> Your algorithm should always generate complex passwords. Try to include at least one number, one capital letter and one special character.
This is one of the big problems with an algorithm. You'll eventually come across a site that -- for whatever reason -- doesn't allow that particular special character (or has a length restriction, or something else that makes your algorithm break). Now what do you do?
I use a password manager and generate 30-ish character long passwords, and I still occasionally run into sites that tell me it's too long. No big deal, I just generate one at the max length they support, save it, and move on. It literally makes no difference to me, other than I scoff at the ineptitude of the people that built the site and have to click a couple more times to get a new shorter password.
> I use a password manager and generate 30-ish character long passwords
Do note that you don't need anything more than 22 random mixed-case letters & digits: 26 lower-case letters plus 26 upper-case letters plus ten digits is 62, and 62²² ≈ 2¹²⁸.
Completely agree re. the ineptitude of the developers of sites that try to limit one to less than that.
There are multiple word lists mentioned in that article, accompanied by an explanation of what types of words they include. Depending on your personal preferences, you might want to use a different list. That's why I linked the blog post and not the word lists directly.
Try to make a (short) story/idea connecting those random words. Stories, something with sense and meaning, are easier to remember. correct horse battery staple is the usual example about this.
It's funny, I just came back to HN and saw your comment. I have absolutely no idea what that password was and I'm sure I would have forgotten the short story. Maybe that story would work for one main password on a password manager, but I don't think it would work for me at least for more than one or two passwords.
Diceware encourages reuse of a single password on multiple sites. It's also much more time consuming than just clicking the "randomly generate password" button and having it spit out a 30 char password. That, and a randomly generated password of, say, 16 chars is much much more secure than a diceware generated password of 4 or 5 words, IIRC. And I'd still need a password manager, because reusing passwords on different sites / accounts is a big no-no.
I also find Diceware-style wordlists useful for those "security questions" that are really "backup passwords for use over the phone". Instead of "real" answers to "What's the maiden name of my third grade elementary school teacher?" I try to roll a passphrase, store it in key/value section of the password manager. The Diceware might give "weird" words, but they are all at least pronounceable/describable to a human on the other end of a phone, which still matters in some cases.
* Your password must be between 7 and 20 characters
* Your password must contain
* At least one number
* At least one upper-case letter
* At least one symbol from this list (!@#$%*)
* Your password must be changed every 30 days
The "must be changed every 30 days" always annoys me to no end.
A system I use not only has that requirement (along with a very insane set of requirements like "no patterns like 123 or ABC"), but they also NEVER let you reuse a password.
Which means they have a database of every password I've ever used on a machine somewhere, hashed or otherwise.
So the annoying workaround is to append year+month on the end of each password (which I was basically told to do when first setting up my account). So combined with a "maximum 10 characters" leaves 6 for my actual password...
> So the annoying workaround is to append year+month on the end of each password (which I was basically told to do when first setting up my account). So combined with a "maximum 10 characters" leaves 6 for my actual password...
Ah, but nowadays there are sites that won't let you set a new password "if it is too similar to previous passwords". In particular, the US military won't let you set a password that is similar to the last ten of your passwords. What constitutes "too similar"? It seems that your new password can't have more than a three-character substring from your old passwords.
If a website warns me about this, I immediately remove my account. Because if they can tell how similar my new password is to my old password, it means they store information about my password.
I do use a password manager however, so I don’t really notice.
And: "Must be four characters different than your last password" (this from a particular state's health insurance system). What does this mean? That four characters from the previous password must not appear in the new one at all, or only not in the same position? (fans of the little game Mastermind suffer deja-vu) What if the previous password contained all of the must have set of alternate symbols, then you've got a direct contradiction.
I can't think of a way to do that without actually storing the plain text password. If it is in fact plain text, the irony is that by enforcing such "strong" password requirements, they've actually made the overall system less secure.
Nah, that is only the character position sets to change, you also have to permutate the characters (which would be 2^(4*8) if we consider byte characters)
I was counting the number of hashes to store; im not sure why the size of each character would matter?
