The button below will generate a random phrase consisting of four common words. According to yesterday’s xkcd strip, such phrases are hard to guess (even by brute force), but easy to remember, making them interesting password choices.
Visit http://passphra.se/
correct horse battery staple
It’s a novel idea, but xkcd stops short of actually recommending such passwords, and so will I. Use at your own peril! I’m not responsible for anything that happens as a result of your password choice. (But if you’re just signing up for a kitten video forum, you’re probably safe.)
In case you missed the strip, here it is:
Other generators have popped up online, but unlike most of those, this generator only uses common English words. That’s important, because the more unusual words are used, the harder the password will be to remember. For example, “decimalisation contrapuntal assizes diabolism” is not particularly easy to remember, I’d say.
The xkcd strip suggests 11 “bits of entropy” per word, which can be achieved using a list of 211 = 2048 words. I scraped a list of 1949 words (close enough) from this site, which is based on the most frequent occurrences in newspapers. This list doesn’t include “battery” or “staple”, so perhaps a better list is still possible. In any case, you can view the JavaScript source code here.
It’s hard to be convinced about every detail in the strip, but it really had me thinking. The last panel claims that the reader has already memorized “correct horse battery staple”. Sure, a lot of readers will probably have that phrase memorized for a while. But the strip itself is interesting, takes a lot of concentration to understand, and incorporates a visual aid. I think we’re more likely to remember “correct horse battery staple” for those reasons. Will it be just as easy to remember other four-word combinations?
What do you think? Is it easy to remember the other passwords generated here? Do you see some way to improve the algorithm? Is there any merit to this password selection strategy?
As far as password management goes, I’ve personally found KeePass to be an excellent solution. And for an amusing look at how most people actually do choose passwords, check out Your Top 20 Most Common Passwords and The science of password selection.
Here’s the blog post that, I assume, sparked this strip: http://www.baekdal.com/tips/password-security-usability
Thanks for the link. I knew there had to be prior work on “multiple common word” passwords!
I’d actually never read that blog post, but I’m certainly not the first to suggest that passphrases provide more security and are easier to remember than passwords, because our brains are wired to better-remember things we can attach meaning to.
See also this:
http://en.wikipedia.org/wiki/Diceware
Hi Randall, thanks for stopping by. That was the part I wanted to explore most: Given an arbitrary phrase, in the format you specified, how easily can our brains attach meaning to it and remember it? I think it’s fun to click the button a few times and feel your brain go through the process.
I’m still surprised to learn that these passwords are stronger than the ones I’ve been using. (I was a Tr0ub4dor&3 guy.) One catch though, my generator currently uses Javascript’s weak pseudo-randomizer! I’ll have to upgrade that. Update: Added a secure server-side hash.
Wait, you mean that instead of generating the password from a wholly inadequate amount of entropy in the browser, you’re sending the entropy across the internet unencrypted to the browser? So anybody running Wireshark in the same cafe has the information they need to generate my new Gmail password?
Although I am glad you are doing this work, I do not believe I agree with your beliefs about priorities in security, sir.
The server-side hash was used to strengthen the output of the browser’s random number generator. But I agree that if a savvy hacker intercepted the traffic, they would have enough information to limit the amount of guesses needed for a brute force attack. (I shouldn’t have called it “secure”.) I’m glad to get some actual feedback about the algorithm, so thank you!
I’m reluctant to implement an encrypted connection, as it would increase my web hosting costs. I’ll be more open if this generator proves popular. But technically, such a strategy would still leave visitors vulnerable if I was malicious.
Either way, you’ve inspired me to improve the generator to become more like this one. It now uses significantly more entropy on the client side. Significant enough to have confidence? Possibly, but I’m not sure. There is a limit to how much entropy can be introduced from JavaScript, especially for the very first passphrase (before the user clicks the button).
I’m not a security expert, so I’d be very interested in further comments on the algorithm. The source code is here.
Seriously, if you’re that security-conscious that you’re worried about this password-generator compromising your security, what the hell are you doing generating passwords on wifi in a cybercafe? Your scenario makes no sense, and is so improbable as to defy all reason. If someone is really watching you that closely, they’re more likey to bludgeon you with a crescent wrench. http://xkcd.com/538/
Isn’t trading a complex password for 4 very common English words just throwing yourself at dictionary attacks?
