75 comments

[ 4.0 ms ] story [ 29.5 ms ] thread
It wasn't a very good idea in 2015, and it still isn't a good idea today. It may not be "least terrible" when you have 20 - 50 passwords or so, but I'm at 5000+, and wherever possible, my logins are also random strings.
I agree it doesn't scale, but holy cow, 5000+! That is a lot!!
I've never been a fan of password managers, but I've found a much better way than paper:

1. Create a complex password to re-use everywhere. Memorize it and don't write it down.

2. Create individual simple passwords when you need one. Write them down

3. Create a method to combine the complex password and the simple password. Memorize it and don't write it down.

I figure there are two main attack vectors: online and offline. Online attack vectors are either a dictionary attack, which requirement 1 solves with a complex password, or using hacked passwords in one site to gain access to other sites, which requirement 2 solves with different passwords for each site. Offline attack vectors are someone discovering your written passwords, which requirements 1 and 3 solve by memorizing pieces of it.

The only weakness to this scheme is if someone is A. deliberately targeting you as opposed to a mass attack, and B. gains access to two or more of your passwords, allowing them to figure out your password system.

Not gonna argue the merits of your approach, but the use of "online" and "offline" attacks have meanings in this context that don't seem to match up with how you're using them: https://crypto.stackexchange.com/questions/25715/what-is-the...

A dictionary approach is something I'd normally associate with offline attacks since online requires you go through the active system which should hopefully have some sort of rate-limits to prevent that. Offline attacks can be more brute-force and don't necessarily require pre-existing knowledge.

Oh I wasn't thinking of that kind of terminology, thanks for pointing that out. I was using online as someone who is at a distance and can only try social engineering, brute forcing, and looking for re-used passwords (much more common, especially with Russian hackers), whereas offline is someone who would have access to local areas and could find a password book (much rarer but still happens).
> 3. Create a method to combine the complex password and the simple password.

So what happens when a site / service limits the length? Do you truncate your complex password? And what about cases where only a certain subset of characters is accepted? Do you now need to memorize multiple variations of the complex password?

I used to do something similar to your proposed method, but the number of exceptional cases and work simply made if not worth the effort compared to a real password manager.

I found the same problem. I found too many places where passwords change far too often and are forced to be far too unique for a standard template to be replicable. Even something like HNspring2018 for my HN password, if I had to change it and did HNfall2018 I've seen sites kick it back saying it's not unique enough, or I can't use the date or year. Many won't let you use full dictionary words, even when paired with more complex stuff.

My work password needs to be changed every 60 days, must be longer than 16 characters, can't repeat three characters in a row over two password iterations, and passwords have to be unique for two years before you can repeat them. I write that password down on paper every time.

I hope we've reached peak ridiculousness when it comes to passwords and this is as bad as it gets before something better comes along.

Having a complex password that I use for everything allows it to be nonsensical. Mine is actually based off of a phrase (an idea inspired by XKCD) but the words have some dropped characters and it includes a name (so instead of correcthorsebatterystaple, think crrctChampbttrystple). I avoid making the simple password actual words as well, but it's simple enough that if I want to use the password at work but store it at home, I can memorize it easily for a day.

I agree that we've hit peak ridiculousness though.

That's completely insane requirements. I don't get how anyone could remember any password like that.
How often are you running into length-limited password fields these days? I usually take it an organization is not attentive to or is outright uninterested in security, and either I shouldn't use their service (if it's optional), or I should publicly shame them.
Passwords with character restrictions are still pretty common, AFAICT. Yahoo, for instance.
Off the top of my head:

- PayPal

- Rent payment portal

- University account

- Target

(etc...)

Office365 maxes out at sixteen characters.
I haven't hit a length issue, it's not super long though. If I need to do a variation, I write it down with the simple password. The main two variations are that it requires a number (which I don't have in the complex password), so I just add a number to the simple password, or that it can't use special symbols (which I do have in the complex password), so I use the corresponding number (for example 1 instead of !) and write down that I used a number instead of a symbol.
>So what happens when a site / service limits the length? Do you truncate your complex password? And what about cases where only a certain subset of characters is accepted? Do you now need to memorize multiple variations of the complex password?

For that I just keep a Google doc with site password restrictions and other public information mostly useless to a cracker. My password has rules for adapting to said site restrictions so I just lookup the site in Google docs and adapt my password accordingly

It obviously depends on your threat model. If you don't have any accounts with too sensitive information and you can stash the paper somewhere reasonably safe, then sure. My big issues with this are:

1) People suck at making their own passwords and this encourages bad passwords and password reuse. 2) The article admits that paper alone isn't good enough, but suggests that having "four password storage methods" is the optimal solution. That seems... unwieldy. Storing the most important (banking info, email) passwords in your head is a recipe for password reuse or getting locked out of your account.

