Password Memorability and Securability

NonNullSet writes "Who would have thought that that something new could be said about how best to select passwords? Ross Andreson of Cambridge University and some of his colleages have performed new empirical studies and found some pretty non-intuitive results. For example: 1. The first folk belief is that users have difficulty remembering random passwords. This belief is confirmed. 2. The second folk belief is that passwords based on mnemonic prases are harder for an attacker to guess than naively selected passwords. This belief is confirmed. 3. The third folk belief is that random passwords are better than those based on mnemonic phrases. However, each appeared to be just as strong as the other. So this belief is debunked. 4. The fourth folk belief is that passwords based on mnemonic phrases are harder to remember than naively selected passwords. However, each ap- peared to be just as easy to remember as the other. So this belief is debunked. 5. The fifth folk belief is that by educating users to use random passwords or mnemonic passwords, we can gain a significant improvement in security. However, both random passwords and mnemonic passwords suffered from a non-compliance rate of about 10% (including both too-short passwords and passwords not chosen according to the instructions). While this is better than the 35% or so of users who choose bad passwords with only cursory instruction, it is not really a huge improvement. The attacker may have to work three times harder, but in the absence of password policy enforcement mechanisms there seems no way to make the attacker work a thousand times harder. In fact, our experimental group may be about the most compliant a systems administrator can expect to get. So this belief appears to be debunked."

Freaking PDF files.

[Anonymous Coward]

Freaking PDF files. Link [216.239.39.104] to a version translated into HTML. By the time this goes live, maybe the FTP will be slashdotted, too. Thanks, Google.

I suppose I should make a comment. Okay, here it is: looks like users are still the weakest link in security. Whoever said that social engineering was the ultimate hack is a genius.

Google

[Mz6]

Google's HTML Cache Version [64.233.167.104]

Use passphrases instead

[Anonymous Coward]

Back in the days of limited capacity, 8 or 10 character passwords made sense. Today, there's no reason why we shouldn't be moving towards pass phrases of 20-50 characters. How difficult would it be for someone to remember "It was the best of times, it was the worst of times." as their password, and yet, how difficult would it be to crack a 52 character password?

It's really just a matter of changing mindset to use passphrases instead of passwords.

My password method

[gosand]

I have been able to successfully remember randomly generated passwords, but once they slip your mind - you are screwed. My password method is this:

1. generate a password using some word algorithm: I was born on a Monday = "IwboaM"
2. come up with some kind of replacement strategy: w=m, a=1. IwboaM = Imbo1M
3. bookend it with the year you were born: Imbo1M = 19Imbo1M69.

It looks totally random, but there is a method to the madness. If you need to change it, you can just inc the year, or use some other rule on it. The strength is that you completely make up the rules, and they don't have to make any sense. All you have to do is remember the original phrase (easy) and your rules (easy to complex).

(and the example I gave is completely arbitrary)
You could also do one where your password is the answer to the question. Remember the question "What month was I born?" Answer: October
Password starting point = HalloweenMonth. Then apply crazy rules to it. In this way, you can write down your reminder phrase "Month born?" and it is nowhere near what your password is.

Re:Freaking PDF files.

[QBasicer]

I don't think that will ever change, unless we use the bio scanning methods (iris scans and whatnot)

I heard about DNA scan, but I can't see that working, it could be falseified. Even a finger print could be carried (cut off their finger if they wanted access enough).

The strongest way to do it is with multiple methods (text password, then voice password, the finger print scan, and then iris scan).

passphrase passwords

[thogard]

Some people have been claiming that using things like "fsa7ya" or "4sa7ya" as the 1st letters of "four score and 7 years ago" is a good way to make up paswords. I've got a friend who has a dictionary of about 20,000 such phrases and it took a few of us about a half hour to find a common quote that wasn't in his list. He also happens to have a 50 word lists that is very effective at brute force attacks.

Re:Consonant-Vowel Method

[joelhayhurst]

There is also a unix utility called APG [nursat.kz] (Automated Password Generator) which will create pronounceable gibbrish passwords to your specifications. I usually use that, find one I like, then replace a few letters with l33t-speak numbers (to think, it has a use...).

Re:Freaking PDF files.

[Anonymous Coward]

I may be off-topic, but I linked PDF files to 'xpdf' in Firefox and I don't have problems anymore.

pwgen

[jsebrech]

You can easily generate mnemonic passwords using pwgen [sourceforge.net].