Granted, most dictionary attacks only check for one word, but if this idea actually takes hold, the brute force hackers will start with a 4-word dictionary attack and *then* go on to what they were doing before.
I’m not a hacker so maybe I’m missing a point somewhere, but that’s how I see it at least.
No, it isn’t. The comic strip explains why not. And there’s a mouseover text apologizing for the conversation we’re having right now.
Strictly speaking a 12 digit password could have as much as, if assuming about 72 possible character choices, 72^12 combinations (~ 1.9e22, about 2^74). This is if each character may be entirely random.
The xkcd strip assumes common formatting of a password, such as word-digit-special char. It assumes a dictionary word, with some possible replacements of letters. This reduces the complexity of the potential passwords to 2^28.
If you have 4 words instead, and a list of 2048 (2^11) words, then you have 2^44 possible passwords, which would be more difficult than the formatted password, but not as difficult as 12 random characters.
If you go to 2^14 words (16k), the random word password goes up to 2^56 possible passwords.
You’ve assumed that the person guessing your password knows you are using 4 common words. What if you use 5 common words, or 3 common words?
Guarding against all of the possible ways people can construct passwords is part of the reason that the information complexity of the 4 common words is fairly high.
No, that is not correct. The entropy estimate in the comic assumes that your attacker knows how you generated your password, including the exact dictionary you chose the words from. If the attacker doesn’t know it was 4, but knows it was between 3 and 30, that doesn’t appreciably change things. Checking all the 3-word combinations takes 1/2048 as long as the 4-word combinations, so he can do that first at no appreciable time cost. (Assuming there are 2048 words, which I believe there are not, in this case.) And all the 4-word possibilities are more probable than any of the 5-word, 6-word, etc., possibilities, so he will check all the 4-word possibilities before moving on to the 5-word case. But he will find your password before getting to the 5-word case, so the fact that he doesn’t know a priori that you used only 4 words is irrelevant; he got your password just as fast anyway.
You forget that at 1000 guesses per second (which coincidentally, can also be severely hobbled at the server side), it will take at *least* 100 years to guess the password, and a maximum of 550 years to deplete the list. Assuming, of course, that the attacker even knows the list!
If the attacker decides to guess all 3 word combinations first, that will tack on an additional 98 days!
Attackers literally have better things to do with their time and botnets. I’ve seen SSH attacks last for 24 hours, but noone is stupid enough to brute-force any given password for 98 days, let alone 100+ years. And anything worth trying to brute force for that long would have a system administrator who is wondering why their disks are filling up with logs well before the password was cracked. Heck, some of us even run logcheck! And firewalls!
No, a far better method of getting passwords out of Joe Average is phishing. A better method of getting passwords out of admins is man-in-the-middle attacks or compromised routers. And a better method of completely circumventing passwords are security flaws in the source code. Hackers traditionally try these methods in the reverse that I’ve listed them, because they’re far easier and far more effective.
Indeed, a 12 character password made from a wide range of characters would be more secure, but they’d need to be random characters. Otherwise, an attack using frequency-sorted bigrams would reduce the effective entropy of such a password.
And if they were truly random… well, that just proves the point that it’s extremely difficult to remember. Even a not-really-random combination like “tR0ubáDo4!” is very difficult to remember for long periods, especially if different passwords are used on different sites.
In contrast, a passphrase system made out of a series of common (or more to the point, easily-visualised) words is quite easy to remember with the simplest of mnemonic techniques, for example: “green flies neighbour mustard” => “green flies all over my neighbour”, “neighbour spreading mustard on him/herself” (oops, careful of rule 34).
That said, if there are 2000 words to choose from, then the number of years to crack at 1,000 trials per second for a four, five and six word passphrase respectively would be:
=2000^4 / (1000*3600*24*365.25)
507.00940502446
=2000^5 / (1000*3600*24*365.25)
1014018.8100489
=2000^6 / (1000*3600*24*365.25)
2028037620.0979
Bear in mind however that some modern GPU hash cracking tools can hit over 5000 million attempts per second. At this speed even a five word string will be broken within 3 months, and a six word string will last about 400 years.