Threat modeling is the most important part of this discussion, but will fall by the wayside in this discussion as well. Normal folks are really bad at risk analysis. I personally use a paper storage system and diceware ( http://world.std.com/~reinhold/diceware.html ) - because, at the end of the day - low tech is the best tech.

<edit> - also am a CISSP

Interesting suggestion that a pad of paper is just as safe as your house. Problem is, much like corporate security, when it comes to passwords I actually figure that the biggest threat comes from the very people who already either live in my house or have relatively easy access to it.
Paper is an awful medium for password management, for a host of reasons:

1. It's vulnerable to phishing. The vast majority of sites still do not support U2F or similar, and typing in a password from paper means that a human is validating the domain, not a machine.

2. It's not encrypted at rest. This means that leaving your wallet somewhere means all your passwords have been exposed. It also means in many legal cases (IANAL, US law, etc) the contents of that paper are a key to all the other encryption you might have. In particular, courts have held that the fifth amendment protects a defendant from being compelled to reveal passwords in many circumstances.

3. It's difficult to keep in sync with new registrations, logins, and password changes - given the widespread use of mobile phones, it means that you are likely to take that piece of paper with you, compounding the risks in #2

5. Paper isn't durable. Spill a drink on it and everything is basically gone.

6. Paper isn't generally structured to obscure passwords - open your browser's password manager, and you'll see for each password unless you click to reveal it. With paper, you are much more vulnerable to shoulder surfing.

Edit:

7. Any decent password manager will volunteer to generate passwords for you - if you're doing this on paper, it's much more likely that you'll try to come up with a password yourself, resulting in weaker passwords.

"5. Paper isn't durable. Spill a drink on it and everything is basically gone."

Paper is more durable than any digital storage which all suffer from rot. They also rot faster than advertised. My documents stored in water- and fire-resistant containers will be readable even when my HD or discs fail. Just like the old books I find at thrift stores that were already older than some corrupted media I had.

Why wouldn't you create encrypted backups of your password manager stuff, or use a password manager than does this inherently by design (e.g. password-store/pass)?
I have digital and paper backups. Having lost 3 HD's in a month, Im about to add another online service to mix with durability protections.
May I suggest not subjecting your drives to water, fire, concussion, or whatever it is you are currently doing?
Paper is certainly not more durable than digital storage. It may last longer at rest, but a disk under constant usage will outlast paper under constant usage any day.

Durable means able to resist wear. Lasting means persisting over an extended period of time. Paper, when stored properly, is long-lasting. It is not durable.

A poster on a wall could last for decades to centuries of use after a HDD in constant use has died. So, really HDD win in a subset of cases and lose in others.
Is a poster on a wall considered "paper in constant use"? After all, that disk has been constantly, unceasingly physically manipulated for years, while the paper has just been merely subjected to light and a small amount of air movement. A poster on the wall is as much "in use" as a disk that is plugged in but not mounted.

Sticking with the original subject, write your password to your computer disk and write it to a piece of paper. Now change your password on your computer disk while changing it on the paper as well. Now change it again. And again. And again. See what is more durable, the disk being constantly erased and written over, or the paper being constantly erased and written over? A modern SSD can handle tens of petabytes being written before it dies. Can a piece of paper?

(comment deleted)
But that isn't at all relevant to the use case at hand. Using paper storage just means you can access and read the content of the paper.
So you just never change your passwords?
You don't require your password-storage disk to be under constant use. Just like how you'd take out a piece of paper only when you need to use it, you could have a flash drive with no mechanical parts storing your passwords.
My paper notes are encrypted. My encryption method is called ‘my handwriting.’ It is indecipherable. Sometimes even to me.

I would never use a browser’s password manager.

I literally laughed out loud reading this. Just wanted to convey my thanks.

Edit: In a good way, I mean.

> My encryption method is called ‘my handwriting.’

B-but that's basically just a substitution cypher!