It's definitely easy to remember mnemonic passwords. I've been able to not log into a machine for months, come back to it and remember the mnemonic password unique to that machine.

Passwords And Dice

[JohnPerkins]

I just keep a handful of dice in the desk to roll new passwords with. 2d6 >> base 36 >> letters and numbers. My logon pw, for instance, is 24 digits of that stuff.

Alternative to memnonics -- pronounceables

[0x0d0a]

I occasionally like memnonic passwords, but another good alternative is a randomly-generated but pronounceable password. It turns out that we're much better at remembering passwords that we can pronounce. (Where "Voolakun5" is pronounceable and "zqx17yvy" is not).

FIPS-181 [nist.gov] describes a NIST-endorsed system for producing pronounceable passwords. There is a GPLed FIPS-181 implementation here [nursat.kz].

Sample run:

$ apg
dyijenuloa
bifliecar
yishjied&
IfHydrovia
yutsOlg/
DipUkcat

APG is a lot more sophisticated than this, and allows you to do a lot of tweaking of the types of passwords it outputs, print pronunciation guides. It's a good tool, IMHO, for security-conscious types to have around.

For Fedora Core 2 users, Red Hat does not package apg in the base distribution, but it is available from freshrpms.

Re:Brute Force Attacks

[wwest4]

> LOCK access for a given account after X consecutive failed logon attempts ...
> han Y accounts are locked for this reason in Z minutes, and as a community we'd
> effectively end all dictionary attacks

The problem with this solution is that so-called "dictionary attacks" are virtually never carried out using the target's manual authentication mechanism, or even their enrcyption library functions (which are usually deliberately performance-crippled). Any brute-forcer worth its salt (heh) is run on a fast, private computer with an optimized hashing function on hash data that is pulled off of the target wholesale.

In addition to, and more important than, the methods you describe, users must use better passphrases, policies must be enforced, and the authentication schemes used must become more robust (larger key size, multi-layer security, OTP, etc).

Re:quepasa

[JohnGrahamCumming]

The differences are:

1. There's no file stored anywhere containing the passwords so you can't lose them, or have the file in order to get the password.

2. You don't have to do the random creation of passwords in the first place.

3. When it comes time to change passwords, just change the passphrase.

John.

Too lazy to come up with a good password?

[Anonymous Coward]

Try out this nice password generator [winguides.com]. You can customize the output based on what you feel would be most secure and easiest for you (randomness, length...). Just don't complain if an admin of that site craxx0rz j00.

As with a large number of problems...

[26199]

...you can solve this one by throwing money at it.

Buy one of these [usahero.com] and relax. You'll never have to worry about passwords again.

Re:Length vs randomness

[pyro_peter_911]

One area I'd like to see would be strength of a password in terms of randomness, requireing use of characters, etc. vs length. Is an 8 character password with a punctuation mark better than a 10 character pasword with all lower case characters? If so, by how much?

An 8 character password using unique upper case, lower case, digits and punctuation has about 94 different characters. If we picked a random 8 character password from this we would have:

94_P_8 = 94! / (94 - 8)! = 94! / 86! = 94 * 93 * 92 * 91 * 90 * 89 * 88 * 87 = 4.4x10^15 permutations

A 10 character password using only unique 26 lower case characters has:

26_P_10 = 26! / (26-10)! = 26! / 16! = 1.9x10^13 permutations.

So, the 8 character password using all characters is about 200 times more difficult to brute force than the 10 character password only using lower case characters.

Peter

Re:Random Passwords aren't the problem

[Xenographic]

If you're going to write it down anyhow, at least tell them to keep the paper in their wallet.

It's more likely they'll take care of it, then.

Programmatic Enforcement

[securitydude]

You can get software to enforce the policy to avoid the 10% non-compliance mentioned above. In the Unix/Linux world, you can use something like NPasswd [utexas.edu] to do it. For you Windows' people, something like Password Bouncer [avatier.com] would do the trick.

Re:quepasa

[RKBA]

What's a keychain?
A local list of the public keys you keep on your own computer (as opposed to remotely on a keyserver). It's like an address book, except that it contains the public keys of your correspondents.