“Bear in mind however that some modern GPU hash cracking tools can hit over 5000 million attempts per second.”
This assumes they have a hash to check against. If it is just a web portal, the best/biggest bot net in the world wouldn’t be able to come anywhere near that number of attempts (and wouldn’t use the GPU at all, most likely).
Eric, the time required for dictionary attacks and space required for rainbow tables to crack four words instead of one increases exponentially. If cracking one word take n time or space, cracking a phrase of four words (not four words separately) will generally take n^n^n^n time or space (not n^4).
Remember that you don’t get to solve each segment then move on to the next in cryptography: you have to crack the whole thing at once.
How do you figure?
http://en.wikipedia.org/wiki/Hash_function
(Sorry I should have been more clear that I was asking about the n^n^n^n statement rather than the “you can’t solve it iteratively” statement.)
If you have a dictionary of two words and you can have any order four words, there are 16 combinations, not 256.
Starchy, I don’t think that is correct.
With a dictionary of 10 words, a 2 word password would have 10^2=100 different possibilities, not 10^10 as you seem to imply.
But, assuming you don’t go blabbing about your new 4 word password, your attacker wouldn’t necessarily know that you only have 4 words.
He would have to guess both traditional cracks (6-10 words of 50ish random characters) and a 3-6 word dictionary attack.
AND he would have to start his dictionary attack with one word, then go on to two words, then three, etc. I’m too tired right now to figure out if that would result in n^n^n or n^(n^2) or what, but it would be one hell of a lot of possibilities regardless.
Luke and Tom P N^N^N^N would approximate the time required to crack not the number of possibilities. 10 words with 2 word phrase would be 10^2 of possibilities but require 10^10 “time”
“Eric, the time required for dictionary attacks and space required for rainbow tables to crack four words instead of one increases exponentially. If cracking one word take n time or space, cracking a phrase of four words (not four words separately) will generally take n^n^n^n time or space (not n^4).”
No. n^(words) is exponential in the number of words already. You’re confusing exponentiation with tetration (or “superexponentiation”).
You might be interested in this generator I made: http://afitnerd.com/projects/passable. It uses the ideas talked about in the xkcd comic, but ensures that you have a different password for every site.
Someone with a phd level vocabulary has about 60,000 words (apparently). A concise english dictionary has about 20,000 words. So 2000064 is a very good password to try and dictionary attack.
However I wonder if some grammar rules actually constrain our choices of words “correct horse” is “adjective noun”. If humans pick four word combinations that obey some sort of syntax could really constrain the search space down to attackable levels.
20000^4 not 2000064
You can always combine the two a little bit. A lot of sites won’t let you get away with a password without numbers and/or symbols. You can take a four word phrase and replace the vowels (or some consonants, or whatever) in a consistent fashion and get past these webpages requirements:
ie. factor pig captain first -> f@ct0rp1gc@pt@1nsf1rst
“In warfare, one must always *factor pig captains first*, since a pig captain will ruin your day faster than anything on the battle field.”
Why do people always remove the spaces? Might as well add the extra 4 characters with cognitive overhead.
Many sites’ password functionalities are crippled by spaces. Even when the site itself supports spaces (e.g. gmail), mobile applications (e.g. early versions of Android) either consider the spaces to be invalid or handle them incorrectly.
If the site is coded in a way that it cant even handle spaces in passwords, it doesn’t inspire confidence that they’ll be properly storing my password hash and not just using plain text.
Yes, you’re right. It doesn’t inspire confidence. In the top 1% of internet users. That still leaves 99%, 60% of whom would rather the site in question didn’t even use passwords at all.
The space bar makes a distinct sound and moving your thumb to it is fairly obvious.
And while you’re shoulder-surfing, you should also at the very least go out of your way to *count the number of keystrokes!*
That would greatly reduce the number of possibilities, reducing your time to cracking to about 10 years.
Leetspeak is just as easy to break with a dictionary attack as normal words. It’s predictable, i.e. don’t use it in a password.