But now that Im writing it out, I was clearly wrong anyways
I thinking something along the lines of taking every substring of 4 characters, and then for all permutations of those 4-tuples, plug it back into the string hash and store. Assuming the goal is to not share any 4-substring with the new string
So I think
(N-4) + 1 gives you the number of 4-character windows
4! for the number of permutations of that 4-char window
So 4!*(n-3) total hashes
Which I guess is actually the same work you'd have to do anyways if you stored the plaintext; just without storing each variant
You can permutate all possible character positions for combinations of four changed characters, and for _each_ permutation permutate all four characters and then compare the hash, and if the hash is the same you do not accept the password (even though of course you could have false positives with hashes). It is of course much slower than the change of one character which is only 256 iterations if you mutate the underlying bytes and not Unicode characters.
Password change dialogs generally have entries for:
Previous Password:
New Password:
Confirm New Password:
They don't need to store the plaintext password, as you're giving the old password plaintext to them in the same dialog. Now, if such rules were against "any of your last 4 passwords" instead of just the last password, then that's much more difficult to do. (Obviously nobody is going to cooperate with a form requiring the person to submit their last 4 passwords as part of the password change dialog.)
Even worse - entering a password into a device without keyboard. Smart TVs, streaming sticks, consoles, etc. Extra fun when every input character is immediately masked.
Almost never. I do have it synchronized across a few devices, including my phone (which is PIN protected, plus my password manager has its own different PIN, and requires passphrase after a reboot).
For the couple passwords I have to enter on other devices (like Netflix) I often just create them by hand, and choose something easy to type on an on-screen keyboard, and then store it in my password manager. For example: "assdeeeerffghhhjuiop". If the keyboard is sorted alphabetically instead of QWERTY, I'll adapt to that.
I generally only have to type this in once or twice a year so it's not a huge deal.
How is measured the entropy of a password in https://xkcd.com/936/ is a good hint on why this could be dangerous. Passwords should be strong even if you know/deduce how they are generated, specially if the input data is something as generic as the site domain. Trying intuitive/easy to perform algorithms could be a different kind of "dictionary" attack. How complicated look a password from the point of view of a brute force attack is not the only factor that make them safe for any kind of automated attack.
Having a spreadsheet matching sites and algorithms may be another weak spot depending on how it is stored. Password managers usually keeps metadata about sites, not just the password, and it is stored encrypted.
Yes, a password algorithm is better than using the same password over and over, but a password manager is better still, and while initially less convenient it's eventually more convenient (since with a password algorithm one must rotate all passwords on the terms of the shortest-lived key, and one must use the intersection of all password rules — which may not even be possible).
For that reason, I think that a secure password manager (e.g. password-store, KeePass or Password Safe, not something like LastPass) is generally preferable.
Among other things, they apparently use webpage encryption (their technology page indicates that AES is implemented in JavaScript for their website), which means that they have the ability to target any user at any point in time.
Also, they're proprietary software. Password security is too important to entrust to proprietary software.
When talking about Password Managers (and security in general), I think it's important to keep your threat model in mind.
Is LastPass going to protect you against sophisticated State, or even potentially Corporate attackers? Maybe not. Will it protect you against random hacks and insecure sites better than just reusing the same password that you can remember? Yes.
I generally agree though that this is an area where open source software is preferable. I'm also really intrigued by the work Keybase is doing and hope that it might spur some interesting solutions for web auth as well.
>Is LastPass going to protect you against sophisticated State, or even potentially Corporate attackers? Maybe not. Will it protect you against random hacks and insecure sites better than just reusing the same password that you can remember? Yes.
but using keepass does protect you in the case that lastpass' servers get compromised into serving malicious javascript.
The author recommends using a password algorithm that you can mentally process and then storing the results in a password manager. If you're going to store them why not let the password manager generate the pass for you?
My guess is that the intent is that the passwords would be recoverable by you without the aid of a password manager, but that the relative convenience of a password manager still adds benefits (e.g. behaviourally: guiding you away from any potential tendency to opt for "simpler" passwords out of laziness)
I assume you're talking about OS logins or something. But lets be honest here, 99% of the passwords we use daily are for websites or web based services
I suppose I could reword "recoverable" to "usable in relatively rare situations where your normal password-manager-enabled workflow isn't conveniently available" - depending on how rare these situations are, resetting every single time could be quite an annoyance.
The author suggests storing in password managers optionally, "for reference". The point of using an algorithm to generate a password is that you only have to remember the algorithm and can always work out the password on a new computer.
I used to have a password algorithm then switched to 1Password and never looked back.
