't still use a "common dictionary" (or in this case "Common Phrasebook") to prevent people from choosing things like the above, possibly with a length check of some sort involved as well, to prevent cases like "fee fai foh fum", which may not be caught by the common phrase check, but has all words of the same length.

Four or so words chosen at random without association can be memorized and provide greater security. They can even come from a book, as long as they come from different places ie: "Classes Default Automatic When". Words chosen at random, almost sounds like a phrase, but is unlikely to be checked within a certain number of retries. Even using less common phrases from a source would likely be fine. "To be or not to be" will probably be checked early, as it is common. "Nobler in the mind to suffer" would not likely come up, as it is not the start of the phrase, or even the complete phrase.

LastPass (3, Informative)

alphax45 (675119) | more than 2 years ago | (#39352199)

I use and love LastPass. It has a really great password generator that I use for all sites. I always use the maximum number of characters and the largest character set (letters, numbers, symbols) the site will let me.

My actual LastPass password (the single point of failure) is 32 characters long. It is a phrase in "leet" speak with symbols padding the start, middle, and end.

I feel pretty safe with this.

Just my 2c

Re:LastPass (0)

Anonymous Coward | more than 2 years ago | (#39352539)

great! so now i know where to start my dictionary attack on your LastPass password.... isnt your password practice something you want to keep secret, even if it is a complex practive to keep attackers guessing, and keep their scope as broad as possible?

Re:LastPass (1)

Zocalo (252965) | more than 2 years ago | (#39352597)

Same approach here, although with a different password management tool. Unique passwords for everything, and all randomly generated to the maximum complexity allowed for the login in question, and I also expire and renew the passwords on a fairly regular basis for the accounts that matter to me. That seems like the most sensible approach given the recent occurances of compromised user login DBs (usually en clair, FFS) and subsequent account compromises because of password reuse.

Let's face it, if some random user is using some fairly complex but obviously memorable password (l33t speak, combination of names, all the usual tricks people use and advocate) then a quick brute force attack against a bunch of popular websites using the same username and password combination is almost certainly going to yield at least a few few hits. Multiply that by the thousands of such combinations likely to be in a typical login DB and spread the load around with a botnet and even a n00b cyber criminal is almost certainly going to get more than a few opportunities for fraud, spear phishing and other activities.

The only draw back to this approach that I can see is if the system you are running the password manager ever gets compromised and your master password and DB file stolen since at that point it's pretty much game over. Short of running the password manager on a dedicated system (probably kept underneath your tin foil hat) though, I don't see any sensible way around this yet barring wide scale adoption of a centralised two-factor authentication scheme such as RSA keyfobs. That said, so far I'm not aware of any rootkits that specifically look for the use of dedicated password management tools and directly attempt to compromise the DB, although stealing web browser password caches and the like for has certainly been going on for a while. That doesn't mean they are not out there though, and even if they are not the goalposts are always moving so it's probably just a matter of time.

Sky is blue... (0)

Anonymous Coward | more than 2 years ago | (#39352201)

"Pass-phrases comprised of dictionary words may not be as vulnerable as individual passwords, but they may still succumb to dictionary attacks, the research finds."

Pass phrase containing dictionary words is susceptible to dictionary attack. In other news, the sky is still blue. Water still wet.

Take into account human nature (5, Insightful)

MetalliQaZ (539913) | more than 2 years ago | (#39352233)

As mentioned, a lot of stock is put into secure passwords, when the reality of computer usage makes all the effort meaningless.

Lets look at a normal user, Joe. Joe has many corporate logins at his job. His company has a password strength policy, so Joe has ended up with this password: Jason5 (Jason is his youngest son). The last password was Jason4, then Jason3, etc. Some system require more powerful passwords, so he uses _Jason$5. I have met dozens of Joe's IRL.

Lets look at Lucy. Lucy knows that a good password only has to be easy to remember and hard to brute force. "Simple Man" is one of her favorite songs. Especially these lyrics:

"Boy, don't you worry you'll find yourself
Follow your heart and nothing else
And you can do this, oh baby, if you try
All that I want for you my son is to be satisfied"

She selects this password: allthatiwantforyoumysonistobesatisfied
She'll never forget it, and I won't be cracked by ANYONE. Governments who want her password could crack it, but they would probably just put her in jail until she gave it up.

Then, Lucy reads the article linked above and starts to doubt the security of her password. She is wrong, her password is WAY better than Joe's.