I'd use an air gapped device to replace paper.
If your concern is third-party reliability but you'd still like a password manager, I'd say your best bet would be pass + git. pass uses gpg to encrypt each password separately in a file structure, and works very well with any sort of git repository making it accessible across devices. Depending on how you set it up it can be 100% in your control with minimal configuration (in my case though I've been lazy and just hooked it up to a private GitHub repository).
1+ for pass. It does one thing and does it well. Zero bloat. I use a simple emacs helm plugin to quickly copy the password to clipboard. Very happy with this setup.
How do you sync to mobile browsers with pass + git?
I don't, sorry. My previous password manager, while it did have a mobile app, was painful to use so I don't miss that too much. For my most important stuff I use rememberable passwords.
My personal method is passphrase + first three characters of domain + number + !

Eg foobarYCO2018!

Easy to remember, unique and doesn't rely on third-party services.

And derivable.
This was my method until widespread and non-terrible password managers. The fact is that once you're dealing with an adversary who is sufficiently motivated to capture passwords from you and derive the algorithm, you've already lost.

Sure, it's a form of security through obscurity, but aren't we essentially relying on our computer systems' flaws remaining obscured to not get hacked?

Because you're not special, and you're not smart either. Your adversary already knows your password derivation scheme, and are already checking for it during the brute-force step, because you're not the first one to come up with it.

Browser and operating system vendors aren't especially smart either, but at least it's thousands of white hats vs thousands of black hats, instead of thousands of black hats vs just you.

It's not good to reveal your scheme, or for your scheme to be so simple. If a HN database ends up in the open, your accounts on other sites become vulnerable.
Ideally your passphrase would be secure enough that it couldn't be bruteforced from a (hashed) HN database. But in case a non-hashed database gets leaked, what sort of scheme could one use that couldn't be revealed from a single known password? I suppose one could use a system like

  bcrypt(passphrase + "domain.com")[:32]
But anything requiring a calculation step seems to lose a lot of the advantages of a single-passphrase system.
Password managers seem to have the essential flaw of using the clipboard.

What prevents a random npm/rubygems/... dependency from running `pbcopy` every second, storing interesting-looking results and relaying them to some server once in a while?

This assumes the machine is already pwned - at which point why wouldn't they just use a keylogger? In that case, typing the password in without the use of a password manager instead of copy/pasting from a password manager wouldn't be any more secure.
It's reasonably easy (or at least feasible) to sneak runnable code as an indirect dependency of a development project (node.js, rails, etc), or of a Homebrew formula. No pwning needed - at least as commonly conceived.

Presumably, running `pbcopy` is easier and less detectable than writing a keylogger?

This suggests a related question. There's no inherent reason why programs other than your desktop shell and the current focused window (for window based DEs) need to have access to keyboard input. In practice, how good are existing DEs at controlling this access? I know, for example, that the slow move from X to Wayland has removed some of the methods a program might use to access inputs or the clipboard.
If your machine is compromised you already lost. They can just run a keylogger or read memory out of your browser process.
the essential flaw of using the clipboard

This isn't essential to the operation of a password manager and sensible password managers don't do this.

What's a correct workflow then? (I genuinely don't know)

Say a password manager wants to let me know that my password for Gmail is d78658b8f207c4256370d3e018e0f3d544607849aa5f6bd8, what should it do then?

It seems to me, either the manager or me will copy that value to the clipboard somehow.

A decent password manager has browser integration through browser extensions and fills in passwords for you. Current versions of Safari and Chrome have built-in password managers.
Wasn't fully aware of this.

I think most 'hacker-friendly' password managers (like password-store), that are unix-y, can be persisted to git, don't depend on megacorps, etc lack these capabilities?

i.e. very few password managers might count as 'decent'.

As a last note, a browser extension that doesn't come from Google or Apple shouldn't be trusted. I have zero extensions (other than uBlock), since they essentially have arbitary read/write capabilites into one's digital life.

What's really missing is a OS-level widget that acts as a secure clipboard. Similar to how one inserts emojis in macOS.

i.e. very few password managers might count as 'decent'.

I think this is true - this is really core browser functionality and all password managers are fundamentally hacks. A tiny number of these hacks are non-awful. 'hacker-friendly' password management is a bit like 'hacker-friendly' dentistry - useful to a tiny minority of exceptionally adventurous people.

The safest, sanest thing you can do is use the browser-provided password manager and the browser- or OS- provided sync. Both Safari's and Chrome's use end-to-end encryption (you have to turn it on in Chrome but it's there). The benefits of this far outweigh the downsides, to the point where I actually think the typical recommendation for 1Password is a bit outdated and counter-productive. Browser and platform vendors should obviate the need for this entire class of software and they seem to be moving in that direction.

I use PassFF which does Firefox integration for pass (and thus you get all the usual pass features, git integration, etcetera).

