Your Passwords Are Much Weaker Than You Think
August 21, 2012 5:30 AM   Subscribe

Why passwords have never been weaker—and crackers have never been stronger. Ars weighs in on the amazing advances the bad guys have made in password cracking over the last few years. Think you know how to choose something that's safe? The probability is quite high that you don't, even if you're technically ept.

I suggest just reading the whole thing, but in summary: in early password cracking attempts, hackers were using electronic versions of paper dictionaries to generate guesses, along with numbers and punctuation in ways they thought might work. Over the last few years, however, because of the many large compromises and the massive bodies of leaked passwords that have been released online, they're no longer stuck with a theoretical corpus of possible passwords. Now, they have hundreds of millions of actual passwords, ones that have been used in the wild. As it turns out, whatever system you use to generate passwords, if it's not random, someone out there is almost certainly using something similar, and it can probably be attacked. And the crackers have now access to previously unthinkable levels of computing power.

It has now gotten to the point that you need (at least) ten character, truly random passwords, unique to each site. If you use any kind of pattern at all, someone out there has probably used it on a hacked site, and the bad guys know about it. If a hash of your password escapes, at least with present engineering practices by many major sites, there seems to be about a 90% probability that it will be successfully guessed.

tl;dr version: never re-use a password. Always use at least ten characters. Unless you have an extraordinarily good memory, the implication is that you will need mechanical help, both to randomly generate, and then to manage, these passphrases. And remember that your keystore password, whether you use a cloud service or a local program, needs to be the very best one you have.
posted by Malor (178 comments total) 75 users marked this as a favorite
 
Who you calling a cracker?
posted by Rykey at 5:41 AM on August 21, 2012 [10 favorites]


Well, websites need to let people choose longer passwords. There are still sites that restrict the password length to 8 characters.
posted by Renoroc at 5:42 AM on August 21, 2012 [11 favorites]


I have a recurring fear that I'll get locked out of 1Password somehow and, just like that, my entire life online will separate from me and go its own way.
posted by R. Schlock at 5:43 AM on August 21, 2012 [16 favorites]


Heed our Founder.
posted by Egg Shen at 5:45 AM on August 21, 2012 [1 favorite]


passwordsafe is your friend.
posted by rmd1023 at 5:46 AM on August 21, 2012 [4 favorites]


Think you know how to choose something that's safe?

Yes.

whatever system you use to generate passwords, if it's not random, someone out there is almost certainly using something similar

I suppose it's actually impossible for a human to choose something random, but using something like this and keeping all the passwords in a file which only exists in 2 places which is itself encrypted with some 24-character password is probably sufficient.
posted by King Bee at 5:47 AM on August 21, 2012 [1 favorite]


R.Schlock: A stash of hardcopy passwords in a safe place can help avoid that.
posted by rmd1023 at 5:48 AM on August 21, 2012 [1 favorite]


I'll never understand websites (banks, I'm looking at you!) that have arbitrarily low maximum lengths for passwords. I know they're probably just pretty web interfaces to mainframe systems, but they're practically begging to be cracked.
posted by blue_beetle at 5:48 AM on August 21, 2012 [3 favorites]


In all honesty it doesn't matter how convoluted your 10 or even 20 character password is, if the server side of the equation isn't salting their passwords, you're screwed. I'm not even sure the release of "in the wild" passwords has done all that much to speed things along.

Instead of "Password" and "Password1", both of which would be taken care of by a rainbow table of all 10 character passwords, make the cracker have to build a rainbow table for all 10 digit passwords plus a 1.3 meg picture of the head of security's wife and kids.
posted by Kid Charlemagne at 5:49 AM on August 21, 2012 [10 favorites]


My passwords are all series of random numbers. These numbers.
posted by blue_beetle at 5:50 AM on August 21, 2012 [1 favorite]


When Steam got hacked, I almost wept with joy that they announced the fact that they were hacked straight away AND specified that their password hashes were salted.
posted by Kid Charlemagne at 5:51 AM on August 21, 2012


In all honesty it doesn't matter how convoluted your 10 or even 20 character password is, if the server side of the equation isn't salting their passwords, you're screwed.

Yes, you're screwed for that account, and what's more, you may not know if the account stores the passwords unsalted, which is why this article is arguing that good password hygiene is about making sure none of your other passwords follow the same pattern or are the same pw.
posted by OmieWise at 5:53 AM on August 21, 2012


Needs the tag "correcthorsebatterystaple."

Which has probably been used by several hundred people who just didn't get it.
posted by Foosnark at 5:54 AM on August 21, 2012 [14 favorites]


Password complexity in isolation is a bit of a red herring. There's no reason why any system (including systems used to secure password databases for websites) should allow more than a handful of login attempts before locking the user out and falling back to other means of identification. If that ultimately means that someone has to physically enter a data centre and unlock a cupboard, so be it. And there's certainly no reason why any system should allow consecutive login failures at less than five-second intervals. Fix those two issues and you've pretty much protected yourself against all the computing power in the world.
posted by pipeski at 5:55 AM on August 21, 2012 [24 favorites]


My new rule of thumb is if I can remember the password, it's too weak. Tools like KeePass, LastPass and 1Password are your friends, use them.
posted by tommasz at 5:55 AM on August 21, 2012 [3 favorites]


I use the same password for everything but I add a unique identifying suffix to each one depending on where I'm logging in. So say my base password is PuMPk!nMuff!n666. My unique password for MetaFilter would be PuMPk!nMuff!n666+MiFi.

My God, what have I done? I must kill you all now.
posted by guiseroom at 5:56 AM on August 21, 2012 [2 favorites]


I use the same password for everything but I add a unique identifying suffix to each one depending on where I'm logging in. So say my base password is PuMPk!nMuff!n666. My unique password for MetaFilter would be PuMPk!nMuff!n666+MiFi.

My God, what have I done? I must kill you all now.

It's fine until one unsalted password stash gets hacked.
posted by jaduncan at 5:58 AM on August 21, 2012 [3 favorites]


I keep meaning to look into password keepers, but keep putting it off because it seems like there are so many of them and I am lazy. I'll take this post as a sign and actually start researching them today.
posted by amarynth at 6:01 AM on August 21, 2012 [2 favorites]


I keep meaning to look into password keepers, but keep putting it off because it seems like there are so many of them and I am lazy. I'll take this post as a sign and actually start researching them today.

Alternative approach: use passwordmaker and generate a unique password based on the domain and your secret password. The benefit is that the actual passwords aren't stored anywhere, and every domain has a unique password at no mental cost. There's free browser extensions and mobile apps, and no sync is required so no worries about server compromise or random service charges.
posted by jaduncan at 6:06 AM on August 21, 2012 [8 favorites]


There's no reason why any system (including systems used to secure password databases for websites) should allow more than a handful of login attempts before locking the user out and falling back to other means of identification.

Jesus Christ, this. If it's possible for a hacker to get past "Aaron" in a dictionary attack, there's a security failure all right but it's not on the user's end. You can either appeal to the untrained masses to use impossible-to-remember passwords (but their on-site sysadmins will scream at them not to write them down anywhere) and/or pain-in-the-ass applications like lastpass, or you can get the supposed professionals to follow basic security principles when coding a login page. Gee, which one do you think scales better?

(Also, it is possible for a human to generate an essentially random password through the same methods computer use to generate their random numbers - seeding an algorithm with an input unique to you that can't be derived from readily available data, like old phone numbers or addresses. If any hacker is willing to do the research necessary to find, for instance, my childhood phone numbers and then brute-force all the possible combinations based on the variation derived from one stolen hash, I am way more important than I thought.)
posted by Holy Zarquon's Singing Fish at 6:07 AM on August 21, 2012 [7 favorites]


Think you know how to choose something that's safe? The probability is quite high that you don't, even if you're technically ept.

No, I don't think I know how to choose something that's safe. That's why I delegate the task to KeePassX, which generates a random password for me and stores it safely. Of course, if my KeePassX database is compromised I'm screwed, but no technique is 100% safe. The best I think I can do is to put all my eggs into one basket, then watch that basket.
posted by pont at 6:10 AM on August 21, 2012 [3 favorites]


My new rule of thumb is if I can remember the password, it's too weak.

That's unfortunately very wrong. As XKCD and others have observed, thirty years of unbridled superstition around password security have brought us to a point that we insist on passwords that are hard for humans to remember but easy for computers to guess.

There are still a ridiculous number of sites and services out there that have arbitrary restrictions on password length and content, that don't salt their hashes or otherwise secure their infrastructure; you should hear the O'Reillys and O'Gradys of the world talk about how the combination of lazy, ignorant programmers and SQL syntax has turned them into unwitting pentesters when all they want to do is type in their real last name.

Which is to say, pick whatever reasonable password you like, it may not matter. Virtually all the responsibility for password security falls on the server side of the equation, not the client side.

My policy on this is to use reasonably complex passwords in a password-storage system of some kind - Firefox's password manager and Sync service see me right, there - and when I find a place that arbitrarily restricts what kind of text goes into a password field, I simply don't use that service.