My problem of 4 years of algorithm use was that it would slowly change over time. I began to add mechanisms to predictably rotate the passwords. I began to add mechanisms that dealt with arcane dumb password requirements. Encountering a login from 3 years ago usually had me trying 3 different variants before getting it.
Furthermore, my algorithm still produces passwords that have considerably less entropy than a password generator will do for you.
The other advantage of password managers are for those damn security questions. I now routinely use 4-word diceware generated password as my security question answers and can store those in 1Password as well. The number of websites that let you bypass login with just a security question is mind blowing.
Man, not a day goes by where I dont feel relieved and ecstatic that I have 1Password.
Everytime I go to an obscure website I rarely visit and I have to log in, I hope it's in my 1password account, and when it is I feel so releived I dont have to worry about what my damn password is for that one site.
Obscure password requirements are what drove me to 1password.
This is the false sense of security through obscurity. Given the simple algorithm and without any entropy, it will be trivial to crack the password if the hacker has your multiple passwords. This is very possible since you are sticking to the same algorithm for every website but you don't know which website will just store the plain text of the password. One can easily link you among different websites with your username or email.
This is not necessarily true. Attackers with multiple sites' passwords can link users and look at their passwords. When they see some similarity of the passwords for the same user, it would take least effort for them to crack the password.
Even if it only applies to dedicated attackers, think about the consequence, once the attacker cracks your password, he knows your algorithm, all your passwords will be exposed.
And the point is the method is not more secure than using the same password for multiple sites.
Yes, it really is more secure than exact re-use. Attackers that just try the exact same password on multiple sites on first discovery will be thwarted by algorithmically derived passwords.
I'm not ruling out that there will be attackers that try to harvest passwords from multiple sites, join those sites by username or email, then try some ML to derive people's password algorithms. But there is a whole class of attackers that just won't bother with that level of sophistication.
If your algorithm is any good, you're already not the slowest person running from the bear (cf. easy passwords or exact-password-reuse).
Having less hackers or taking hackers a little more effort to crack the password do not make it more secure in any ways. This is security through obscurity. Do you think the hackers will stop like a bear when they crack the first password?
If password can be cracked, they are insecure, no matter it takes the hacker 10 minutes or 10 hours.
And it does not take ML to derive these simple algorithms at all. People may think their password algorithm is good, but it lacks the fundamentals of cryptography. It's really just a puzzle you play with the attacker.
3. With Yahoo leaking billions of accounts, and hundreds of other services leaking 10's of millions of accounts, your passwords are already out there.
4. Someone makes a John the Ripper/Hashcat plugin that searches password dumps for common usernames/email addresses and attempts to determine if the password is based on an algorithm.
5. With advances in NLP AI, this will just get easier in the future.
> Given the simple algorithm and without any entropy, it will be trivial to crack the password if the hacker has your multiple passwords.
If. Depends a lot on how easy that attacker can identify those accounts as belonging to one set. Easy when they all go to the same email, but deep in the realm of individually targeted attacks if there is a layer of redirection. It's a tradeoff, password managers come at the cost of making their users part of a very high value dragnet target. I guess the proper way to do it would be to augment managed passwords with a brain-based component. That, and stuffing the password manager with a few canary accounts on high-value sites that send out login notifications.
It would be pretty easy to identify accounts for same users. Most people use same email or username on most of their websites.
The point of password managers are to have true different password for different site and users don't need to remember it. For the inconvenience the author has, there are other secure ways to handle that, no need to sacrifice security for convenience. For example, to have a usb drive with portable password manager installed.
I don't think this is good advice. Password algorithms are security by obscurity, and only work as long as people don't figure out your "trick" to generating passwords that look random.
You should be able to publish your password algorithm without people being able to compromise your accounts. Here's mine:
Pick 20-30 characters from the set of alphanumerics and special characters. Adjust length and character set to match site requirements.
With the given example, if your password is leaked plaintext on two sites, someone can reduce their brute force space from 100^30 to [A-Z][a-z][A-Z]B1a3k#[0-9]{1,2}.3 or 26^3*10^2 which is roughly 100^3
(Choose the character set and length as you like. We like to use 32 characters picked from 16 lowercase letters. This is because it's a good balance of bit strength, fast typing for mobile devices, and full mappability to hexdecimal when we need it e.g. to prove exactly 2^128 bit strength or for compliance with HIPAA, FERPA, etc.)