The suggestion was to use leetspeak in situations where the system is programmed to insist on a mix of lowercase, uppercase, digits, puncutation, and a drop of your firstborn’s blood. That provides an illusion of security rather than actual security (for reasons stated in the comic), but it seems to be the fashion these days.
Thanks for posting this. Now if only more computer systems (particularly websites) would allow the use of passphrases in their password fields.
I use a combination of password management tools: LastPass is really handy for browsers. KeePass is good for everything else.
Indeed, this proposal is somewhat hampered by sites that don’t allow more than eight characters in their passwords…
My solution turned out to be a script. Not the best of solutions, but perhaps only in earnestness.
The trouble with that approach is that many system administrators have configured their systems to enforce mixed case, numeric and, non alpha-numeric characters. So you are going to be stuck throwing the &3 type business even with your phrase type passwords anyway.
Add it at the end then.
I’ve found http://www.fourmilab.ch/javascrypt/pass_phrase.html to be useful for generating pass phrases. The words can be obscure but I pick and choose ones I can remember.
14 random alpha+num characters (no special characters) has 10^25 permutations. That is 1000000000000 times more secure than this.
Also 1000 attempts per second? really? is this on your 286?
I guess the 1000 attempts/second might apply to a remote attack. Either way, you’d hope there are other safeguards which kick in when this many attempts occur, like slowing down the validation time or something.
Yes, random-character passwords can have more than six bits of entropy per character; even alpha+num passwords have very nearly six. But they might be harder to memorize per bit of entropy; that’s the conjecture from the article.
The 1000 attempts per second is explicitly explained in the comic strip to be in the remote-attack threat model, not the stolen-hashed-database threat model, which could indeed support much higher cracking rates. I prefer to choose my passwords with at least 72 bits of entropy to cover the more demanding threat model. That would require six words randomly chosen from among the 4096 most common, instead of four.
Yes, and stolen-hashed-database attacks wouldn’t even require a sequential brute-force attack. You simply need a sorted list of all possible hashes (and with terrabyte drives these days, that’s a piece of cake. A serious hobbyist with $5000 to spend can easily get into the exabyte range), and your search should take all of about 15 seconds. Which is why the stored hash is only a last line of defence in an onion 4 layers deep.
Not that it matters. The fact of the matter is that your passwords need only be *just hard enough* to guess over a remote internet connection to force the attacker to give up and try something else. To be honest, most attackers use other methods first before resorting to brute-force attacks except for the very simplest of passwords.
14 random alpha num characters are hard to remember, so whether they are more secure depends in whether they have been written down.
This idea has been around for a while. There is a scheme called Diceware, which even stipulates that the user uses dice to choose their word list, to ensure that the random number seed used by a passphrase generator can’t be guessed.
http://world.std.com/~reinhold/diceware.html
(The current Unix time is commonly used as an RNG seed in naively written scripts. It’s easy to build a list of all passphrases generated for every second of a given day, or even every second since 1970 in the 32-bit Unix time counter.)
Why would you use this over a password manager like LastPass, 1Password, or KeePass? Remember one password, never worry about it again.
You could even combine them, and use KeePass to keep track of some 4-word passwords. But KeePass-generated passwords are much stronger.
If you are used to log on paystation.com account with an email and a password, what happen if employee of paystation.com:
– try to use the playstation’s password on your gmail account?
– try to log to amazon.com?
– try to log on battle.net?
You need to find a trick (or a tools) to have strong unique password per important website. In my case, i try to place some letter of the service i use in the password. For exemple, if i need to log to preshing.com, i will mentaly hash “password&3″ and “Preshing” by replacing the “w” by “p” (the first letter of the site) => “passpord&3″.
its not just about the ability to remember one’s password; it’s about the ease an intruder would have in cracking the password.
it is also, to me, counter-productive to use a single-password password safe; rather than needing to crack many passwords, now an attacker only need crack the single password, and the rest will be revealed without effort. To me, it’s like putting all the valuables in your house behind a single lock, using a lock with a giant key that can be seen from a hundred feet away; it is usually a password that you must type often and is therefore more susceptible to key-logging or other password sniffing methods, or worse, a password that your browser remembers for you.