Whenever you see "Your password can't use @,#,%,',; or '*' and must be a maximum of 12 characters" you should assume right that invariably, 100% of the time, that means "LOL DUNNO HASH IMMA PUT THAT STRAIGHT INTO THE DB IN PLAINTEXT BITCHES".
posted by mhoye at 6:16 AM on August 21, 2012 [38 favorites]


I use the same password for everything but I add a unique identifying suffix to each one depending on where I'm logging in. So say my base password is PuMPk!nMuff!n666. My unique password for MetaFilter would be PuMPk!nMuff!n666+MiFi.

Why just a suffix? Why not interleave the site name with the shared password?
PuMPk!nMuff!n666
Metafilter

becomes

PMueMtPakf!inlMtuefrf!n666
I use interleaving myself, but I do not include a common password for each site, and my method of alternating between strings is not character-by-character.
posted by a snickering nuthatch at 6:17 AM on August 21, 2012 [2 favorites]


Jesus Christ, this. If it's possible for a hacker to get past "Aaron" in a dictionary attack, there's a security failure all right but it's not on the user's end.

I think the problem is out-of-band attacks. They aren't worried about attackers hitting the front page of a website 40 million times to break into accounts, but by people cracking systems and obtaining password databases to work on later.
posted by gjc at 6:18 AM on August 21, 2012 [10 favorites]


If it's possible for a hacker to get past "Aaron" in a dictionary attack, there's a security failure all right but it's not on the user's end.

I don't think the brute-forcers are actually querying the server billions of times per second. Correct me if I'm wrong, but I believe the GPU-powered cracking machines are working with lists of hashed passwords that have already been leaked. They're trying to reverse engineer the passwords from that list, not brute-force the login page.

On preview, same as gjc says.
posted by echo target at 6:19 AM on August 21, 2012 [2 favorites]


In the Mat Honan-hack story, there was discussion of using a password retrieval email that is NOT your regular email address- but an addresses that is only using for password retrieval. Is anyone doing that and if so what are the best practices for that? (I assume using an email address of a domain you control is better than a free email service that you could get locked out of?)
posted by gen at 6:22 AM on August 21, 2012


Yeah, but that's completely outside the concept of "safe" passwords - if a hacker gets the site's database and cracks the hash, they've got your password, whether it's 12345 or y634qE9`3%$$mJ;;px. The idea is that we need to be worried about picking passwords that are not only different between sites, but so random that a hacker who gets one of them can't possibly extrapolate the others. I'm saying that if it's possible to test those extrapolations at another site, then that site's security is all kinds of terrible (and that anyone who thinks a hacker would take that kind of time for them had better own far more yachts than I do).
posted by Holy Zarquon's Singing Fish at 6:26 AM on August 21, 2012 [1 favorite]


I use long series of garbage syllables that are nonsensical and difficult to remember -- but easy to type! These are all written down, except for an equally nonsensical prefix which is common to all the passwords and only exists in my head. The prefix keeps my passwords safe in case the list is stolen, but is still easy enough to remember because I use it everywhere.

The prefix trick was recommended by my beloved university of Helsinki and is pretty neat.
posted by Anything at 6:27 AM on August 21, 2012 [4 favorites]


Server lockouts and delays are irrelevant when the password database is compromised, which has happened often enough that it should be consider an important consideration.

Holy Zarquon: I'm saying that if it's possible to test those extrapolations at another site, then that site's security is all kinds of terrible (and that anyone who thinks a hacker would take that kind of time for them had better own far more yachts than I do).

I suspect that hackers are depending on the low-hanging fruit that:
1: the majority of passwords can be found using a very small dictionary
2: the super-majority of users will use the same password in multiple locations.

Limited number of attempts per account? No problem, you have a list of several thousand username/password combinations to try, just go down the list to the next username.

Limited number of attempts per IP? No problem, use a botnet.
posted by CBrachyrhynchos at 6:34 AM on August 21, 2012 [1 favorite]


Well, websites need to let people choose longer passwords. There are still sites that restrict the password length to 8 characters.

Many sites do, but for whatever reason don't tell you that.
posted by ChurchHatesTucker at 6:35 AM on August 21, 2012 [1 favorite]


Of course, for those of us who (ahem) occasionally surf at work a password keeper is a no-starter. There is no way I'm every going to see those allowed here.

I may just start writing everything down in a mini notebook that I hide in my bra.
posted by JoanArkham at 6:35 AM on August 21, 2012 [2 favorites]


That last paragraph in the OP neatly encapsulates why this "solution" will never be adopted by anything other than 5-10% of the web population. It's a geek solution that only other geeks will bother to use. And, honestly, it sounds like the real problem is with whatever security protocols may (or may not) be in-place on the server and DB side of things, not the end-user side.
posted by Thorzdad at 6:36 AM on August 21, 2012 [1 favorite]


My new rule of thumb is if I can remember the password, it's too weak.

That's unfortunately very wrong. As XKCD and others have observed, thirty years of unbridled superstition around password security have brought us to a point that we insist on passwords that are hard for humans to remember but easy for computers to guess.


This is absolutely true. (as far as I have been able to figure out) The thing that confuses people is they imagine that in attempting to break a password, the attacker will somehow know when they are getting close to the right answer, and that character substitutions will confuse the computers as much as they confuse us. "$eCur!ty" is just a couple hops away from "security", as far as brute force knows. Similarly, people scoff at multi-word passwords because they are so easy for us to remember, and because they think the hacker will be able to know when they have gotten the first word right. It's not like cracking a TV safe- they can't hear the tumblers drop.

The conventional wisdom on password security is definitely security theater.
posted by gjc at 6:36 AM on August 21, 2012 [10 favorites]


You should also use different security questions/answers for each site. I haven't until recently, when Blizzard's database, including the answers to security questions, was hacked and stolen. I don't care about my Blizzard password since it was unique and I can easily generate another one, but I'm pretty sure those stolen security questions have been used by other sites and I can't change those for every site that uses them (can't even remember which security questions Blizzard used since they no longer appear in my account info when I login there).
posted by longdaysjourney at 6:37 AM on August 21, 2012


Fix those two issues and you've pretty much protected yourself against all the computing power in the world.

Nope. Not a chance.

Lots of authentication schemes (e.g. HTTP Digest) are built around the client and the server hashing common secrets (like passwords) and then exchanging those hashes online for comparison. Access is granted based on the locally computed hash matching the hash received from a remote computer. The security here rests on it being extremely difficult for any eavesdropper watching the hashes fly by on the network to map them back to the original secrets they were generated from.

But if you're an eavesdropper, you have offline access to the hashes that were exchanged. You can take all the computing power in the world to crack those secrets, and then use them to gain access to a site on the first try with no guessing required. Restricting failed login attempts won't protect you against someone who already has your password.
posted by RonButNotStupid at 6:39 AM on August 21, 2012 [2 favorites]


I just use "SHAFT" as the answer to all "security questions", that way I can remember.
posted by thelonius at 6:40 AM on August 21, 2012 [5 favorites]


I'm just a regular old web programmer, but I'm curious if the following procedure would make password hashing less GPU-friendly:
set pws = concatenate password and salt
set hash = pws
for x = 1 to number of rounds
  set bitToCheck = x mod hash.length
  if the bitToCheck-th bit in hash is set,
    set hash = scrypt(hash)
  else
    set hash = pbkdf2(hash)
return hash
posted by a snickering nuthatch at 6:41 AM on August 21, 2012


In the Mat Honan-hack story, there was discussion of using a password retrieval email that is NOT your regular email address- but an addresses that is only using for password retrieval. Is anyone doing that and if so what are the best practices for that? (I assume using an email address of a domain you control is better than a free email service that you could get locked out of?)

I'm not sure what the scenario is where this is useful. If someone has access to your regular account, how did they get that access? There is no reason to believe that they didn't also get access to your password retrieval account.

For this to actually be more secure, you'd need to have your password retrieval account be on a different service, accessed from a different computer, via a different ISP. Otherwise, the chances are that the cracker is going to get your secret account the same way they got your regular one.

But that's irrelevant, since the vast majority of anonymous hackers aren't after YOU, they are just after whatever accounts they can get their hands on. And if they ARE after you, they most likely have some kind of snooping going on where it won't matter how you change your password, because they can get the new one just as easy.

In other words, this kind of thing is only useful in very narrow situations, but highly annoying all the time.
posted by gjc at 6:47 AM on August 21, 2012 [2 favorites]


I suspect that hackers are depending on the low-hanging fruit

I figure that it's like securing one's house. As a practical matter, no home can be made safe from a sufficiently determined thief. But if you can make it safer than the 50 other houses on the block, the thief is almost certain to take the path of least resistance.

for those of us who (ahem) occasionally surf at work a password keeper is a no-starter

It's hard for me to imagine that my company has any IT guys with both the time on their hands and the malevolence to do all that would be required to get my master password. Which at a minimum would seem to require installing a keylogger on my machine and then matching the time of particular keystrokes to my signing in to LastPass.