Both accounts end up getting compromised. The company had been storing passwords in plain text and was hacked via a 2-year old SQL injection vuln. So much for all that bullcrap.

-d

Re:Take into account human nature (0)

Anonymous Coward | more than 2 years ago | (#39352533)

-1

You should have called Joe Jack and Lucy Diane.

A calculation (0)

Anonymous Coward | more than 2 years ago | (#39352235)

12 random characters from a 60 character set = 60^12 = 2.17e21
4 random words from a 200 000 word dictionary = 200000^4 = 1.6e25

Disbelieve (2)

mseeger (40923) | more than 2 years ago | (#39352265)

Even if you have a very small set of words (about 1.000) to choose from, with four words you reach about 40 bits entropy. No chance to crack this brute force.

If you take only two words, you would have about 20 bits of entropy which is about as good/bad as cryptic password.

Re:Disbelieve (-1)

Anonymous Coward | more than 2 years ago | (#39352425)

Dictionary attacks. Remember how those work?
We take a bunch of common words, and try them all out. A thousand words even with all their leetspeak and possible variations would be a rather small number of guesses. Sure, there are more words, but you gonna have to chose between a rather large subset to get the same security as purely random characters.
Pure bruteforce certainly wont pass, but if you have seen some of the leaked password lists from the past year, you will notice how many passwords are the same, so adding those to a dictionary attack gives you a pretty big success rate for a rather small number of tries.

The system is broken if... (2)

ghostdoc (1235612) | more than 2 years ago | (#39352267)

The system is broken if people can't use it. People aren't broken because they can't use the system right.

If your method of controlling access is nice and easy for computers but hard for people, it's broken and you need to find a new method.

My method (5, Funny)

Anonymous Coward | more than 2 years ago | (#39352355)

Fuck it I say. I just always use letmein for all my passwords. Easy to remember and so easy to hack into nobody's going to waste time thinking there's anything valuable protected by it.

I call it security through insecurity.

Pass phrases are good, more research needed (2)

MobyDisk (75490) | more than 2 years ago | (#39352363)

Based on my read of the article, I conclude it as saying that pass phrases really are good, just not a panacea. We already knew that people pick stupid passwords. It turns out that people pick stupid passphrases too. That's too bad, but it is really unsurprising.

One thing I can say from personal experience: smart people still pick stupid passwords. I think most people just aren't paranoid about it, and don't care until something bad happens to them as a result. This might be something that parents need to teach their children: Don't talk to strangers, brush your teeth everyday, and don't pick obvious passwords. Maybe once a generation is imbued with this as obvious then the problem will diminish.

Geometric keyboard patterns (1)

AttyBobDobalina (2525082) | more than 2 years ago | (#39352375)

Instead of words, I think shapes. Pick a starting point, say &, then for a shape on the keyboard (say a 4x4 square), returning to the original key. Lots of shapes, sizes, patterns that are not vulnerable to dictionary attacks, but easy to remember.

Re:Geometric keyboard patterns (0)

Anonymous Coward | more than 2 years ago | (#39352485)

Great idea, but be sure to know what to do when using a keyboard abroad. In France I never manage to type my password correctly...

Re:Geometric keyboard patterns (1)

AttyBobDobalina (2525082) | more than 2 years ago | (#39352563)

That's a really good point. I was not thinking about keyboard language translations. It's also a pain to try to explain to someone remotely how to type your password....which actually might be a good thing. Though, this method does tend to get me instant cred from the IT guys. :)

Why is math so hard? (1)

Hentes (2461350) | more than 2 years ago | (#39352405)

If you have a decent vocabulary, you can choose between about 10000 words. So, even against a dictionary attack, a password of 4 words is 53 bits strong, a password of 5 words is 66bits strong (strong enough for everyday use), and a password of 6 words is 79 bits strong (uncrackable today).

Re:Why is math so hard? (2)

Maximum Prophet (716608) | more than 2 years ago | (#39352477)

If you have a decent vocabulary, ...

Most people don't choose their passwords from a decent vocabulary. I've seen too many instances of P@ssw0rd, that people think is secure.
Throw some uncommon names and foreign words into your phrase, and it essentially becomes unguessable. But, many people don't know any foreign words.

Dictionary password (1)

jouassou (1854178) | more than 2 years ago | (#39352413)

The good thing about the English language is that it's got over a million words. Use a few uncommon ones:

> We're 12 widdiful pronks -- and 21 scopperloit nihilarians!