I'm not sure why Password Algorithms are rising in popularity. We refute them every time they come up. They don't work. They work UNTIL one of your passwords gets compromised. Then you're stuck either rotating one of your passwords and remembering which one(s) have been rotated, or you're stuck rotating every one of them.
I wrote this page to be a guide to friends and family, but I feel like I end up linking to the refutation of PA's more than anything else:
> We refute them every time they come up. They don't work.
They "don't work" in theory, but in practice hardly anyone is individually targeted by attackers. 99.9% of compromised accounts are due to automated attacks churning through compromised databases looking for low hanging fruit. People who use algorithms are not low hanging fruit.
Regardless, I'd say there's a good chance your password will be compromised at some point, through no fault of your own. Hell, if you had a Yahoo account, you should have probably rotated it, what? Three times in the past year?
It's the forced rotation of passwords due to breaches that throw a wrench into the algorithm scheme. Even assuming no one ever actually figures out your leaked password because it was properly hashed and salted, if you as a good citizen are rotating your passwords with every breach, your Yahoo password should now be in its fourth iteration, while your other accounts may only be on your first or second. Trying to keep track of that, in practice, is unmaintainable.
Even worse than password rotations are site-specific password requirements. Every site has different requirements that require my algorithm to take different branches. To remedy this, I have a google doc that has a list of sites I use along with what their password rules are and how many times they've been compromised. The difference between this and a manager is that I don't care if that google doc file is compromised or not. It's all public information that is useless to an attacker. That public file is merely an input to the real manager in my brain and for common sites that I use a lot (google, amazon) I don't even need it.
Okay, so, having established that this is something you personally use, let me try being less combative in proclaiming it broken.
So I agree, in principle, that the idea of letting your document be public is a good one. Then it could work like public-key cryptography. Even still, my concerns would be the following:
1. You are still guarding the "secret" of how you generate those passwords. That cannot be known, or your security breaks down. Is your algorithm sufficiently resilient to reverse-engineering that it won't be obvious to an attacker who sees a password that is compromised during a breach? If so, great! Personally, I can't see myself coming up with a one-way hash in my head that would not be trivial for someone else to figure out. I don't think the average person can, either.
2. You mentioned non-uniform password complexity requirements, which means that your algorithm (or algorithms) need to be able to accommodate that. I, again, feel like that would be very difficult to juggle. You're now remembering not just one algorithm, but several, and possibly several variants within.
3. Based on what you have to track just to know what algorithm to use, it sounds like your spreadsheet already has four or five columns: the site, the username, the password rules (which I assume is the "hint" that you use to tell you to use Algorithm A/B/C or Algorithm A var. 2, etc.), and the number of times compromised. At that point, I don't feel like the convenience of a "secret-free" document that doesn't need to be kept hidden outweighs the mental effort required to maintain the sheet and keep all processing within one's brain.
4. Your algorithm may be tweaked for the "max" the site will allow, but I imagine most people's are tweaked only to the minimum. What is nice about the password manager is that since I don't have to remember it, I can make the password arbitrary long. If the site allows your passwords to be up to 50 characters, I make it 50 characters. Always. I could never do that if I were forced to memorize it (unless it were a password phrase with some vowel-to-number/special char substitutions, but crackers have shown that rainbow tables already account for those).
It may well work for you. I just don't think it's a good idea for the average person.
The problem is passwords, so long as we have passwords we are going to keep talking about password algorithms, password managers, password strength, password requirements, lost passwords, stolen passwords, phished passwords, forgotten passwords, expired passwords and all that crap.
My startup is working on killing the password. What if we don't need passwords EVER? No need to argue about algorithm, strength, reset, lost, stolen, forgotten and expired passwords.
This is the problem I'm currently working on. Oh yeah, I did apply to YC and got rejected. Anyways, I'm in the early stages but plan to be shipping within the next 4 months. If anyone is interested in beta testing when I reach that stage please ping me.
I have a feeling it is nothing ground breaking. I bet they are just using biometrics to replace the password so it's something like "Two factors: fingerprint + authenticator app code"
In modern times (read: every site leaks its database all over the place), you really need a different password per service. XKCD approach isn't going to help, since you'll never be able to remember the password to a site you haven't used in 4 months. You still need a password manager, so you might as well let it generate strong passwords for you. XKCD passwords aren't as strong as you'd think.