Even with that, they'd still need to crack the 6-digit number provided by Google Authenticator.
posted by Egg Shen at 6:51 AM on August 21, 2012


I really don't stress about it too much. I never let an e-commerce site store my credit card info if it's an option, (except for paypal, I suppose, which hmm...) but otherwise, I have 1Password for innocuous web logins where access wouldn't get them any further than that, say here, message boards, etc. a second for hardware, and a third for an encrypted file that's got everything else sensitive in it. If you want my bank account number, you're going to have to hack my bank's site, or break into my hardware, then crack a 128 bit file.

I'm slowly migrating a few things over to 1password as I get time, but it's kind of a pain to manage. I've got things that get in the way of me finding time to do all the data input around that, right now.

I did go back after that Honan thread and set all my whois info on the domains I own to private.
posted by Devils Rancher at 6:54 AM on August 21, 2012


And to illustrate the scheme in my previous comment, with imaginary examples:

Prefix memorized in my head:

lerkofoimsanuje

What's written down on paper:

nasmeklomnavuiba
tneklipovhevaplo
hamkefopleguinex

Actual passwords:

lerkofoimsanujenasmeklomnavuiba
lerkofoimsanujetneklipovhevaplo
lerkofoimsanujehamkefopleguinex
posted by Anything at 6:55 AM on August 21, 2012 [2 favorites]


The ideal solution (that will never happen) is for the web to stop using passwords for everything except banking and email. This isn't perfect (the list of suggested names won't scale for example), but I think the idea is sound.
posted by frogmanjack at 6:56 AM on August 21, 2012


I just use "SHAFT" as the answer to all "security questions", that way I can remember.

Ya damn right.
posted by DigDoug at 6:56 AM on August 21, 2012 [4 favorites]


I figure that it's like securing one's house. As a practical matter, no home can be made safe from a sufficiently determined thief. But if you can make it safer than the 50 other houses on the block, the thief is almost certain to take the path of least resistance.

"I don't need to be faster than the bear, I just need to be faster than you."
posted by CBrachyrhynchos at 6:58 AM on August 21, 2012 [3 favorites]


I just wish more sites supported two-factor authentication.

My GMail (ddruckerccn@gmail.com) password is "swing altec 3392819928 frogman".

And there's not a damn thing you can do with that.
posted by dmd at 7:00 AM on August 21, 2012


Disclaimer: that is not actually my gmail password. It's pretty close though.
posted by dmd at 7:01 AM on August 21, 2012


My GMail (ddruckerccn@gmail.com) password is "swing altec 3392819928 frogman".

And there's not a damn thing you can do with that.


Why is it so long, then?
posted by Huck500 at 7:02 AM on August 21, 2012 [3 favorites]


All of these password security practices are good to keep in mind and if they inform your password practices, then great. But there is a lot more to the picture than just the increased horsepower available to crack encoded password databases.

Malware-based keyloggers are highly effective at lifting passwords no mater how complex they are, since the user is typing them right into the keylogger. There is a robust ecosystem underground of malware that, yes, can evade A/V defenses (at least for a window of time). After all, see every botnet in the world.

And even if your machine is super secured or doesn't run Windows, there is a chance you've logged into sensitive sites from machines not under your control, whether at work, a friend's house, or a public terminal somewhere.

Keyloggers are just one technology that can be used to lift your authentication credentials right out of your palm. The point is, malicious actors have more tools at their disposal than simply high-horsepower hash cracking.

It is useful to remember that even if your password is very long and random, it is never fully secure due to the many threat vectors out there.
posted by thebordella at 7:03 AM on August 21, 2012 [3 favorites]


Of course, for those of us who (ahem) occasionally surf at work a password keeper is a no-starter. There is no way I'm every going to see those allowed here.

FWIW, KeePass can run off of a thumb drive.
posted by muddgirl at 7:03 AM on August 21, 2012 [1 favorite]


From my (admittedly ignorant) perspective, it seems that most of the problem of hackers guessing passwords can be dealt with by the host forcing an increasing time delay between login attempts on any given account and/or from any particular IP address, with an eventual lock-out.
posted by exogenous at 7:04 AM on August 21, 2012


And even if your machine is super secured or doesn't run Windows, there is a chance you've logged into sensitive sites from machines not under your control, whether at work, a friend's house, or a public terminal somewhere.

That's actually one of the hidden benefits of using a password manager - if I can't control a computer enough to install the manager software, then I shouldn't be using it to access password-protected sites in the first place.
posted by muddgirl at 7:05 AM on August 21, 2012 [3 favorites]


You know that identity authentication system is one bad mother-
posted by echo target at 7:08 AM on August 21, 2012


passwordsafe will run off a thumbdrive as well.
posted by rmd1023 at 7:10 AM on August 21, 2012


pipeski: There's no reason why any system ... should allow more than a handful of login attempts before locking the user out ... And there's certainly no reason why any system should allow consecutive login failures at less than five-second intervals. Fix those two issues and you've pretty much protected yourself against all the computing power in the world.
The modern attacks, the really scary ones, the ones this story is about, don't work like that.

The crackers break into the system that stores the hashed passwords, and download all of them, millions at a time, to un-hash later on computers they completely control. Common sense front-end measures like limiting the login attempt rate (which is certainly a good idea) are bypassed. No incorrect login attempts are made. Computing power, password strength, and password uniqueness really are important factors in these cases, even with a login attempt limit or rate limit.
posted by Western Infidels at 7:11 AM on August 21, 2012 [10 favorites]


FWIW, KeePass can run off of a thumb drive.

My company disables the USB ports on our computers - to prevent data theft, I believe.

LastPass FTW.
posted by Egg Shen at 7:16 AM on August 21, 2012 [1 favorite]


Bill Cheswick of AT&T (who wrote *the* book on Firewalls back in the early 1990s), has an interesting talk along these lines on Rethinking Passwords.
posted by fings at 7:16 AM on August 21, 2012 [3 favorites]


Of course, for those of us who (ahem) occasionally surf at work a password keeper is a no-starter. There is no way I'm every going to see those allowed here.

I run KeePass on my phone and keep the database file in sync with my desktop. If there is something I really need to log into I just type the password in manually. I really wish there was a way to turn my phone into a HID device though so I could just have KeePass on my phone type the password for me.
posted by papercrane at 7:17 AM on August 21, 2012


Yeah, I'm not worried about IT snooping passwords...but we're not allowed to have thumb drives, or synch phones with Outlook, or install programs. I'm kind of serious about the notebook...as long as I didn't specify usernames or sites even if I lost it, I'd be somewhat secure, right?
posted by JoanArkham at 7:19 AM on August 21, 2012 [1 favorite]


Malware-based keyloggers are highly effective at lifting passwords no mater how complex they are, since the user is typing them right into the keylogger.

If you've managed to get a keylogger installed locally on your hardware, you're pretty much screwed. I keep myself safe from any kind of interception out on the web by using copy/paste for my usernames & passwords. No matter what they try "command+v" is never gonna get them into by bank's web page.
posted by Devils Rancher at 7:26 AM on August 21, 2012 [2 favorites]


Passwords are an anti-pattern. It's time to get rid of this stupid nonsense of us having increasingly impossible to manage password strings on every single piddly website we have an account on. A site like Metafilter should not be in the authentication business. It's time we moved to a delegated login system like OpenID, Facebook Connect, or Sign in with Twitter. There is no technical barrier to this kind of thing working, it's entirely a product and business problem.

This article is great. But it's mostly about one very specific attack, where the bad guys steal an encrypted / salted password file from a server and then crack the passwords. In the old old days this was a common attack on Unix systems because /etc/passwd was world readable. But we're a long way from that being a common attack vector. It's not entirely unknown; Blizzard just lost their password file last month. But it's not the threat I worry most about. (Also there's some protection for server storage: use bcrypt)

I'm much more worried about the threat of attacks across accounts. People reuse passwords all the time, whether it's a good idea or not, and once one site is compromised the others are too. And there are more complex attacks like what Mat Honan recently documented.
posted by Nelson at 7:29 AM on August 21, 2012 [3 favorites]


there is a chance you've logged into sensitive sites from machines not under your control, whether at work, a friend's house, or a public terminal somewhere.

It's probably worth avoiding this situation to the greatest extent possible.
posted by kengraham at 7:30 AM on August 21, 2012


Apple just bought a company with a security fingerprint reader that is nigh impossible to fool since it uses radio frequencies to scan the capacitive contours of living cells in the skin rather than the physical contours of surface texture. If they get these little readers in the phones and on the keyboards / trackpads, that would be a nice step forward in security at least in some areas.
posted by seanmpuckett at 7:30 AM on August 21, 2012 [2 favorites]


Even if your workplace won't allow you to install a password manager application or browser extension, even if you can't use thumb drives, even if you can't make local bookmarks, you can still use a simple JavaScript based password creator, such as the password generator bookmarklet (by MeFi's own).
posted by Western Infidels at 7:31 AM on August 21, 2012 [4 favorites]


Apple just bought a company with a security fingerprint reader that is nigh impossible to fool since it uses radio frequencies to scan the capacitive contours of living cells in the skin rather than the physical contours of surface texture. If they get these little readers in the phones and on the keyboards / trackpads, that would be a nice step forward in security at least in some areas.