Steve Gibson has a “Search Space” Calculator here:
https://www.grc.com/haystack.htm
The page also talks about password length and entropy. He proposes “padding” passwords, which may be even easier to remember than multiple dictionary words and it achieves the same thing, increasing the search space.
Consider alphanumeric password of n characters. A-Z, a-z, numbers: Total 56 possible options for each slot. Therefore, a truly random password would have 56^n possible options. (Ten-character: 303,305,489,096,114,176; or, 2^58 and then some.) Of course, generating such of a password is more difficult. One way is to condense an easy-to-remember phrase, though this does limit the search space, too, if your method is know.
CaponcAanT would be the first letters of the first ten words in the text above. Of course, you could also include punctuation and figure out better phrases which include numbers.
TatLUaEi42: “The answer to Life, Universe and Everything is 42.”
Interesting method, but if the site supports long passwords, wouldn’t you just be better off typing the whole sentence? By making it an acronym, you’re making it both easier to type and easier for brute force attacks.
Either way, the site should be configured to throttle repeat failed attempts to slow down brute force attacks…
Ten characters or so is not, in my opinion, a very “long” password – there are many sites which ask for passwords to be about that length. Of course, for sites which support long passwords, there’s a wealth of new options. (Though if you make the way you choose a long password known, assuming it isn’t random, you’re again limiting the search space for brute forcing.)
And of course, as long as the keyboard is always the same and you’re an experienced typist, some passwords are not memorized – only how to move your hands to type them out. So, in effect, string of random characters becomes a specific way to wave your hand on the keyboard.
Also a quick fix to my previous post, I can’t count. I was thinking rot13 -> 23, when 2×13 is 26 – so 62 options per character for alphanumeric. 62^10 is 2^59 and then some.
Not one mention of the man who started the push on this, Steve Gibson. He has been talking about this for months and people are just not starting to pay attention. Here is his Haystack calculator. https://www.grc.com/haystack.htm
The comic made a point that security folk have been having difficulty conveying, but the “four random words” pattern isn’t strict. An odd phrase someone else uses in your office, for example, would be hard to crack online. “They call me MISTER email administrator guy, thank you very much!” If you’re the email administrator and say this often, others might guess it in the office, but not online. If you’re just the guy he says it to a lot, there’s not much chance anyone will guess it.
a company i do work for has a nice password generator for their massive customer database administration, which even low-level employees need to access regularly.
it generates 3 words, bridges them together with special case characters and adds a spelling mistake (repeated or missing character) to one of the words. one of the words is also something that can be personified, like a name or an animal.
everyone i’ve spoken too, including myself, has only ever looked at it once and remembered it, because it makes a story.
The point, though is that this pattern of throwing in the special case characters, and adding a spelling mistake adds very little in the way of additional security (and much much less than adding a fourth word), but makes the password significantly harder for people to remember. There seems to be a fetish around making passwords _look_ secure, and it’s hurting security, not helping it.
A bit excruciating to type this password on some mobile devices, and might get disallowed or truncated by some poorly designed login mechanisms.
so the next step is to take an easily remembered phrase like ‘ask not what you can do for your country’ and hash it an easily remembered way, maybe adding some caps, numbers and the domain it’s for. like PR-anwycdfyC – 2 domain name letters plus the initials of the phrase with a cap and symbol tossed in.
of course – something like Keepass means not having to remember passwords and can generate random ones LOL.
Mobile devices suck for typing in passwords…
They need one or more of the following:
* camera face detection
* retina scan
* audio recognition
* accelerometer patterns “shake the phone in a certain way”
* draw a picture with your finger
* rfid with matching one on a business card in your wallet
These actions would result in a unique string for the user – something secure like 32, 64, 128 or 256 random ascii characters.
The rfid option sounds good to me. Also I like the idea of sandboxing, accept obvious passwords, say, “password” or “1234″ which logs them into a sandbox “os” which looks like the real one but obviously doesn’t allow access to real data and shows a message like, “No credit” when they try to call someone. If they log into this account 3 times in a row then you are sent an email and given the option to remotely wipe your data/turn on gps tracking/etc.
