Micah Lee writes at The Intercept that "coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion."
But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You’ll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You’ll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like “cap liz donna demon self”, “bang vivo thread duct knob train”, and “brig alert rope welsh foss rang orb”. If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.
I recommend that you write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn’t take more than two or three days before you no longer need the paper, at which point you should destroy it.
"Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It’s a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training"
(Score: 1, Redundant) by Anonymous Coward on Sunday March 29 2015, @10:58PM
Getting this out of the way now [xkcd.com].
(Score: 5, Informative) by jimshatt on Sunday March 29 2015, @11:22PM
(Score: 3, Interesting) by TheLink on Monday March 30 2015, @02:57AM
But if it's for some random website even your bank, there's really no point having a passphrase that's much stronger than the website's/organization's expected security against getting hacked (which as we all know is typically quite weak). Just have it strong enough so that someone successfully bruteforcing it over the network would have to DDoS it for a very long time ;).
If the site gets hacked it doesn't matter that much whether your passphrase is strong or not. You have to assume the passphrase and site are compromised.
Which leads to the more difficult things
1) you have to have different passwords/passphrases for different roles/sites. So for throwaway sites you might share the same password, but for your banks you might have different passphrases/passwords (even for each bank), then for your webmail accounts you should different strongish passwords (especially for webmail accounts used for account/password recovery).
2) you have to not be easily phished.
3) you have to not be easily MITM'ed.
Can most people remember that many passwords? Are they able to not be phished? Will they know if an https certificate has changed suspiciously? Keep in mind the NSA and others can get their certs signed by CAs and so probably MITM most people's https connections given the way browsers handle certificates and CAs.
Last but not least does it really matter in practice? So far from all those hacking/phishing incidents how great is the damage that would be avoided by such measures? If the total damage has been less than the total cost and effort to avoid it then you'd just be hurting people more ;). So has it really been such a huge problem?
If some person is going to spend 5 minutes every day looking up and entering the correct passphrase but would only get hacked once every 2 years if they didn't, that's 60 hours. If the person spends less than 60 hours and $$$ to fix the damage then it's not worth it.
(Score: 0) by Anonymous Coward on Monday March 30 2015, @10:17AM
The rebuttal article linked to an interesting tool: zxcvbn [dropboxusercontent.com]
However, it tells me that "Mypasswordisverybad" will be cracked in 13 minutes, but "My password is very bad" will take centuries to crack.
(Score: 3, Insightful) by Anonymous Coward on Sunday March 29 2015, @11:04PM
The problem is that people can't remember more than a couple different passwords, so they tend to re-use the same one (or 2, or 3) over and over again for different sites. So if hackers compromise one site, which seems to happen on a daily basis, then many of the other accounts by the same user are in jeopardy.
Some sites (notably at work) have policies forcing people to change their passwords every 90 days or so, which someone believes is necessary to maintain the integrity of the security policy (undoubtedly this is one of those best practice things repeated at IT administrators conferences...). So lots of people try to make a one-character tweak of their existing password, which hardly helps security but makes it more likely that they'll forget it and be shut out in six failed attempts.
(Score: 0) by Anonymous Coward on Sunday March 29 2015, @11:39PM
FWIW, I have a "base" password that is functionally line noise. Then for each different website I prepend the first three consonants of the domain name. I prepend in case the site truncates passwords to a certain length, this way the variable part is always there. Also, since I own my own domain, every website knows me by a unique email address.
That's not 100%, but it puts my altitude much higher than the low-hanging fruit of password reusers with only marginally more effort.
(Score: 0) by Anonymous Coward on Sunday March 29 2015, @11:57PM
It took some doing but I recently got a client to use passphrases from Dr Sues books. Some add a few extra characters but stick with the Sues Speak. Two tough guys didn't want to use Dr Sues (they'll come around once they have kids of their own) so I recommended that they pick some lyrics from songs they like. This approach works like a charm. Stuff they can remember but that's also long enough to be secure.
(Score: 4, Touché) by Anonymous Coward on Monday March 30 2015, @01:19AM
I recently got a client to use passphrases from Dr Sues books.
Is that an Apple publication?
(Score: 0) by Anonymous Coward on Monday March 30 2015, @01:44AM
D'oh! Someone give that man a "Touchè".
(Score: 3, Informative) by hash14 on Monday March 30 2015, @12:31AM
There are approximately 1 million words in the english dictionary. Let's assume that only 100,000 are used regularly. Then stringing 4 together gives you 10**20 possible words. Only 3 still gives you 10**15.
The problem here is that the radix is too small; why would you want to limit yourself to only 7k words? The length of the word itself doesn't make it any harder to remember. Increase the radix, decrease the number of words you need and you get far better results in my opinion.