That doesn't sound impossible to fool, just very hard. I wouldn't be surprised if a researcher defeated that by culturing living cells into the shape of the targets fingerprint. Still it is a huge step up from the jello mold hacks.
posted by papercrane at 7:35 AM on August 21, 2012


I really liked that idea where you just get rid of passwords and do every logon by requesting an email with a one-time link. Since your security is only as good as your email anyways, due to password resets, what's the diff? Only problem is when email is acting up.
posted by smackfu at 7:36 AM on August 21, 2012 [1 favorite]


M3taf1lt3r!
posted by cjorgensen at 7:42 AM on August 21, 2012


No matter what they try "command+v" is never gonna get them into by bank's web page.

Right, but any half-decent keylogger software can monitor the clipboard and take screenshots as well.
posted by whatnotever at 7:44 AM on August 21, 2012 [3 favorites]


If you've managed to get a keylogger installed locally on your hardware, you're pretty much screwed. I keep myself safe from any kind of interception out on the web by using copy/paste for my usernames & passwords. No matter what they try "command+v" is never gonna get them into by bank's web page.
If a keylogger is shimmed in, access to every copied/pasted string is a process injection away (especially in your browser). Sure, you're raising the bar a bit, but maybe not as much as you imagine.
posted by abulafa at 7:45 AM on August 21, 2012


Damn! what @whatnotever said.
posted by abulafa at 7:46 AM on August 21, 2012


But we're a long way from that being a common attack vector.

I don't know. I think this last year has seen reports of password-database leaks from a half-dozen Web services. I also think there's been leaks from two banking systems this year, and with Sony, Blizzard, and Steam reporting server-side data thefts, that's a fair chunk of gaming services.

Certainly malware and phishing are significant problems, but there have been enough service-side data breeches to convince me that it's something to worry about.
posted by CBrachyrhynchos at 7:46 AM on August 21, 2012 [2 favorites]


I swear I sleep better since I started using Gmail's 2-factor authentication option [...] I don't know why anyone with a cell phone wouldn't use this system.

I would use it, but I don't have my cell phone when I travel internationally. Is it easy enough to toggle on and off? But then if I forget to turn it off before traveling, I'm out of luck.
posted by whatnotever at 7:48 AM on August 21, 2012 [1 favorite]


I swear I sleep better since I started using Gmail's 2-factor authentication option; I wish every site could offer something like that.

Oh but they can! Even better, sites can just delegate to your secure Google 2-factor login. Google is an OpenID provider. Metafilter, for instance, could just have a button that says "log in with Google" and delegate the problem of proving who you are to Google's superior 2-factor system. Sites can also implement 2-factor themselves using the open Google Authenticator system, but then we're still left with all the piddly sites doing authentication and getting it wrong and oh the burning.

The problem is that it links your business to Google. Or my suggestions above, you're linked to Facebook or Twitter. That's a business problem, and also potentially a security problem if your chosen authentication provider breaks it. That's why OpenID is so complex; it allows anyone to be an authentication provider. Sadly, what that means is users are completely confused and so no one uses it. That's a solvable product design problem.

whatnotever: Google's 2-factor includes backup codes you can print and put in your wallet.
posted by Nelson at 7:49 AM on August 21, 2012 [4 favorites]


Actually, it is something I have to worry about because three of the services on which I had accounts have reported server-side data theft in the last year.
posted by CBrachyrhynchos at 7:52 AM on August 21, 2012 [1 favorite]


If you've managed to get a keylogger installed locally on your hardware, you're pretty much screwed. I keep myself safe from any kind of interception out on the web by using copy/paste for my usernames & passwords. No matter what they try "command+v" is never gonna get them into by bank's web page.

There is one of those security theater / black hole things. There is NOTHING stopping someone who has gained enough access to your computer to be able to install a keylogger from also being able to install a clipboard viewer or a screen capturer.
posted by gjc at 7:55 AM on August 21, 2012 [1 favorite]


You're right, I shouldn't dismiss the risk of password files being stolen and cracked. The Gawker leak was the first big one I remember, and the RockYou incident in this article is amazing. 32 million plaintext passwords! If all sites reliably used bcrypt the risk would be significantly lower. But stupid engineers keep rolling their own hashing algorithms or don't encrypt the passwords at all.

If we got rid of passwords entirely and moved to delegated authentication then my personal security wouldn't be dependent on every site I use being secure and/or me using unique passwords everywhere via some complex password agent software. Instead, we'd put all the risk in one basket, into the one authentication provider. At this point, I think that's a better bet. And I'd trust a company like Google, Facebook, or Twitter to engineer it correctly. There's still the business problem though.

Honestly, authentication provision is a perfect role for government. But I don't trust a government agency to implement it well, and I don't trust them not to also use it for political leverage.
posted by Nelson at 7:59 AM on August 21, 2012


I have an "eight characters and at least one capical" rule. I end up with passwords like this:

MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento
posted by DreamerFi at 8:00 AM on August 21, 2012 [11 favorites]


Perfect security isn't really an achievable goal, there will always be a balance struck between security and convenience.

I chose to pass on encryption for my home computer because data recovery, a light footprint, and stability were all huge priorities for me, and frankly there's a relatively small chance that anyone will try to gain unauthorized access to my hard drive anyway. If they do, they'll probably have other methods of coercion available to them anyhow.

Absurdly long, constantly changing, totally random passwords are a pain in the ass. Password lockers provide their own security/access/convenience issues.

I can't imagine a retina/finger print/whatever system that didn't have a backup password in case it failed to recognize you, or you needed to permit someone else access to the machine.

At the end of the day, we're always going to have to decide where we are and are not willing to accept risk, and how much of it. That's how security works.
posted by Stagger Lee at 8:13 AM on August 21, 2012 [2 favorites]


Whatnotever, it's a significant improvement, but if you hang out on ask.mefi for more than a day you will see an entire class of threads revolving around people who have lost their cellphone number (changed provider and didn't port, left the country, you name it) who now can't easily get into their Google account suite.

It's better, but not a panacea.
posted by scolbath at 8:17 AM on August 21, 2012 [3 favorites]


See, the thing is, nobody wants to hack my MetaFilter, Fitocracy, and Kingdom of Loathing accounts. We have to log in to so many things that a large number of them have very few consequences if they did get hacked.

I do the KXCD thing and have unique passwords for the things that would actually be significantly bad if they got hacked. I'm pretty sure no one has ever used BandarSeriBegawan7MichaelJordan92, for example. All I have to do is imagine Michael Jordan in Brunei in 1992, and I'm done.
posted by cmoj at 8:18 AM on August 21, 2012


I personally like the XOXCO concept of no-password logins linked earlier. Generate a single-session link for each login request, send it to the user's presumably secure e-mail. Since any site that works on the common password recovery model makes e-mail a point of failure anyway, make it the only point of failure, remove the potential for a password to be stolen from other sites, and accelerate the move toward multi-factor (phone, biometric, maybe others?) login on e-mail accounts to prevent password theft from compromising those "master" accounts.

And then unicorns will fly out of my butt.
posted by Holy Zarquon's Singing Fish at 8:20 AM on August 21, 2012 [2 favorites]


Holy Zarquon's Singing Fish, there are many times I need to log into something when I don't have access to my email.
posted by scolbath at 8:22 AM on August 21, 2012 [1 favorite]


There are objections being raised to Google's two-factor authentication which are not valid:

1) If you travel, or know you will not have your phone, you can generate and write down one-time passwords. In fact, you probably want to do this anyways, even with a phone, since a one-time password is a more secure way of using other computers.

2) You can designate a backup phone number. I set up my wife's mobile phone. Sure, its still possible we could both simultaneously change providers and forget about Google but unlikely.
posted by vacapinta at 8:23 AM on August 21, 2012 [2 favorites]


I would use it, but I don't have my cell phone when I travel internationally. Is it easy enough to toggle on and off?

No cell phone, or no service? Because there is an app you can run that replaces the SMS messages as the 2nd factor, that doesn't require cell service.
posted by smackfu at 8:25 AM on August 21, 2012 [2 favorites]


also in defence of google's 2-factor authentication, if you have a smartphone the authenticator app can live on that phone, eliminating the need for you to receive text messages to get into your account. it does not need a data connection to operate, meaning you can take your phone with you overseas and not have to worry about any roaming charges and still be able to get into your account. the risk that you may lose your phone or have it stolen and so can't get into your account can be mitigated by printing out in advance a few 'one time' passwords and keeping them separate from your phone at all times.

i was skeptical at first, but it really does seem like a solidly thought out authentication process by google.
posted by modernnomad at 8:27 AM on August 21, 2012 [1 favorite]


> And there's not a damn thing you can do with that.

... except wake you up in the middle of the night with the authentication texts, and soak your mobile bill. If we're really lucky, we can send you so many auth texts that you won't even be able to use the right one when it comes time to be asked.
posted by scruss at 8:30 AM on August 21, 2012 [1 favorite]


If they get these little readers in the phones and on the keyboards / trackpads, that would be a nice step forward in security at least in some areas.