Experts don't care about usability or convenience, only security. I use password algorithms because managers are so darn inconvenient. Especially when I need to type my password into an Xbox, for example, or on my wife's computer real quick.
I believe my algorithm is strong enough that it puts me completely out of reach against automated attacks. If one password is compromised to plaintext, will an attacker even recognize it was generated by an algorithm? Unlikely. If two of my passwords are compromised to plaintext somehow will a determined attacker specifically targeting me be able to recognize and determine my algorithm? Possibly yes. But in my mind, the risk of being individually targettedand having two different passwords compromised to plaintext is not high enough to outweigh the convenience factor of password algorithms.
If you're going to use an algorithm (which seems like a bad idea), wouldn't it be safer to keep a large secret key and then hmac or hash(key + service name) as your password?
At that point just use a manager. The point of an algorithm is that you can generate it using only your brain. Your brain can't easily calculate hashing digests.
I don't think this is good advice. An algorithm like this could easily be reverse engineered if someone had more than one. Considering how many places have password breaches it's not that inconceivable someone would get a hold of two of your passwords. The entropy is awful and there are 0 cryptographically secure psuedo random numbers being used.
You need to be specifically targeted though. People rarely are. Most compromised accounts are discovered using automated scripts and credential stuffing (taking a compromised password and trying it on other websites).
If you are being specifically targeted to that extent, a password manager may not be as helpful as you think .. and you probably have much bigger problems to worry about.
I try to think about whether the account is sensitive. I use long random passwords and 2FA for the very few really important accounts. Especially mail and social accounts since those are used to recover other passwords.
For all those 90% of places where the data protected by the password isn't valuable, I just use a crap password. Usually the same password everywhere suffix with with something from the domain or whatever.
All those forums I needed to register just to use the search, or the mandatory registration to download a software trial.
Same with all those passwords that I need to enter on a TV remote or console controller: I just use a crap (short lowercase) pass and hope for the best. I don't consider the account worth protecting so long as I can reset the password with my (well protected) email account.
I must have 100+ accounts registered but maybe 4 that I really would worth about being stolen.
I use a password manager, and generate passwords using the xkcd aproach[0] (only more words), which so have like 50-70 characters total. Easy to type in if I happen to use a retarded app which doesn't let me paste or something like a game console, but secure enough for me. On retarded sites which restrict passwords to length or characters or need some characters, I need a minute or two to modify the generated one (and maybe can't login after registering, as the max length on register is longer than on login).
If this simple modification which I have to do one time costs me a minute, how many years of my life will it take to go through some algorithm, and this every single time I log in?
Besides any security considerations, its just too much of a hassle for me to use some password algorithm technique.
You can use ANPM, a web-based password generator algorithm. Just enter a platform name, a master key and a PIN and boum you obtain a brand new secure password.
It occured to me last night that password strength is a predatory system similar to capitalism.
My bank recently reduced it's max password length from 20 characters to 15, so in an E-mail I was writing to the CEO demanding they fix it, I was recommending improvements and I realize that an 18 character password SHOULD be minimum, however...
If an 18 character password is minimum that actually reduces the length of brute force attacks. If the minimum length is 8 characters and the maximum something ridiculous like 64, then people with 32-64 characters will have the strongest passwords.
However, this relies on the assumption that lots of people will be using weak passwords, the brute forcers are going to target and exploit those people first. The number of possible permutations are increased by allowing weaker passwords, but that isn't enough. If everyone uses 18 char or greater passwords then brute forcers will start their searches at 18 characters so it would matter if 8 characters are allowed.
Just some food for thought, and reason to encourage the use of stronger passwords than the recommended 180 bits. If the system supports 64 characters, might as well use 64 characters. And if it doesn't support 64 characters, fix it.
With an alphabet size of A, the number of passwords with N characters is equal to A-1 times the number of passwords with fewer than N characters, plus 1.
This means that if you allow at least uppercase and lowercase letters in the password, setting a minimum decreases the search space by less than 2%, assuming the minimum equals the maximum.
If we even increase the maximum a tiny bit above the minimum, this decreases exponentially. Allowing a length of 8-20 instead of 18-20 only increases the search space by 0.0007%.
So you have to ask yourself whether that tiny fraction of a percent more security for you against brute force attackers (which a proper password of that length is already secure enough against) is really worth having your money in a bank with easy to hack accounts. As a customer, part of the cost of all those hacked accounts is going to find its way to you eventually.