Also, does a word list really have to be distributed as a .pdf? Is there something wrong with using good old plain ASCII text for this? Why the hell would you want to print out a list of words that might be your password? I'm not sure of the utility of this.
(Score: 2) by Nerdfest on Monday March 30 2015, @03:21AM
Want to dramatically increase the difficulty? Make a frikkin' spelling mistake or two. Never use something that can be cracked using a dictionary attack.
(Score: 4, Insightful) by stormwyrm on Monday March 30 2015, @03:51AM
Doesn't increase the difficulty all that dramatically. Changing, say, one letter in a word only means that for each word there are 26 possible variants of that word. That's only 4.7 bits of entropy. Change two letters, that's about 9.4 bits. Seems nice, no? But adding only one more word to your passphrase increases the entropy by nearly 13 bits if you use the original Diceware dictionary. I dunno about you, but for me, remembering the way I misspelled particular words in the passphrase is harder to remember than an additional, correctly spelled word. The game is to make passwords that are easy for humans to remember, right?
Numquam ponenda est pluralitas sine necessitate.
(Score: 1, Informative) by Anonymous Coward on Monday March 30 2015, @08:22AM
Doesn't increase the difficulty all that dramatically.
I'd say it does, as it means that even an exhaustive (for small values of infinite length :) dictionary search will never crack the password. And since this kind of advice to string words together is currently given, you can bet that dictionary searches will get more popular.
Changing, say, one letter in a word only means that for each word there are 26 possible variants of that word.
This is true as long as the word is one letter long...
The game is to make passwords that are easy for humans to remember, right?
No, the goal is to make strong passwords that are easy to remember.....
(Score: 2) by stormwyrm on Monday March 30 2015, @08:37AM
The point I was trying to make is that adding random misspellings makes passphrases harder to remember much more than adding additional words to the passphrase does, and the entropy gain from doing that isn't as spectacular as one might think. All right, let's make this a bit more rigorous. Your average word in English is about five characters long. Choose one of those letters to change, for the simplest type of misspelling. So that makes 5*26 possibilities. That's just a paltry seven bits of entropy for forcing me remember to change a random letter inside one of the words. Making me remember another word adds almost twice as much entropy (13 bits), and again, I maintain that remembering properly-spelled words is a lot easier than remembering that a word has been misspelled and how it is misspelled. Sure, you can do that if you like; it doesn't hurt passphrase strength, but it sure as hell hurts memorability. We want to have passwords that are both strong and easily memorable.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by monster on Monday March 30 2015, @04:18PM
Both of you are right and even then, or maybe because of that, you can't agree.
For dictionary attacks, adding a word is just like adding one more letter to a normal password, albeit from a very large alphabet. It makes forcing the password harder but it is still vulnerable to dictionary attacks. However, changing just one word into something outside the dictionary makes the dictionary attack useless, because then the attacker must include not only normal words like this Diceware list but also many misspellings and likely changes (say, leetspeak and the like) without even being sure she has included all the needed ones.
Both methods strengthen your password but do so in different ways, and "mistakes" can also be easily remembered, like using plurals, even garbled ones ("pluralz").
(Score: 2) by Gaaark on Tuesday March 31 2015, @12:58AM
I think that the longer your password is,the harder it will be to crack, especially if the cracker doesn't know how long your password is.
Having a 7-10 character password with all kinds of hard to remember characters (ampersands, etc) is not as good as having an 18 to 24-30 character password of standard dictionary words strung together, especially if you can remember to salt it with odd characters (ampersands, etc).
horsebatterystaplecorrect
is not as good as horsebatterystaplecorr3ct
is not as good as horsebatterystaplecorr3ctbeerbash
my old passwords were about 8 characters long with odd characters
my new passwords are 18-26 characters long with whatever i can remember.
and if a website which hasn't done it's password protection properly (salted, hashed) is cracked, it all comes down to naught... the unsinkable just hit an iceberg.
That given, if a website is working with the NSA, they have your password.
And you are f*cked.
Up the back end.
With a popsicle.
Named Harry Dick... aka 'Chocolate Rain'.
And his friend.
Biggus Dickus... aka... Biggus Dickus.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by stormwyrm on Wednesday April 01 2015, @08:31AM
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by stormwyrm on Monday March 30 2015, @03:39AM
If you have a space of 100,000 words that means that each word contributes approximately 16.6 bits of entropy to the entire passphrase. The prescribed space of only 7776 words already gets you almost 13 bits of entropy per word (12.9248 to be more precise). It's not that a big a difference. Four words from a 100k size dictionary gets roughly 66 bits of entropy. Four words from the 7776 word dictionary gets 51 bits of entropy. Just add one more word and you have 64 bits of entropy. If you have more, familiar words that makes it easier to remember.