How would fingerprints be any different than passwords? Yes, it's more difficult to get someone else's fingerprint, but in the end it's just data. As with passwords, a fingerprint scanner just works by comparing what it sees to a reference copy stored on some server somewhere. What's to stop someone from creating a crooked scanner that just feeds the system a high-quality scan of someone's fingerprint?

And what do you do if your fingerprint is somehow compromised? Grow a new one?
posted by RonButNotStupid at 8:31 AM on August 21, 2012 [2 favorites]


Is everyone collectively freaking out about this article? I suddenly can't login to Vimeo or my business bank account, both show "logins are temporarily down". Probably just coincidence, but I wonder if they were enacting any sort of security upgrades.
posted by mathowie at 8:33 AM on August 21, 2012 [1 favorite]


I recently had call to test the user passwords on a system, so I downloaded John the Ripper and found a collection of dictionaries and leaked passwords. Even where people had tried to be a little clever with capitalization and numbers, it quickly cracked a lot of short passwords.
posted by Zed at 8:33 AM on August 21, 2012


There is NOTHING stopping someone who has gained enough access to your computer to be able to install a keylogger from also being able to install a clipboard viewer or a screen capturer.

Good point, though a screen capture of my password is going to look like ••••••••
posted by Devils Rancher at 8:37 AM on August 21, 2012


Good point, though a screen capture of my password is going to look like ••••••••

funny, I have the same thing, look: hunter2
posted by DreamerFi at 8:46 AM on August 21, 2012 [5 favorites]


I'm just a regular old web programmer, but I'm curious if the following procedure would make password hashing less GPU-friendly:

(not reproducing the procedure here so it's less likely to show up on google)

STOP THIS.

If you are just a regular old web programmer, you are not a cryptography expert. That means don't roll your own crypto.

People smarter than you wrote bcrypt and scrypt to make key derivation take longer to thwartslow down brute force attacks. Interleaving them like this probably won't make them better, and might expose some bizarre interaction between the algorithms that would actually weaken your hash.
posted by spitefulcrow at 8:49 AM on August 21, 2012 [15 favorites]


"$eCur!ty" is just a couple hops away from "security", as far as brute force knows. Similarly, people scoff at multi-word passwords because they are so easy for us to remember, and because they think the hacker will be able to know when they have gotten the first word right. It's not like cracking a TV safe- they can't hear the tumblers drop.

I'd be grateful if one of the computer/security savvy people in this thread could answer a question for me. If the above is correct, why is it that we are routinely told not to have repeated elements in our passwords? I mean, why is "horsey ducky moocow boat" more secure as a password than "horsey gorsey porsey worsey"? Because the only thing that would, to my uneducated eye, seem to make the latter less secure is if they can "get" the first part of the password (just like hearing a tumbler drop) and use it to model their guesses at the remaining parts of the password.
posted by yoink at 8:55 AM on August 21, 2012


We're supposed to change our passwords every month at work. No one bothers. The very few people who DO bother write out their new password on a post-it and stick it to their monitor. Sigh.
posted by elizardbits at 8:56 AM on August 21, 2012


Thanks for the shoutout, WesternInfidel. New users of my password generator should use this URL instead, or should use one of the more elaborate implementations of my idea that other people have done.
posted by nicwolff at 9:01 AM on August 21, 2012


If you are just a regular old web programmer, you are not a cryptography expert.

Right. Hence the question. I didn't say "I'm doing this right now, watch how cool I am"; I asked whether there would be any benefit. I suppose you can only infer my intentions from your mental model of other programmers, so it's reasonable that you might expect that I'm just going to start putting this in production without finding out whether it's actually okay.

It seems like introducing data dependencies and branches in the manner of my pseudocode snippet would reduce the suitability of gpu implementation. If you have specific insights to offer about that approach I'd love to hear them.
posted by a snickering nuthatch at 9:03 AM on August 21, 2012


FWIW, Google has released a PAM module for their two-factor auth product; this would allow you to use google's two-factor authentication for SSH logins.
posted by jenkinsEar at 9:05 AM on August 21, 2012 [1 favorite]


We're supposed to change our passwords every month at work. No one bothers. The very few people who DO bother write out their new password on a post-it and stick it to their monitor. Sigh.

The chances of the cleaning crew also being interested in breaking into your computer system are actually pretty low. I think the insistence that you must NEVER write down your password is based on a rather poor risk analysis (which is not to say that a post-it on the screen is a *good* idea). How many cases of someone's account being hacked do we ever read about that were the result of the physical theft of a written password? I'm sure it has happened, but it's clearly not a major threat. Overall, I'd say that someone who uses the same password on all their sites and never writes a password down is far more vulnerable than someone who uses a slew of unique and robust passwords that they carry around with them on a sheet of paper in their wallet.
posted by yoink at 9:05 AM on August 21, 2012 [1 favorite]


modernnomad: also in defence of google's 2-factor authentication, if you have a smartphone the authenticator app can live on that phone, eliminating the need for you to receive text messages to get into your account.

In which case, if someone steals your mobile phone your 2-factor authentication becomes 1-factor, since it can all be done with one device. Hmm.
posted by moonbiter at 9:16 AM on August 21, 2012 [2 favorites]


Wow, there are so many people in this thread who missed the point completely. If you're still thinking that your password generation system works, think again -- the whole point of the article is that if you have a system, that system makes you weaker, no matter how clever you believe it to be.

The article tells you, at length, that hackers are figuring out password-creation systems. There's such a huge number of real passwords, which they can analyze for patterns, that they can see things like 'words intermingled', and then TRY that, with every password store, and with every word they've ever seen used in a password.

Using the raw numbers from the article, intermingling every word in the common dictionaries would result in about 750 million passwords -- which, on those specialized password-cracking boxes, they can run in under one second. One second, and your security edifice, the one you put so much thought into, is blown into beach. Just because it looks difficult doesn't mean it is difficult.

There are hundreds of millions of passwords in the wild, now, from millions of people, just like you. The chance that your specific generation method is somehow unique, or special, or unlike anything that's ever been seen before, very closely approaches zero. Remember the old Mefi thing about not being a special snowflake? Well, your password generation system isn't a special snowflake either. Whatever you're using, someone else is using either that exact thing, or something that's pretty close. If the crackers figure out the pattern, they will add it to the automated engines, and hammer on it billions of times a second. And humans are good at finding patterns. It's probably our greatest talent.

The upshot that you should have come away with, from all this brouhaha, is not that you need longer passwords, it's that you need random ones. The true defense to pattern matching is not to have a pattern.

The one system I've seen mentioned so far that seems like it would work is the random string of characters you have in your head, pre- or post-pended to a unique per-site password. This is actually a lot like salt -- in essence, you're salting your own passwords, instead of letting them do it for you.

But the individual pieces still need to be random, and if your salt gets out, the rest of the password needs to be strong enough to stand on its own.
posted by Malor at 9:22 AM on August 21, 2012 [8 favorites]


In which case, if someone steals your mobile phone your 2-factor authentication becomes 1-factor, since it can all be done with one device. Hmm.

Yeah, but that's no different than someone stealing your phone and accessing your email through it anyway, assuming it has no passcode on it.

Regardless of whether you use 2-factor authentication or not, anyone with a brain who accesses their email through a smartphone would change their email password as soon as they realize their phone has been stolen.

Your argument is an argument against accessing one's email through easily lose-able/steal-able devices, not against 2-factor authentication.
posted by modernnomad at 9:26 AM on August 21, 2012 [1 favorite]


Sorry, not JUST that you need longer passwords. You need those too, but that's not enough. They're talking about decrypting 16-character passwords with these advanced attacks.

Length is strong against a dumb brute force algorithm, but these guys don't use those anymore. And their algorithms will only get better.
posted by Malor at 9:26 AM on August 21, 2012


For an extra layer of security, at least if you are using KeePass:

Use the cut & paste method in KeePass to enter your id and password. No keystrokes for a logger to copy.
posted by Benny Andajetz at 9:26 AM on August 21, 2012


Keyloggers can, generally, copy the contents of your clipboard.
posted by muddgirl at 9:28 AM on August 21, 2012 [2 favorites]


why is it that we are routinely told not to have repeated elements in our passwords?

There's no technical/cryptographic reason not to have repeated elements. The most likely reason is that someone doesn't know what they're talking about. The other possible reason would be that password crackers might be guessing that you have repeated elements, and therefore checking passwords with repeated elements before passwords without.

This is basically a subset of the general problem in the article (which Malor just restated): you simply can't reliably make up passwords that are hard to guess, because you have no idea what patterns crop up when millions of people make up passwords they think are hard to guess. The only reliable way is to have a computer generate something random.

It seems like introducing data dependencies and branches in the manner of my pseudocode snippet would reduce the suitability of gpu implementation. If you have specific insights to offer about that approach I'd love to hear them.