I have no idea why you feel proprietary goop from Apple is trustworthy while code I can read for myself is not.

Personally I have auto-fill configured. Since I fixed (in my copy and since the PR was accepted eventually everyone's) the lack of any suffix matching beyond TLDs I feel auto-fill security implications are tolerable, I'm sure views vary. But I definitely couldn't put up with manual copy & paste.

Password management has gotten completely out of hand. My dad, who is in his 60s but is pretty technologically savvy, has resorted to a master paper list of all his passwords (almost two dozen).

The situation has gotten worse in recent years. First, the unjustified worry about shoulder surfing means that password entry widgets make it impossible to figure out if you’ve entered the password correctly, especially on mobile where typing errors are common. Worse, some don’t even have a “show what I’m typing” mode. Second, many sites totally confuse the password managers in Chrome/Safari because they get fancy with having separate pages for username and password.

And all for what? My passwords have been leaked dozens of times over in various security breaches anyway.

>Password management has gotten completely out of hand.

Sure, the industry is basically recreating public key crypto very, very badly. All the tech has been there to do away with passwords for ages but path dependency can be a very scary and depressing thing sometimes. Probably doesn't help that for a long time only users paid any of the cost.

Granted there is also this weird mindset even amongst lots of tech workers that authentication is some scary thing and should be manual too, as in this idiotic article. Perhaps that has also inhibited progress.

>And all for what? My passwords have been leaked dozens of times over in various security breaches anyway.

Well, that's the major reason behind password managers isn't it? It's precisely because we're not using real crypto for authentication that what 3rd parties do and whether they get breached actually matters, and in turn creates the necessity to use a different good password for every single service and have the ability to change them to a new good one at will. For most humans at any significant scale that rapidly becomes impossible to manager so naturally the right thing to do at an individual level is turn to a computer to handle it.

It's exactly the sort of thing a computer should be doing, too.

Automating an administrative task is basically what they're for.

The notebook is better than what most people do, including a decent chunk of nerds nerding on with password generation schemes like "last couple letters of site plus this number plus this word".

The major threat we want to avoid in 2018 is "account stuffing", which is simply people pivoting from a dumped password on a breached site to every other one of your accounts through related passwords. If a notebook keeps you from using related passwords, great. Do that then.

You can get better security than the notebook, but the reality is for most non-specialist users, if their bag is stolen, so is their computer, and all their accounts pretty quickly thereafter.

The article and some posts suggest keeping certain passwords only in your head.

Be sure you do that only when it would be Ok if the account became very difficult to access in case you die or become incapacitated. There are remedies for your survivors, but it is generally a big pain in the ass you don’t want to leave behind.

The great thing about paper is that even my grandma can understand it. For 80% of people that makes it superior to any other password manager.
Pro tip: If you use paper add the same prefix to all your passwords, but don't write down the prefix. This improves security if you misplace the paper.

For example, your paper might look like this:

Gmail: face method ruler

Facebook: rows bat likewise

Bank: hilltop skids lavender

But your actual passwords are:

Gmail: apple face method ruler

Facebook: apple rows bat likewise

Bank: apple hilltop skids lavender

Pro tip 2: Use random words instead of random characters. For sites you log into regularly you will soon memorise the password and won't need to pull out the paper.

I'm surprised no one ever talks about invisible ink for this purpose.
It's really that difficult to use KeePass? It's offline, cross-platform, with password generation, secure session for entering the master password, could type passwords without using the clipboard and if you want to sync you can save the encrypted db on dropbox, git or wherever yout want.

The only problem I see is when I need a password but I can't access database, which is almost never since Keepass has a port for Android. But in those (few) cases I can write down a few notes which I can use to create a not easy to guess password for that specific use case.

In an imperfect world this is the optimal combination of security and convenience.

A google drive spreadsheet full of passwords. The gmail account is U2F. Memorize the (long) account password and then copy and paste from the spreadsheet.

Benefits: * is not a honey pot target like a password manager * easily accommodates long random passwords * convenient access * cannot be misplaced * account password very likely to remain secured

What is "U2F"?
It's a hardware key that provides 2 factor authentication for GMail.
I wrote this (above) comment expecting to get a load of down votes, but there are none. If anyone really wants to use this technique then please store all your passwords in TRIPLICATE in the spreadsheet.

This is because if you fat finger or fat mouse one of the three you'll have two others to recover with. If you have only one copy and you mess it up (yes I've done it a few times) then your 16 digit random password will be gone forever.