113 comments
[ 4.4 ms ] story [ 164 ms ] threadThis is one of the big problems with an algorithm. You'll eventually come across a site that -- for whatever reason -- doesn't allow that particular special character (or has a length restriction, or something else that makes your algorithm break). Now what do you do?
I use a password manager and generate 30-ish character long passwords, and I still occasionally run into sites that tell me it's too long. No big deal, I just generate one at the max length they support, save it, and move on. It literally makes no difference to me, other than I scoff at the ineptitude of the people that built the site and have to click a couple more times to get a new shorter password.
Do note that you don't need anything more than 22 random mixed-case letters & digits: 26 lower-case letters plus 26 upper-case letters plus ten digits is 62, and 62²² ≈ 2¹²⁸.
Completely agree re. the ineptitude of the developers of sites that try to limit one to less than that.
Here's a direct link: https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt
It is awful for actual third-party passwords.
- password must be between 7 and 8 characters long
- has to include one number
- has to include one of the following: $#!*, no other special characters are allowed
It was so horrendously bad it's not even funny.
The NHS online booking system my GP uses has rules like this. Pretty much guaranteed to prevent old people from being able to login.
How do you enter a fractional character?
A system I use not only has that requirement (along with a very insane set of requirements like "no patterns like 123 or ABC"), but they also NEVER let you reuse a password.
Which means they have a database of every password I've ever used on a machine somewhere, hashed or otherwise.
So the annoying workaround is to append year+month on the end of each password (which I was basically told to do when first setting up my account). So combined with a "maximum 10 characters" leaves 6 for my actual password...
Or do <password>, <password>1, <password>2, ...
(╯°□°)╯︵ ┻━┻
I don't know how people who don't use password managers are able to deal with this kind of crap at all.
I do use a password manager however, so I don’t really notice.
I don't think so... So are your old passwords stored in plain text somewhere so they can compare ?
Scary...
Yes, maybe: https://en.wikipedia.org/wiki/Locality-preserving_hashing
> So are your old passwords stored in plain text somewhere so they can compare?
You betcha!
Or did I misunderstand you?
But now that Im writing it out, I was clearly wrong anyways
I thinking something along the lines of taking every substring of 4 characters, and then for all permutations of those 4-tuples, plug it back into the string hash and store. Assuming the goal is to not share any 4-substring with the new string
So I think (N-4) + 1 gives you the number of 4-character windows
4! for the number of permutations of that 4-char window
So 4!*(n-3) total hashes
Which I guess is actually the same work you'd have to do anyways if you stored the plaintext; just without storing each variant
But I would guess they use plain text :-(
Algorithms have their downside, sure, but for someone like me who is often working on other computers that aren't mine, managers are a non starter.
You can even use something like InputStick to auto-type the password into the other computer if you'd rather not do it manually.
I would recommend you to use any password, but rotate the credentials every time you enter them in one of these.
Copying over a really long generated password is much harder than an algo you can perform in your head.
For the couple passwords I have to enter on other devices (like Netflix) I often just create them by hand, and choose something easy to type on an on-screen keyboard, and then store it in my password manager. For example: "assdeeeerffghhhjuiop". If the keyboard is sorted alphabetically instead of QWERTY, I'll adapt to that.
I generally only have to type this in once or twice a year so it's not a huge deal.
It's free, fast and secure. Try ANPM:
https://teddybear06.github.io/ANPM/
Of course passwords would be case sensitive, why wouldn't they be?
Apparently everyone thinks I'm a fuckin' retard over that of a typo.
Great audience. 10/10, would post again.
Having a spreadsheet matching sites and algorithms may be another weak spot depending on how it is stored. Password managers usually keeps metadata about sites, not just the password, and it is stored encrypted.
For that reason, I think that a secure password manager (e.g. password-store, KeePass or Password Safe, not something like LastPass) is generally preferable.
Why? Friends have found LastPass to be pretty reliable and user friendly so far.
Also, they're proprietary software. Password security is too important to entrust to proprietary software.
Is LastPass going to protect you against sophisticated State, or even potentially Corporate attackers? Maybe not. Will it protect you against random hacks and insecure sites better than just reusing the same password that you can remember? Yes.