Biometrics and RFID aren’t secure for this use case because they can’t be kept secret from untrusted devices. Mr. Evil can hand you his cellphone in a bar so you can see the text his girlfriend just sent him, and by the time you hand back the phone, he has your face signature and RFID data, which he can then use to empty your bank account. Actually, all you have to do is walk by him on the sidewalk.
Audio, accelerometer patterns, and finger drawings are better; but they of course must be quantized pretty crudely to yield the password per se. The more imprecise the quantization, the better the security, but the more often you will get false negatives due to having crossed over a quantization boundary.
Indeed it seems that an RFID is easy to hack, but still I think this technology could help to make logins safer I think. But I think you need to add more to it like for example the ability to activate and de-activate it. In other words use it like a car key. But I would not use this as a single login system, in combination with the usual login and password this could make stealing passwords remotely anyway a little more safe. I would not mind to use a “physical” key as an extra to login to a website or computer. Maybe a rotating code could also be build in in that case. I don’t know much about security, but I think that if the length or structure of a password is not good and safe enough anymore then other means of identification are needed …
A mobile phone in that case could have lot’s of features that could be used as an identification in a more secure way. Because isn’t that what all this is about ….
I’m trying to remember my password, “base wish occasionally himself”, but all I can think of is “correct horse battery staple”.
I’ll certainly remember the random phrase just generated: “how certainly nuts age”
I already use that type of password, without knowing it’s harder to brute force or not.
I think it’s best to use a sentence though, with caps and numbers.
A good and easy to remember password would be “Tonight @ 7PM” for example.
Love it! I just wish websites would stop limiting a password to 6, 8, and 12 characters while requiring numbers, caps, and punctuation. All of which are unnecessary.
I have a password system that works way better. Pattern-based passwords.
I have unique strong passwords for every site and application that are easy to remember and every single password is different.
Example:Take the first letter of the program or site and type it three times (lifehacker would be LLL); that’s the first three letters of every password. Pick a pattern like 1234!@#$qwer. (type it out, it is faster than typing a word of the same length and you don’t even have to look at the keys). So the password for lifehacker would be LLL1234!#@$qwer. The password for google would be GGG1234!@#$qwer. If someone figured out the system, they could possibly figure out your other passwords, but I highly doubt if someone figured out your lifehacker password was 1234!@#$qwerLLL , they’d be able to figure out your system. Additionally, most people use only 1 or 2 passwords for EVERYTHING. For very secure sites and programs, I add an additional letter on that isn’t used on any non-secure sites. This is immune to dictionary attacks, letter replacement, and stronger than any other password method that you can actually remember. Additionally, it is the strongest password possible because it contains uppercase, lowercase, numbers, and punctuation.
You presumably posted this as a troll, but I am going to answer as if you are serious for the sake of others reading this.
Those passwords are not strong; they merely fool simplistic password strength estimation code. Password strength is the number of guesses someone needs to guess your password, not a simple result of what characters you used.
If someone sees the pattern once, for example because they cracked a site you use and that site stored passwords in plaintext, they will instantly recognize it. Then, they can crack your account on all other sites in at most 26 tries each, but probably more like 10, trying the more common letters first. Once they try a couple of sites, they can probably crack your account on all other sites on the first try.
You are naive to think that dictionary-attack programs do not include keyboard combinations, or that they do not try appending letters and numbers to their dictionary words.
If you want a better word list, you can always use the ones that come with any linux distro
simply do :
shuf /usr/share/dict/words | head -n4
and you have your passphrase! You can substitute “words” for another dictionnary, I use “french”.
“words” has over 200000 words in it!
You should use:
shuf –random-source=/dev/urandom /usr/share/dict/words |head -n4
instead. Shuf’s internal random-number generator is only a pseudo-random number generator, probably using Unix time.
It costs nothing and is very much more secure.