Not in the wild... (1)

Lumpy (12016) | more than 2 years ago | (#39352415)

"but they may still succumb to dictionary attacks, "

If your system can do a dictionary attack on my 5 word phrase in three attempts, you deserve access to my accounts.

I now use un-crackable passwords! (3, Funny)

OzPeter (195038) | more than 2 years ago | (#39352419)

I have started using regex's as the basis for my passwords. Love to see some one crack ^[A-Z0-9]+\([a-z!]+\)$

The trouble is that now I have regex's ..

Bad, when implemented poorly (2)

Maximum Prophet (716608) | more than 2 years ago | (#39352429)

... Amazon's PayPhrase registration page. Because the page prohibits the use of any pass-phrase that has been used by another user, it's possible to identify which pass-phrases are in use.

This is a well known, bad idea. Unless you also lock out the original user of an obvious passphrase, you give an attacker information.

Better is to just start with a dictionary of "bad" phrases, that no-one can use. Then, when an existing phrase is no longer in use, you mark it "bad" and unusable in the future. Of course, someone might start using that phrase berfore the rest stop using it. If it's an especially bad case, you might have to lock all those users, and make them reset their password through a different, secure, channel.

Throw some uncommon names and foreign words into your phrase, and it essentially becomes unguessable.

Is a dictionary attack a major concern? (1)

91degrees (207121) | more than 2 years ago | (#39352499)

I have to wonder about this. These attacks take time, especially over a network, are often detectable, and don't guarantee success.

So, serious question - how often are such attacks employed compared with exploitation of vulnerabilities or social engineering?

The key is "unrelated" (1)

Rich0 (548339) | more than 2 years ago | (#39352513)

So, as others have pointed out the only thing that matters is entropy. Entropy isn't just based on the number of characters, and that is true both of one-word and multi-word passwords. I'd probably say that "to be or not" is much lower entropy than "x8Jk$4B" - however, "bicycle tripod tissue diploma" is probably much higher entropy than "Wallets5".

The key with multi-word passwords is that the words need to be unrelated. If the words are closely associated like "apple banana cherry date" then you are opening yourself up to a number of attacks. The same issues apply to 8-char passwords containing numbers and symbols - users can still pick passwords that have far fewer bits of entropy than the character set implies. If anything the problem with single word passwords is that users STILL pick stuff that is dictionary-based, and yet you don't have the protection of having as many combinations as with multiple word passwords.

The math clearly shows that multiple word passwords are much stronger and potentially more memorable - AS LONG AS THE WORDS ARE UNRELATED.

Re:The key is "unrelated" (1)

Wingfat (911988) | more than 2 years ago | (#39352605)

even with unrelated words, a Dictionary attack will render them useless, speaking from experience I have seen one where a person was using DogsEightME and was cracked pretty darn quick.

piffle (3, Interesting)

koan (80826) | more than 2 years ago | (#39352573)

Just hold down shift and type in your 10 digit phone number.

  (@)%%%!@#$

FIPS 181 (1)

Anonymous Coward | more than 2 years ago | (#39352591)

In all this discussion, it seemed obvious to me that this problem had been solved quite some time ago:

http://www.itl.nist.gov/fipspubs/fip181.htm ... but I've never seen it come up, Are there any papers with cryptanalysis of this method, or other documented attacks?

Is there some other reason not to use this method? (as a reason why it never comes up as a solution to the problem)

Flawed Research (1)

Zarjay (891644) | more than 2 years ago | (#39352675)

Amazon PayPhrase wasn't a good system for them to study.

By default, Amazon PayPhrase recommends a random pairing of two words [authentico...ations.com]. I bet that most users didn't bother changing their recommended passphrase. It also affected user behavior: users are more inclined to pick two-word pairings or other super simple passphrases if that's what's presented to them initially. Amazon PayPhrase also discourages users from making traditional non-dictionary passwords, which is very different from most other password systems. This, along with the fact that no two passphrases are allowed to be the same, makes their passphrases highly predictable.

I think this study says more about user behavior in regards to using the Amazon PayPhrase system than it does about multi-word password security in general.

Don't incriminate yourself (0)

Anonymous Coward | more than 2 years ago | (#39352677)

As mentioned recently here, make your password ifedthebodytomyneighborspigs

Then, you can't give it up without incriminating yourself. Win-Win!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...