Also, adding spelling mistakes as someone else suggests makes the passphrase harder for a human to remember correctly, and only adds a few bits of entropy at most.
The reason why you would want to print out a list of words like that is so that you can generate a passphrase without using a computer. Just roll 5d6 as many times as your paranoia and memory will permit, write it down on paper, keep it safe until you've committed it to memory, and then burn the paper when you're sure you won't forget it. No security through obscurity. The NSA can have a copy of the same Diceware list I printed to make my passphrase and it will do absolutely squat for them to break my passphrase.
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Monday March 30 2015, @10:28AM
Please keep in mind that the 7776 words are known to be the source of passphrases simply based on it being published specifically for use in passphrases. The passphrase attacks will start with that list.
My mom uses the least common last names of members of the youth sports teams her small business sponsors. It's a relatively small list but it's not published as a complete set. Would it stop the government from breaking her password? No, but if they asked she'd probably hand it over and offer to make them a sandwich. Will it keep out everyone else who doesn't have unlimited resources? Yup.
(Score: 0) by Anonymous Coward on Monday March 30 2015, @04:17AM
The problem here is that the radix is too small; why would you want to limit yourself to only 7k words?
For the same reason why the most common password is "password". Even if you give people the entire English dictionary to work with, most passwords created by typical users will be composed entirely of common words.
(Score: 4, Interesting) by NotSanguine on Monday March 30 2015, @12:40AM
Sure, picking multiple words randomly helps, but a native English speaking adult [economist.com] has a vocabulary several times larger than the word list that is suggested for use.
How big [testyourvocab.com] is your vocabulary?
Also, unless you have absolutely *no* imagination or a severe learning disability, it shouldn't be too hard to put together a string of unrelated words to make a password strong enough to defeat all but the most determined (and resourceful) adversary. Why bother with this whole dice thing?
Especially when a determined and resourceful adversary will just work it this way [xkcd.com].
Are we trying to appeal to the craps and D&D set?
Was this article paid for by one of these guys [dice-collection.com]?
Just off the top of my head (don't get excited, I won't use these) I made these up. I included the password strength data for each from this strength tester [rumkin.com]:
BangleSemolinaFinlandHorticulture /length=33/strength=very strong/entropy=150.9 bits/character set size=52
pissantfreedomhanglidersumatra /length=30/strength=strong/entropy=113 bits/charset size=26
freezeratriumgalapagosmarionberry /length=33/strength=strong/entropy=126.1 bits/charset size=26
bellinghamaardvarkmamacitagrenadine /length=35/strength=very strong/entropy=130.7 bits/charset size=26
salivahappenstanceridiculeterrarium /length=35/strength=very strong/entropy=130.4 bits/charset size=26
Note that none of these have spaces, and only one has uppercase letters and none have numerics or special characters. Adding those would increase the entropy, but make the pass phrase harder to remember.
Maybe it's just me, but I think the whole idea is pretty silly.
The better plan would be to educate people to create secure passwords they can remember, IMHO.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2, Disagree) by Covalent on Monday March 30 2015, @01:19AM
First, let me say I'm as guilty as the next guy of what I'm about to accuse the next guy of.
1. Users like short, easy passwords that they can remember and type quickly
2. Unless prohibited from doing so, users will use the same password for lots of sites
3. When forced to change, users will usually increment the number in their password by one.
Case in point, I used my anniversary as my password at work for many years. Every 6 weeks we were forced to change. By the time they ended that policy my anniversary had shifted by nearly 2 months.
I know enough about security to know this is a bad idea. But if someone hacked into my computer at work, all they would be able to do is access my shared hard drive on our server. To change grades or attendance (teacher here), they would have to know an additional password for the grading software (which I haven't changed since I set in back in 2003 (yikes) but which is different from the computer login and password).
I've always wondered why people with important secrets to protect are ALLOWED to choose their own passwords. If you really care that much, users should be assigned passwords that are long enough to be impossible to crack (in the time they are valid) but simple enough for the user to remember.
Here's how I'd do it. Please shoot holes in this idea :)
The employer keeps a list of 30 words that you are really confident in (dog's name, kids names, birthdays, anniversaries, street you grew up on, etc.) The password is a list of 3 of those words, plus a word chosen at random, all in random order
So your password for this month might be Street - Dog - Maiden - Random: ParkFluffyJablonskiOkra
Next month it's Kid2 - Random - Street - Wife: MichaelHerpesParkJanice
(I figured no one uses Okra or Herpes in their passwords).
You could even write these down in an easy to remember code for your own purposes (Kid2 - Random - Street - Wife will work if you remember the random word. It gets less secure if you write down the random word, but even then it's not hacked because someone will have to know the other facts about you).