What's a public key?
A key you make public so that others can send messages to you. Likewise, others make their own public key known to you (or to the public in general) so you can encrypt messages to them.

A private key?
The key you need in order to decode the messages others have encrypted using your public key.

What do I do if my private key is compromised?
Generate a new private and public key. Send a revocation notice to the public keys server(s) you use and notify all your correspondents of your public key change.

I use an older version of a free program called Password Safe [schneier.com] and keep lots of backup copies of it's data file on floppies, etc. With the (ugly) newer version [sourceforge.net] you can also print out a hardcopy.

Re:a couple things i do

[jhkoh]

and they can't use their previous so many passwords

I have a friend who worked on a system with a similar restriction in their password-changing policy. So, when the system forced him to change his password, he just changed it "so many" times until it let him go back to his old one...

Re:Longest... summary... ever...

[Neophytus]

It's to distinguish the fact that the post is quoted from the submitter rather than editor-written (as sometimes happens)

Re:Freaking PDF files.

[Anonymous Coward]

Apache/1.3.29 (Unix) FrontPage/5.0.2.2510 PHP/4.3.6?

Re:Random Passwords aren't the problem

[stilwebm]

This brings up the interesting debate of whether shared authenications systems are more secure or less secure. If you had only one password for all 6+ systems, you'd probably see much less reuse of old passwords. On the other hand, having someone's password could me access to 6 different systems on a variety of platforms.*

*It is idealistic to think that a single authentication system will be shoehorned in to every system used in many enterprises. More than likely at least some application will not be able to use the networked authentication for one reason or another.

NOT secure

[IntelliTubbie]

Basically it assigns random chars/numbers/symbols to each letter of the alphabet ... Now I print this nice little table and use it for passwords all over the place. For example I could just remember "slash" which maps to the password Z?+JTLZ?4&

The table itself isn't a terrible idea, but where you really go wrong is printing it out. If anyone gets a look at your "alphabet," and you've used a simple dictionary password, then it's as simple as doing a dictionary attack -- just with your modified alphabet instead of the standard one.

This is why, as the article states, user-devised password schemes aren't very good (although yours is probably somewhat better than many), as they only give the illusion of security.

Cheers,
IT

Mitnick today

[SoTuA]

is milking the conference circuit as hard as he can (it's how he makes his living now)

He was briefly in Chile for a US$420 a seat conference, and the head of the Computer Science Dept. asked him if he could give the students a little talk.

A representative answered exactly this:

Thank you for your inquiry. Kevin is indeed in Chile next week-- and would love to address your students. He does, however, charge a fee for his presentations (it's how he earns his livelihood)--- A standard presentation is 45 min. long plus 15 min. Q&A and covers the information presented in his book, The Art of Deception. The cost for a presentation like that is typically $15,000 US; however, due to the fact that you are an educational institution and Kevin will already be in the area delivering his other presentation, I could offer you a discounted price of $9,000 US (a savings of 40%)plus any related travel costs to/from your organization to his hotel.

Re:Teach People the Drums

[E_elven]

For the record, I hate ECODE. Try this diagram:

1 2 3 4 5 * 7 8 9 0
q w e r * * u i o p
a s d * - * j k l ;
z x * v b * m , . /

(The asterisks and the hyphen form an 'A' there).

Re:A note on hashing

[Minna Kirai]

So my idea was to store a hash of the concatenation of the username AND password, ensuring with a high probability that no two hashes will be alike.

Old way:
I wonder if anyone's password is just 'password'.
forall(user){test(user.hashedpassword = hash('password')}

New way:
I wonder if anyone's password is just 'password'.
forall(user){test(hash(user.login + 'password') = hash('password')}

2nd way requires more hashing to be done through the loop, but isn't really much harder.

PasswordSafe

[ronys]

A solution that works for many is PasswordSafe [sourceforge.net]. This is a small application that keeps all passwords encrypted (using the Blowfish algorithm). Entries are presented either as a flat list or tree, and double-clicking an entry decrypts the password and copies it to the clipboard. The project originally came from Counterpane [counterpane.com], Bruce Schneier's [schneier.com] company, and is regarded as a useful and secure application.
PasswordSafe has random password generation that can be customized rather nicely.
Of course, the PasswordSafe database itself needs to protected by a passphrase...

[Disclaimer: I'm currently the project admin for PasswordSafe.]