I generally agree though that this is an area where open source software is preferable. I'm also really intrigued by the work Keybase is doing and hope that it might spur some interesting solutions for web auth as well.
but using keepass does protect you in the case that lastpass' servers get compromised into serving malicious javascript.
Just click "Forgot password"?
My problem of 4 years of algorithm use was that it would slowly change over time. I began to add mechanisms to predictably rotate the passwords. I began to add mechanisms that dealt with arcane dumb password requirements. Encountering a login from 3 years ago usually had me trying 3 different variants before getting it.
Furthermore, my algorithm still produces passwords that have considerably less entropy than a password generator will do for you.
The other advantage of password managers are for those damn security questions. I now routinely use 4-word diceware generated password as my security question answers and can store those in 1Password as well. The number of websites that let you bypass login with just a security question is mind blowing.
Everytime I go to an obscure website I rarely visit and I have to log in, I hope it's in my 1password account, and when it is I feel so releived I dont have to worry about what my damn password is for that one site.
Obscure password requirements are what drove me to 1password.
1. They have to have multiple passwords to have a chance to derive the algorithm.
2. They also need to somehow think it's worth their time to reverse the algorithm instead of just going with lower-hanging fruit.
Even if it only applies to dedicated attackers, think about the consequence, once the attacker cracks your password, he knows your algorithm, all your passwords will be exposed.
And the point is the method is not more secure than using the same password for multiple sites.
I'm not ruling out that there will be attackers that try to harvest passwords from multiple sites, join those sites by username or email, then try some ML to derive people's password algorithms. But there is a whole class of attackers that just won't bother with that level of sophistication.
If your algorithm is any good, you're already not the slowest person running from the bear (cf. easy passwords or exact-password-reuse).
If password can be cracked, they are insecure, no matter it takes the hacker 10 minutes or 10 hours.
And it does not take ML to derive these simple algorithms at all. People may think their password algorithm is good, but it lacks the fundamentals of cryptography. It's really just a puzzle you play with the attacker.
4. Someone makes a John the Ripper/Hashcat plugin that searches password dumps for common usernames/email addresses and attempts to determine if the password is based on an algorithm.
5. With advances in NLP AI, this will just get easier in the future.
How is it going to do that? Especially since every website has different length and character requirements?
If. Depends a lot on how easy that attacker can identify those accounts as belonging to one set. Easy when they all go to the same email, but deep in the realm of individually targeted attacks if there is a layer of redirection. It's a tradeoff, password managers come at the cost of making their users part of a very high value dragnet target. I guess the proper way to do it would be to augment managed passwords with a brain-based component. That, and stuffing the password manager with a few canary accounts on high-value sites that send out login notifications.
The point of password managers are to have true different password for different site and users don't need to remember it. For the inconvenience the author has, there are other secure ways to handle that, no need to sacrifice security for convenience. For example, to have a usb drive with portable password manager installed.
You should be able to publish your password algorithm without people being able to compromise your accounts. Here's mine:
Pick 20-30 characters from the set of alphanumerics and special characters. Adjust length and character set to match site requirements.
With the given example, if your password is leaked plaintext on two sites, someone can reduce their brute force space from 100^30 to [A-Z][a-z][A-Z]B1a3k#[0-9]{1,2}.3 or 26^3*10^2 which is roughly 100^3
If you like terminal commands, here's one way:
LC_ALL=C < /dev/urandom tr -dc "abcdefghijklmnop" | head -c32 && echo
(Choose the character set and length as you like. We like to use 32 characters picked from 16 lowercase letters. This is because it's a good balance of bit strength, fast typing for mobile devices, and full mappability to hexdecimal when we need it e.g. to prove exactly 2^128 bit strength or for compliance with HIPAA, FERPA, etc.)
I wrote this page to be a guide to friends and family, but I feel like I end up linking to the refutation of PA's more than anything else:
http://nothingofvalue.org/password_manager.html#no_storage
They "don't work" in theory, but in practice hardly anyone is individually targeted by attackers. 99.9% of compromised accounts are due to automated attacks churning through compromised databases looking for low hanging fruit. People who use algorithms are not low hanging fruit.
It's the forced rotation of passwords due to breaches that throw a wrench into the algorithm scheme. Even assuming no one ever actually figures out your leaked password because it was properly hashed and salted, if you as a good citizen are rotating your passwords with every breach, your Yahoo password should now be in its fourth iteration, while your other accounts may only be on your first or second. Trying to keep track of that, in practice, is unmaintainable.