No switching passwords. The passwords are only good for say a month, so unless someone was willing to dedicate enormous resources to cracking them, they're safe from brute forcing. If you're that important, make it five words.
OK, nerds...what's wrong with something like this?
You can't rationally argue somebody out of a position they didn't rationally get into.
(Score: 3, Informative) by Gaaark on Monday March 30 2015, @01:47AM
If i was an AC, i'd probably start with something like, 'Fucking everything, asshole' (isn't that what is happening nowadays?)
But it sounds to me to be much better than the memory knockers like "Where were you born", "your mothers maiden name", etc which could be found by someone who really wanted to hack you.
I personally switched after reading the XKCD comic: my password is 18 characters and up, or:
Length: 18
Strength: Strong - This password is typically good enough to safely guard sensitive information like financial records.
Entropy: 69.6 bits
Charset Size: 26 characters
according to the rumkin site.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2, Insightful) by m2o2r2g2 on Monday March 30 2015, @02:04AM
Grab a dictionary, flip pages randomly back and forward. Stop and close your eyes and point at a word on the page. Repeat the process.
Also a good way to increase your vocabulary.
Can be modified to be easier (ie repeat process if you won't remember the word, or move down to next recognisable word).
Can be modified to be more random eg incorporating dice throws for base 6 or base 20 (depending on your die) page numbers/ word numbers etc).
Can be modified to increase search space - eg for those with any hint of multi-lingual skill - alternate language dictionaries.
dendroidal tete fading catre
Why limit the search space to 8000 words?
(Score: 2) by stormwyrm on Monday March 30 2015, @03:31AM
It's very hard to prove that you actually have a strong password if you simply flip pages randomly. Repeating the process for words you can't remember also destroys randomness. The advantage of the technique prescribed is that you can actually prove how strong the passphrase you generate will be. No security through obscurity here or guesswork. Most dictionaries don't have their words numbered the way the Diceware list is organised, which lets you just roll 5d6 to choose a word with perfect randomness, and you can be absolutely sure that you actually do have 7776 possibilities in your choices, so each word in the passphrase contributes approximately 13 bits of entropy to the passphrase.
By all means, if you think it will help, make your own wordlist, and number it the way the Diceware list is numbered if you like. If you have a list of about 100,000 words that's 16 bits of entropy. Seems like a lot of extra work for not much additional reward.
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Monday March 30 2015, @03:21AM
How does having a billion guesses a second help, if you are logged out and email for reset after three failed attempts?
(Score: 3, Informative) by Anonymous Coward on Monday March 30 2015, @03:55AM
Brute force guess is usually meant for if you get ahold of tables or systems that do not lock you out properly.
For example lets say I have a system that logs me out after 3 tries. But there is a bug. After the second try I close the connection and open again and it does not count? At that point you just slowed me down a bit but not much.
Or if I get ahold of your database of hashed passwords? Then I can brute force them and try them all at my pleasure. Then I can log in as anyone. Then on top of that many of the passwords can be reused on other sites...
(Score: 1, Interesting) by Anonymous Coward on Monday March 30 2015, @07:15AM
It helps when the attacker has copies of your encrypted data or when said service gets breached and they gain access to your hashed password.
(Score: 1, Interesting) by Anonymous Coward on Monday March 30 2015, @08:29AM
This is a great question and the peeps who write such articles about password definitely should include the answer! (provided by others here already so I won't repeat it)
This is an earlier story here about getting around such a system https://soylentnews.org/article.pl?sid=15/03/19/0339254 [soylentnews.org]
(Score: 2) by quadrox on Monday March 30 2015, @08:27AM
If you know/can guess that the passwords consists entirely of words from that list, you have suddenly reduced the entropy greatly. You would do a dictionary attack based on that very list and try all combinations of those words (not letters - words!), and suddenly your password is no better than the numerical checksum that represents it.
Or am I wrong?
(Score: 2) by stormwyrm on Monday March 30 2015, @09:09AM
You're wrong. There are 7776 words in the Diceware list. So if you were to mount a dictionary attack, what you would need to do is go through each combination of such words. So if you had five words in your passphrase, that would be 77765 = 28,430,288,029,929,701,376 combinations, which is actually about 64 bits of entropy! The "numerical checksum that represents it" actually has quite a lot of entropy in it, approximately 13 bits per word.
It's like having a password made up of five Chinese characters. There are about 8105 general-use Chinese characters approved for use in the People's Republic of China, so that's a bit more than 13 bits per character also, so similarly a five-character password using only Chinese characters would have just under 65 bits of entropy.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by Gaaark on Tuesday March 31 2015, @01:07AM
and 2 of the words in my password aren't even on that list! i like my odds!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---