This is why I use passphrases, not passwords. I’ll often use a whole sentence. They’re variable length, easy to remember and written properly, they automatically contain upper-case letters, punctuation and the occasional numeral. After the second or third time you’ve had to type it, you can usually type it quickly, as well. It sucks for passwords you have to type on smartphones, but with any luck, you can have your phone cache the password, and protect your phone with a combination of a remote-wipe tool and a relatively strong unlock mechanism.
I like this xkcd comic. And I like this generator too. Even though I won’t use this generator. LOL. I always think that a long easy-to-remember password is better than a cryptic hard-to-remember password.
http://en.wikipedia.org/wiki/Passphrase
Some sites/systems limit password length to 15 characters or force you to enter numbers, punctuation and varying case.
Hi,
memorable passwords are nice and a necessity but I don’t think it’s realistic for most people to remember more than 10 of these multi word passwords. It’s probably more like 5 even. So that means you have to either store your passwords or re-use them. Re-use is verboten so you’re left with storing them in something like keepass. At that point why not make your passwords completely random? The one reason is that it makes passwords hard to type in without copy/paste which is a drawback. But other than that I see no reason to keep track of 150 individually easy to remember strong passwords when I can keep track of 150 hard to remember but impossible to crack passwords.
Good discussion, thanks!
tbh i dont think that blog post was the idea behind that xkcd … just try and set a password with any bank and you run into the kind of BS that annoyed him. the very measures by which passwords are measured to be secure DRAMATICALLY reduces the number of potential passwords once you enforce them.
If you have use da keypad on a door ask yourself if you can have duplicate numbers … that also has a dramatic effect on number of combinations, if you enter 8 digits and 4 of them are currect in the right sequence will the door open? There are loads of really trivial and innane examples.
Of course you can reuse passwords, that is not the problem. If you ahv ea set of 5 passwords all of which are strong and a phrase and use them for different levels of security … Eg the one key password would only get used 2-3 times … then you have a basic website (i don’t care about) password that you use everywhere else and a few in-betweens. Boom your life is secure, easily remembered and manageable.
This example is only a 4 letter password with a 1949 character alphabet. It is trivially easy to crack.
1949^4 = 14,429,369,557,201. This means 43.7 bits.
At 1 million attempts per second it would take 167 days.
And I’ve never seen a brute-force attack last longer than 24 hours.
OMFG!! that cartoon strip has been blogged almost all the time.
Here’s a slightly more complicated password generator (in multiple languages): http://www.saigonist.com/b/correct-horse-battery-staple-better-passwords-vietnamese
The main problem I have with this whole discussion is this is all very good in theory, but my online back account is ‘protected’ by a password that can only be between 6 and 8 characters, and cannot contain non-alphanumeric.
So while this has been wonderfully educational in how to create a secure password, it doesn’t help one bit until those people that actually have to guard your data could give a shit!
The point Randall is highlighting is exactly the one you say: Through 20 years of effort, we [i.e. the people that actually have to guard your data] have successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.
i seen a method someone mentioned for making a strong site specific password it goes like this:
hash the site’s url+secret salt.
now on the outset this seems strong and good and all that, a hash of a hash is hard to crack with brute force no doubt. but it is only secure if no one knows you are doing it, if it becomes commonplace then people will make the crack for a hash of (the site+a salt) then they need only crack the salt, and im guessing the unique salt is not as strong as they would make a password were they not feeling so invulnerable.its good but only if no one else is doing it.
I would be really impressed with your javascript if you could draw a scene in XKCD style that includes the various words so it is easier to remember the password you generated.
The combination is not 1949 letter alphabet, since you can replace any of the words with your own choice. The pass phrase just generated for me was “lose safe time development”, I could use Acme instead of safe, thinking about the safes that Wile E Coyote drops on Road Runner. Also if you need an 8 character password, then remember the phrase but use the 1st 2 letters of each word, so loactide with a leet speak if you have to use a number, so l0act1de.
Interesting, but relatively pointless since virtually no authentication system allows non-mixed character types.
That’s what Randall is saying: Through 20 years of effort, we [i.e. virtually all authentication systems] have successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.
And does it matter? You can add whatever characters you need to placate your authentication system. Capitalize the last letter and add a number if you must. Or capitalize the beginning of one of the words. This is not difficult.