So I agree, in principle, that the idea of letting your document be public is a good one. Then it could work like public-key cryptography. Even still, my concerns would be the following:
It may well work for you. I just don't think it's a good idea for the average person.My startup is working on killing the password. What if we don't need passwords EVER? No need to argue about algorithm, strength, reset, lost, stolen, forgotten and expired passwords.
This is the problem I'm currently working on. Oh yeah, I did apply to YC and got rejected. Anyways, I'm in the early stages but plan to be shipping within the next 4 months. If anyone is interested in beta testing when I reach that stage please ping me.
Good luck with legacy systems. Bad passwords will be around forever because of ancient software.
Oh, and
https://xkcd.com/927/
1: https://xkcd.com/936/
Okay.
I believe my algorithm is strong enough that it puts me completely out of reach against automated attacks. If one password is compromised to plaintext, will an attacker even recognize it was generated by an algorithm? Unlikely. If two of my passwords are compromised to plaintext somehow will a determined attacker specifically targeting me be able to recognize and determine my algorithm? Possibly yes. But in my mind, the risk of being individually targetted and having two different passwords compromised to plaintext is not high enough to outweigh the convenience factor of password algorithms.
But if the goal was for it to be universal enough to work anywhere without the password manager installed then these crypto primitives would work.
You'd still be relying on the strength of those primitives and your secret key so it's not nearly as secure as randomly generated password.
So, yeah, use a password manager.
Yahoo, Disqus, Experian, Tumblr, Adobe, LinkedIn, Dropbox, MySpace, Avast, DaniWeb, YouPorn, Trillian, Brazzers, Unreal Engine, PlayStation Network, Warframe, etc, etc, etc.
Here's a list of even more sites that have had passwords stolen: https://haveibeenpwned.com/PwnedWebsites
If you are being specifically targeted to that extent, a password manager may not be as helpful as you think .. and you probably have much bigger problems to worry about.
For all those 90% of places where the data protected by the password isn't valuable, I just use a crap password. Usually the same password everywhere suffix with with something from the domain or whatever.
All those forums I needed to register just to use the search, or the mandatory registration to download a software trial.
Same with all those passwords that I need to enter on a TV remote or console controller: I just use a crap (short lowercase) pass and hope for the best. I don't consider the account worth protecting so long as I can reset the password with my (well protected) email account.
I must have 100+ accounts registered but maybe 4 that I really would worth about being stolen.
If this simple modification which I have to do one time costs me a minute, how many years of my life will it take to go through some algorithm, and this every single time I log in?
Besides any security considerations, its just too much of a hassle for me to use some password algorithm technique.
[0]: https://xkcd.com/936/
It's free and you won't loose a minute again :-)
https://teddybear06.github.io/ANPM/
Unless the sites password policy won’t accept it..
My bank recently reduced it's max password length from 20 characters to 15, so in an E-mail I was writing to the CEO demanding they fix it, I was recommending improvements and I realize that an 18 character password SHOULD be minimum, however...
If an 18 character password is minimum that actually reduces the length of brute force attacks. If the minimum length is 8 characters and the maximum something ridiculous like 64, then people with 32-64 characters will have the strongest passwords.
However, this relies on the assumption that lots of people will be using weak passwords, the brute forcers are going to target and exploit those people first. The number of possible permutations are increased by allowing weaker passwords, but that isn't enough. If everyone uses 18 char or greater passwords then brute forcers will start their searches at 18 characters so it would matter if 8 characters are allowed.
Just some food for thought, and reason to encourage the use of stronger passwords than the recommended 180 bits. If the system supports 64 characters, might as well use 64 characters. And if it doesn't support 64 characters, fix it.
This means that if you allow at least uppercase and lowercase letters in the password, setting a minimum decreases the search space by less than 2%, assuming the minimum equals the maximum.
If we even increase the maximum a tiny bit above the minimum, this decreases exponentially. Allowing a length of 8-20 instead of 18-20 only increases the search space by 0.0007%.
So you have to ask yourself whether that tiny fraction of a percent more security for you against brute force attackers (which a proper password of that length is already secure enough against) is really worth having your money in a bank with easy to hack accounts. As a customer, part of the cost of all those hacked accounts is going to find its way to you eventually.