(As one lowly web programmer to another ...) Scrypt is designed to give you arbitrary control over the memory and processing requirements of the hashing algorithm. Your pseudocode would actually read something like scrypt(take_this_much_memory, and_this_much_time). So from the perspective of using more memory and more processing power, anything you introduce outside of scrypt is at best needless complexity. You probably know that.

But what I think you're proposing is to add a third kind of resource exhaustion -- to make the amount of code required to run the algorithm larger, so it's harder to "fit" in the GPU. I'd be interested in that question too -- is there another resource that can be limited here to make hashing algorithms less parallelizable?

Even if there is, I don't think you'd want to do it in a hackish way -- I think you'd want the mathematicians behind scrypt to introduce code-complexity as another variable, with some proof that it's secure. And it would probably turn out that reducing cracking speed by another factor of 100 or whatever is pointless compared to what scrypt already achieves. But still, neat question.
posted by jhc at 9:29 AM on August 21, 2012 [1 favorite]


modernnomad: Your argument is an argument against accessing one's email through easily lose-able/steal-able devices, not against 2-factor authentication.

True, but the arguments are related, given the ubiquity of the use of smart phones for just this purpose.
posted by moonbiter at 9:30 AM on August 21, 2012


Keyloggers can, generally, copy the contents of your clipboard.

KeePass automatically runs in encrypted mode and only gives you five seconds to copy and paste before wiping the clipboard.
posted by Benny Andajetz at 9:31 AM on August 21, 2012


But what I think you're proposing is to add a third kind of resource exhaustion -- to make the amount of code required to run the algorithm larger, so it's harder to "fit" in the GPU.

Essentially, yes. GPU execution units are limited in certain ways that CPUs aren't, although it's probably the case that those limitations are not as severe as my probably-outdated mental model of them is.
posted by a snickering nuthatch at 9:32 AM on August 21, 2012 [1 favorite]


For example, if it were the case that hashing functions could be composed without introducing further vulnerabilities, the password could be used to generate an expression tree where every node is a concatenation or a hash function applications. Generating and executing expression trees of varying topologies sounds like it is something a GPU would be ill-suited to doing.
posted by a snickering nuthatch at 9:36 AM on August 21, 2012


I don't understand what 'runs in encrypted mode' means when we're talking about a clipboard, but my understanding of malicious keyloggers is that they would detect the copy command and monitor the clipboard automatically. One way to get around this might be to make the stored password longer and then highlight-delete certain positions after pasting, but then you could just use the autofill and do the same thing.
posted by muddgirl at 9:39 AM on August 21, 2012


Ept?
posted by empath at 9:40 AM on August 21, 2012


From KeePass:

While KeePass is running, sensitive data (like the hash of the master key and entry passwords) is stored encrypted in process memory.

This means that even if you would dump the KeePass process memory to disk, you couldn't find the passwords.

For example, when you are copying a password to the clipboard, KeePass first decrypts the password field, copies it to the clipboard and immediately re-encrypts it using the random key.

Additionally, KeePass erases all security-critical memory when it's not needed anymore, i.e. it overwrites these memory areas before releasing them (this applies to all security-critical memory, not only the password fields).

KeePass ≥ 1.15 and 2.x use the Windows DPAPI for in-memory encrypting the sensitive data. With DPAPI, the key for in-memory encryption is stored in a secure, non-swappable memory area managed by Windows. If DPAPI is not available or disabled (advanced KeePass options, by default using DPAPI is enabled), KeePass uses the ARC4 encryption algorithm with a random key. Note that this is less secure than DPAPI, mainly not because ARC4 cryptographically isn't that strong, but because the key for in-memory encryption is also stored in swappable process memory.
posted by Benny Andajetz at 9:40 AM on August 21, 2012 [1 favorite]


That means that the internal copy that KeePass has of your password is encrypted. The copy in the clipboard is not; otherwise, when you pasted, you would be pasting an encrypted password and not your password.
posted by a snickering nuthatch at 9:43 AM on August 21, 2012 [2 favorites]


Ah, so it has nothing to do with the clipboard itself, but rather process memory.

Look, the safest thing to do is to not use high-security sites on computers that you can't control. I don't log in to gmail from any computer I can't perform several virus scans on.
posted by muddgirl at 9:44 AM on August 21, 2012


BUT EVEN THEN, the weakest part of modern security systems seems to be the companies themselves, not the users.
posted by muddgirl at 9:44 AM on August 21, 2012


One other weak point with passwords: mobile devices. My iTunes password is weaker than I'd like because I have to type it all the time on a tiny iPhone keyboard. And while my phone itself is reasonably secure in my pocket, that same password works anywhere on the Internet. As Mat Honan has demonstrated, your iTunes password can be the keys to your entire digital identity.

I've yet to see any good system for me authenticating myself through my phone. LastPass is awful on iOS, mostly because there are no plugin APIs it can hook.
posted by Nelson at 9:45 AM on August 21, 2012 [6 favorites]


So, at the point where I need to have unique 16+ character randomly generated passwords, which it's absurd to expect a person to remember more than 2 or 3 of, let alone for the 100+ sites I have passwords for, why are we even using passwords at all? The system is clearly broken and shoving ever-increasing complexity onto users (an already weak answer to the problem) is not a long-term solution, not when it'll be 32 character passwords in a few years and, what, 100 characters in 10 years? Even if some people can manage now, usually through LastPass/KeePass/something similar, I think expecting everyone on the Internet to use a standalone password tracker is a little ridiculous and also substitutes one life-encompassing weakness for 100 weaknesses of variable seriousness.

Passwords aren't really working now and they aren't going to work at all in the future. What's the next step? 2-factor authentication for everything? Finger/retina scans? I have no idea, but I assume someone else is working on this, because we're at the point where just telling people to have longer, more random passwords isn't going to be useful much longer.

On preview: One other weak point with passwords: mobile devices.

Oh, good god, yes. There is no way I'm ever going to regularly type in a 16 character, multiple character set password into a mobile interface because it's a pain in the ass to type anything on most of them, let alone something where I have to switch back and forth between the numbers/symbols and the letters.
posted by Copronymus at 9:50 AM on August 21, 2012 [2 favorites]


I swear I sleep better since I started using Gmail's 2-factor authentication option [...] I don't know why anyone with a cell phone wouldn't use this system.

Because it's overkill for my needs. I think one of the common security discussion mistakes is not assessing the actual risk. For how I use my gmail/google account the repercussions of penetration is low. 2-factor on it is a deadbolt lock on a closet I store my winter hats in.

The fact that my password system is not going to withstand a significant attack or host compromise is a big "so what" for 99% of the systems I have usernames & passwords on. The Mat Honan thing certainly demonstrates that it's not always possible to identify the real extent of risks but I am pretty confident that getting into my stubhub account isn't going to result in some cascade of disaster.
posted by phearlez at 9:52 AM on August 21, 2012 [1 favorite]


That means that the internal copy that KeePass has of your password is encrypted. The copy in the clipboard is not; otherwise, when you pasted, you would be pasting an encrypted password and not your password.

OK. Gotcha.

There is a setting in KeePass that supposedly only allows ONE copy and paste. I don't know how that works, but they say it's specifically to thwart clipboard spies. Possible?
posted by Benny Andajetz at 9:53 AM on August 21, 2012


Or could the PASTE function be run back through KeePass to decrypt on the fly?
posted by Benny Andajetz at 9:56 AM on August 21, 2012


Something else I just noticed (after using KeePass for years) is that you can drag & drop your info instead of copy & paste. Safer?
posted by Benny Andajetz at 10:01 AM on August 21, 2012


Or could the PASTE function be run back through KeePass to decrypt on the fly?

I believe that is highly unlikely. I think that the only time when one program gets to tell another program how to interpret the clipboard is in OLE scenarios, but even imagining it did decrypt it on the fly, that's not enough to prevent a keylogger from screwing KeePass users.

Running with this hypothetical- once you copy your KeePass password, the keylogger pastes into its own buffer; if KeePass were decrypting clipboards for your browser, how is it going to know that it shouldn't do so for the keylogger? Then the keylogger can copy its plaintext version of the password to the clipboard, cutting KeePass out of the loop in case KeePass was trying to make sure the password was only copied once. You then give your browser focus and press "paste" and you get your plaintext password, none the wiser.
posted by a snickering nuthatch at 10:05 AM on August 21, 2012


All this talk about the terrible omniscience of keyloggers (which I'm entirely happy to believe) also, presumably, is proof that they're pretty rare. Otherwise we would all have had our accounts hacked multiple times. No? I mean--if it was easy to infect large numbers of machines out there with these keyloggers, why would anyone with a paypal account not have already had it drained?
posted by yoink at 10:10 AM on August 21, 2012 [1 favorite]


My 2-factor key to success is not having any money in my bank account for anyone to steal. Joke's on them!
posted by Devils Rancher at 10:16 AM on August 21, 2012 [5 favorites]




Something else I just noticed (after using KeePass for years) is that you can drag & drop your info instead of copy & paste. Safer?
posted by Benny Andajetz at 10:01 AM on August 21 [+] [!]