Rather than trying to understand how the Brute Force and Dictionary attacks work you could try cracking your own passwords with a visual interface. There used to a tool called Cain & Abel (worked with Windows XP, not sure if it’s been updated) which enables you to crack all Hashed passwords on your machine through Brute Force, Dictionary attacks and Rainbow tables. If you want to experiment, try it out with different password combinations
You could increase the total number of common words available to you by pulling the top few thousand words from http://corpus.byu.edu/. They have both US and British English datasets available, so you could even offer a US/British option in your program.
Now I’m beginning to think that “wacky” headlines might make for good, memorable passwords.
http://www.rawstory.com/rawreplay/2011/08/bull-semen-spill-closes-nashville-highway/
KeePass calculates bullsemenspillclosesnashvillehighway as having 97 bits of entropy.
Why not use a simple sentence? If you normally type following grammar rules, it’s fairly trivial to get all of the “required” bits of a password but still be simple to remember – like:
My dog is 4 years old.
Super easy to remember, really hard for a computer to guess.
You can even use this method to make specific passwords for websites:
I’m on Facebook way too much.
Wonder Woman is my favorite Amazon.
Gmail is better than Hotmail.
I started using MySpace 3 years ago.
These use more than 4 words, have a combination of Upper, Lower, Specials (and numbers) without being complicated.
I really like this generator, but having a unique password in that pattern for every site you visit is gonna be hard to remember.
For example, I have at least 35 accounts that I need to keep track of. Probably even more, so remembering the 4-word passwords for all these websites is almost impossible.
Yes, individually they are very easy to remember, but once you have 20, 50 or more of them, they are just as hard to remember as completely random passwords.
So, instead I use a password manager and randomly create passwords for every site with that program.
What these kinds of passwords are really good for, however, are the 2 or 3 passwords you do need to remember. For example, for me it’s:
Lastpass Master Password (for browser)
Keepass2 Master Password (for other applications)
PC password
Now, as several other people have pointed out, all these passwords are really just 4-letter passwords with a 1949-alphabet which is reasonably secure (at an estimate of 400000 guesses per second, it takes at most 417 days to crack with brute force), but if you use these kinds of passwords in a company, that might not be safe enough for you.
So, you can just change ‘em around a bit, like adding capital letters, numbers and special characters. If you don’t overdo it, it’s more secure and still easy to remember.
And before you correct me: Yes, I know that changing these things doesn’t make it any safer if they are just using letter-for-letter brute force, but if they know that it’s made up of four words from this list of 1949 words, they would also, for example, need to add all 1337-speak variants of the words and the words with the first letter being capital to the list. That would at least triple the word list and thusly at least triple the search space.
Also, I just got “chain house laid pet” which is amazingly easy to remember.
If you want to use capitals, don’t capitalise the first letter of the words. One option I’ve considered is to capitalise the same position in each word – eg, the second letter only. Another option would be to only capitialise S & H (for example).
In the end it is important to keep this in perspective though. Full brute force attacks against passwords are rare – it is easier for the baddy to simply try the easy passwords against a large number of accounts and pick up the ‘low hanging fruit’.
It’s like the old adage – if a bear is chasing you, you don’t need to be faster than the bear, you just need to be faster than someone else.
Here’s another, similar password generator: http://batterystaple.com
So I’ve just read an article from 2004 on passphrase (http://technet.microsoft.com/en-us/library/cc512613.aspx).
One interesting point is that if passphrase become common, a cracker could consider dictionary words as a character. That would reduce the entropy of the passphrase. Statistical attacks can also be considered, like a grammatically correct phrase (subject verb ..).
Thoughts or critics?
It is essential when using this approach to make the words as random as possible. A sentence is a bad idea.
The fact that multiple words strung together produces good passwords is well known in information theory. I was pointing this out to clients 10+ years ago. The only problem before was that systems that had limited password lengths didn’t accomodate this well – that problem is essentially gone. It is important that the words don’t make a parse-able sentence though.
If you ever want to extend this, please google for “Corncob dictionary”. Nice list of 50k or so most common words. 4 words from 5k most common words ~= entropy of 8 chars in base64.