Technically it's the same thing.
posted by Stagger Lee at 10:20 AM on August 21, 2012 [2 favorites]


Thanks for that comment, Malor - glad to see someone else reading the article and putting together the pieces rather than do the knee-jerk "but I create my password this way, so it's secure!" thing. The mind-boggling amount of processing cores on GPUs is one thing, but it's the growing lists of exposed passwords (and the innovative ways of getting metadata from them and combining them) that really allow crackers to fine-tune attacks using those cool new features of John the Ripper and Hashcat.

Also, I'd like to join the chorus of support for one-way hash functions like bcrypt, which is actually not even supported by Hashcat (the tool which is the main focus of the article). JtR (another cracking tool) cannot fully take advantage of the many GPU cores in order to crack these either. Obviously it's impossible to force every site on the planet to store passwords properly, but that's just one more reason to make sure your passwords on each site you visit are unique.

Speaking of which, will the mods blink once if we're using bcrypt to store passwords here at MeFi, and blink twice if we're using anything else?
posted by antonymous at 10:26 AM on August 21, 2012 [2 favorites]


2-factor on it is a deadbolt lock on a closet I store my winter hats in.

This!

For almost all the sites on the net that i have passwords for i use the same relatively secure 10 character password and username / email. It's complex enough that its not going to be on any lists and yet its reasonable to type from my blackberry or iPad. But here is the important part... I don't use that password or username or email outside of my i dont care part of the net. This includes sites ive logged into once but required a login for some obscure reason, newspaper websites, communities i dont really care about and such. How wide that section is depends on you.

This frees you up to pay attention to the rest of your online presence.
posted by cirhosis at 10:33 AM on August 21, 2012 [1 favorite]


Eight-sided dice yield three bits each. Roll a few fistfuls of these for a giant octal number, then feed the bytes into base64.

dd if=/dev/urandom | base64 works too if you trust computer RNGs.
posted by whuppy at 10:37 AM on August 21, 2012


In all my years on the internet I have only ever once been 'hacked'.

Someone from China accessed my main gmail account This was probably six months to a year ago.

I still to this day don't know how they got my extremely random password. Maybe I clicked a link from an email I shouldn't have. Maybe their program guessed it. Maybe they swiped passwords from the Gmail server (likely, since it was the time that many, many Gmail accounts were accessed from China). It wasn't a keylogger or any program on my machine, for sure.

But, other than that I've not ever had to use any sort of masterpass program, and never had any trouble.
posted by Malice at 10:42 AM on August 21, 2012


So, how big a deal is it for someone who gets hold of your phone to crack that 4 digit PIN they often let you use to lock it? I'm going to guess "not very".
posted by adamdschneider at 10:43 AM on August 21, 2012 [1 favorite]


Yes yes yes. I looked into this a lot after the Gawker breach, when I was stung to discover that my super-awesome, extremely long, and supposedly uncrackable password was now available free for the taking at Pirate Bay.

I came to two conclusions, which have been borne out by articles and analysiseses like this since:

1. If you want your stuff to remain secure, you have to use a different password for every single login. It has to be truly random. Give up the idea of ever being able to remember it.

Basically you have two options:
A. Randomly generate passwords (e.g. using a tool like random.org) and keep them written down in a notebook that never leaves your side.

B. Use software like KeePass.
2. In the long term, we're probably all going to have to go to something like an RSA keyfob system, because this shit be crazy.

I bet 20 years from now we're all going to look back at this time and laugh. "Remember when we spent hours debating how to make passwords, and we actually had separate software programs just to manage them all?"
posted by ErikaB at 10:46 AM on August 21, 2012 [3 favorites]


So, how big a deal is it for someone who gets hold of your phone to crack that 4 digit PIN they often let you use to lock it? I'm going to guess "not very".

1 chance in 100, if you set it to auto erase after ten tries.
posted by ChurchHatesTucker at 10:47 AM on August 21, 2012


Malice: But, other than that I've not ever had to use any sort of masterpass program, and never had any trouble.

I had a burglar break into my house once...but I've moved since then, so I'm golden, right?
posted by Greg_Ace at 10:48 AM on August 21, 2012


if you set it to auto erase after ten tries.

Hmm, I don't think my phone even has this option.
posted by adamdschneider at 11:03 AM on August 21, 2012


Theora55 got hacked on gawker, I got a dropbox account just before they had a big security outage, see also: Zappos, LinkedIn. I don't have much faith that online accounts are secure. I'm more concerned about hackers getting my credit card info from a poorly secured/managed site than my userid and password for that site.

If you hack my NYTimes.com login, I won't lose any sleep, so it still uses a weak password, the same one used on any site where I don't care about the identity.

I'd much rather you didn't log in to Metafilter as me. It would be unpleasant, but not ruinous, as the mods would likely help me recover if somebody logged in as me and misbehaved. I am not a member of the nonexistent cabal, so have no rights beyond those of membership. So, unique password, but not ridiculously long or difficult to type. Key security issue: I have met Jessamyn & cortex, and have been reading MeFi for a long time, so I personally trust Metafilter, LLC.

Bank, credit card, Paypal, amazon, etc. I use the longest password I'm able to for any given site. Best Childhood Dog ever = George. gE^%)orgE2248&&3. "^%)" "8&&3" and "224" are not random. It's a password that I can type, and I can write down mildly obscured hints in a notebook that will allow me to recall it. Super-secure? No. I'm seriously considering taking my bank account offline, as the bank's (lack of) security worries me much more than my password strength. Keyloggers worry me some; I run a/v software that looks for malware.

My employer strong-armed me into participating in a health improvement deal, and some of my health information is online. I don't trust the 3rd-party vendor at all, and I'm pissed that my employer is not more cautious.

I think it's far more important for consumers to put pressure on sites to be really secure than to go all out to have super-secure passwords. Your bank wants you to think it's your responsibility to have a secure-ish password, but it is their responsibility to let you have a long password that uses case sensitivity, numbers and non-alpha-numeric characters including upper ascii. And it's their job to take care of your data.

Honan got hacked using social engineering. My friend's personal data was on a hard drive swiped from somebody's car. I work in IT. It's my job to verify the hell out of you before I reset your password, to advise you properly on how to set up secure questions and a decent password. It's our job to have a system that lets you be reasonably secure and doesn't let you use P@sswd. It's our job to wipe every hard drive that leaves our hands (dban, eraser), including copiers. It's our job to encrypt the hard drive on any portable device.

Parts of my IT shop do pretty well; parts don't. Instead of moaning & griping about the password requirements, think about how it feels to have your personal data exposed, to have the kid down the street get into your home network and laptop hard drive because you couldn't be bothered to care about security. That kid probably just wants your music, or is bored, but it could just as easily be a credit card thief in France. Your individual data matters, and you should be yelling at the people who have your data to be protecting it one hell of a lot better.
posted by theora55 at 11:12 AM on August 21, 2012 [2 favorites]


How secure is this method: have random.org generate a bevy of passwords with random.org. Choose some of them to assign to various websites (each getting a unique one). Write those down somewhere. Then generate a few 5 character strings. Choose one. Memorize it. Append it to each of your written down passwords. Secure?
posted by adamdschneider at 11:51 AM on August 21, 2012


It's as secure as buying the biggest beefiest lock the make, welding a little more steel to the shackle and using it to lock, uh, something. If the something is made of newsprint origami no lock in the world is going to secure it.
posted by Kid Charlemagne at 11:54 AM on August 21, 2012


I had a burglar break into my house once...but I've moved since then, so I'm golden, right?

That makes no sense in this context.

Still using the same email account, and if it was a house, it would be like a burglar getting a key from the mortgage company, not me.
posted by Malice at 11:56 AM on August 21, 2012


It's as secure as buying the biggest beefiest lock the make, welding a little more steel to the shackle and using it to lock, uh, something. If the something is made of newsprint origami no lock in the world is going to secure it.

What? No it isn't, it's much more secure than that. In fact, it's as secure as the randomly generated passcodes are, plus five digits of work more secure. It's pretty fucking secure. Someone would first have to find your little notebook and copy down your passwords, and then they would have to figure out that you've decided to append a five-digit code, that only you know because you've memorized it and not written it down someplace. In all likelihood, if someone found your little notebook, and the passcodes did not work, they would simply assume they had been changed.

That's quite a good idea.
posted by OmieWise at 12:05 PM on August 21, 2012


Malice - It may have been a glib comment, but it makes no less sense than your assumption of safety. Just because you've only been hacked once so far doesn't diminish your chance of getting hacked again.
posted by Greg_Ace at 12:08 PM on August 21, 2012


Oh, wait, I think I got lost in your analogy. If what you're saying is that the password is insecure if it is stored server-side insecurely, then you're right. But the method seems to suggest different passwords for different sites.
posted by OmieWise at 12:11 PM on August 21, 2012


It does, but your access to each individual site is still down to that site's security procedures.
posted by Holy Zarquon's Singing Fish at 12:22 PM on August 21, 2012


The whole "paste your passwords from the clipboard" thing is security theater. Once someone has infiltrated a machine well enough to intercept keypresses, they can trivially call Window's AddClipboardFormatListener. The "keylogger" will be instantly messaged when the clipboard content changes, and they can immediately sniff it. Or they can hook the clipboard handlers itself, etc. Once you've been rooted, there is no safe operation.
posted by introp at 12:23 PM on August 21, 2012 [1 favorite]


That means that the internal copy that KeePass has of your password is encrypted. The copy in the clipboard is not; otherwise, when you pasted, you would be pasting an encrypted password and not your password.

On Windows it's possible for a program to take ownership of the clipboard and declare what formats it's willing to provide (e.g. text, images) but not place the data there, only "rendering" it when another program later requests the data (to perform a paste, for example). So this ought to be possible:
  1. User clicks on password in password manager.
  2. Password manager puts a promise to provide text on the clipboard, but doesn't actually put the text there yet.
  3. User pastes in another program.
  4. That program requests text from the clipboard.
  5. Password manager finally provides text, just in time.
  6. Program pastes text.
  7. Password manager clears the clipboard
It would be nice if step 7 could happen instantaneously so there's no time window where a keylogger can grab the password too, but I don't think the clipboard-owner program gets a second notification when pasting is complete, so it would simply have to wait 20ms or something. (Or, better, render the text, start polling the clipboard until the pasting program releases it, then immediately grab and clear it.)

This doesn't actually solve the problem, though, it just helps make it apparent that something fishy is going on. If you had a keylogger on your system, I imagine it would periodically check to see what's on the clipboard. If this happened before your legitimate paste, you'd find that the clipboard was mysteriously empty. The damage has probably been done at this point, though, depending on how promptly the keylogger phones home.

<disclaim>I work at Microsoft, but not on Windows or clipboards or security, and what's more I haven't played with the clipboard in a long time—it may have changed.</disclaim>
posted by The Tensor at 12:31 PM on August 21, 2012 [2 favorites]


I would use it, but I don't have my cell phone when I travel internationally. Is it easy enough to toggle on and off? But then if I forget to turn it off before traveling, I'm out of luck.

You can print off a list of single-use offline codes, to use in case your cellphone isn't handy, or gets lost/stolen/broken. And you can use text messages to another phone, not necessarily a smartphone, once you have authenticated it as yours.

If your phone gets stolen, it is of course imperative that you immediately de-authenticate it, so that the thief can't use it to get into your account.

Sidenote: I suspect that in the not-too-distant future, it will become common knowledge that nobody steals a cellphone for the device itself (since they will be cheap to the point of disposability), but rather for the data on them, and the opportunities for identity theft that they provide. Remote-wiping a device the second you even suspect that it has left your control will probably be de rigueur.

But, other than that I've not ever had to use any sort of masterpass program, and never had any trouble.

Yet. You haven't had any trouble yet. But the fact that you haven't had trouble doesn't mean much, any more than not having locks on your house and not having been burglarized means that door locks aren't important.

There are alternatives to master-password programs -- generating them randomly using a bunch of dice and a wordlist works just fine, if you do it right, and then keep them written down at home -- but they are equally or more inconvenient for most people to use, so as a general recommendation those programs seem to be the best thing going. But they are definitely a hacky solution to a problem that should really be solved by not using passwords as widely at all.
posted by Kadin2048 at 12:33 PM on August 21, 2012


ChurchHatesTucker (quoting adamdschneider): "So, how big a deal is it for someone who gets hold of your phone to crack that 4 digit PIN they often let you use to lock it? I'm going to guess 'not very'"

1 chance in 100, if you set it to auto erase after ten tries.

I'm uncertain but I don't think so. The four digit PIN is found on average once in 10^4 tries, right? So a 1 in 10,000 chance per attempt. I'm not sure how the probability works out for ten attempts (hypergeometric distribution?), but a 1 chance in 100 seems way off.
posted by exogenous at 12:34 PM on August 21, 2012


It does, but your access to each individual site is still down to that site's security procedures.

Yeah, but there is literally nothing a user can do about that, so I tend not to worry about it. I don't save my credit card information on sites when I buy things, though I have wondered how much protection that really affords me.
posted by adamdschneider at 12:34 PM on August 21, 2012


If you had a keylogger on your system, I imagine it would periodically check to see what's on the clipboard. If this happened before your legitimate paste, you'd find that the clipboard was mysteriously empty.

Why wouldn't the keylogger, after getting lucky in the window of opportunity and grabbing the contents of the clipboard, just take ownership of the clipboard* and copy what it grabbed back in? Then no one would know that it had intercepted the password.

*I assume here that if KeePass can say to the OS "hey I own the clipboard now" then keyloggers can do the same.
posted by a snickering nuthatch at 12:58 PM on August 21, 2012


Why wouldn't the keylogger, after getting lucky in the window of opportunity and grabbing the contents of the clipboard, just take ownership of the clipboard* and copy what it grabbed back in? Then no one would know that it had intercepted the password.

It could absolutely do that. Let's see, to avoid this we could have the password manager program pop up a dialog when it's asked to render a password to the clipboard and require the user to type in the master password before it will do so. That way the user will know if a keylogger is intercepting the clipboard.

Yeah, that's just about the most annoying feature I can think of. Ship it!
posted by The Tensor at 1:12 PM on August 21, 2012


Can we incorporate some kind of animated mascot?
posted by Holy Zarquon's Singing Fish at 1:15 PM on August 21, 2012 [1 favorite]


An animated mascot associated with clipboard operations? Sounds great! How about we base the character design on a piece of office equipment that everyone is familiar with?
posted by The Tensor at 1:30 PM on August 21, 2012


Seeing as this is crypto, I was thinking more of an anthropomorphic paper shredder.
posted by Holy Zarquon's Singing Fish at 1:33 PM on August 21, 2012


No no, then old people will get freaked out and think their computer has gained sentience and is trying to eat their data. It needs to be a non-threatening thing that has existed since we had the ability to bend metal to our bidding, a staple, perhaps.
posted by Geektox at 1:39 PM on August 21, 2012


"I see you are trying to log in so that you can leave a comment on IO9. Would you like some help?"
posted by ErikaB at 2:34 PM on August 21, 2012


adamdschneider: Write those down somewhere. Then generate a few 5 character strings. Choose one. Memorize it. Append it to each of your written down passwords. Secure?

In essence, by doing this, you're salting your own passwords, making them that much more difficult to guess. But if you ever repeat one of your 5-character strings, and two of your passwords are ever decrypted, then the special sauce becomes known. That means the written-down part of the password needs to be strong enough to stand on its own.

If your piece of paper or text file ever falls into enemy hands, then the part of the password that's in your head becomes the sole remaining security method you have. Making sure it's also a strong password will give you a great deal more time to detect the breach and change your passwords. Five characters is enough to be salt, but it's not enough to be a standalone password, so it would be of very limited use if you lose control of your keystore. The ideal solution would probably be an 8-digit passcode in your head, and another 8-digit code for each site. 10 each would be far stronger, if you could manage it.

The most important thing: both pieces of the password need to be random, not generated with any kind of mnemonic system.
posted by Malor at 2:35 PM on August 21, 2012


In essence, by doing this, you're salting your own passwords, making them that much more difficult to guess. But if you ever repeat one of your 5-character strings, and two of your passwords are ever decrypted, then the special sauce becomes known. That means the written-down part of the password needs to be strong enough to stand on its own.

This I get, although I sort of think I have bigger problems if I ever get into a situation where two of my critical passwords have been compromised.

Five characters is enough to be salt, but it's not enough to be a standalone password, so it would be of very limited use if you lose control of your keystore.

Doesn't this presume that not only have the bad guys stolen my keystore, they also have access to a hash of my password(s)? That seems very unlikely. If this happens, I think I again have pretty big problems.

Are ten character passwords (the two halves of my 20-character full passwords) really good enough to "stand on their own"?
posted by adamdschneider at 6:55 PM on August 21, 2012


If anyone ever logs me off Metafilter, I'm screwed because I don't remember my password. On the other hand, I'm immune to keyloggers. So I got that goin' for me, which is nice.
posted by JackFlash at 8:48 PM on August 21, 2012


adamdschneider: This I get, although I sort of think I have bigger problems if I ever get into a situation where two of my critical passwords have been compromised.

Look at all the big sites that are going down, with more falling on a regular basis. It's obviously pretty unlikely to lose two, but it's also unlikely to be hit by lightning or to be bitten by a shark.

Doesn't this presume that not only have the bad guys stolen my keystore, they also have access to a hash of my password(s)? That seems very unlikely. If this happens, I think I again have pretty big problems.

Well, it presumes that they made off with the plaintext versions of all your passwords. They have just part of the password, but it's not encrypted, and they know what site it's for. They might actually be able to brute-force that password ONLINE, directly with the provider, if they went slow enough and used enough computers. This is dependent on on whether a given provider is smart enough to lock your account after enough failed login attempts. Many of them are not.

If the cracker also gets access to an offline password database, one which contains a password you used, they'll be able to crack a five-character secret-sauce prefix in seconds, and will immediately have every other password you use. If the secret part is at least 8 characters long, and if it's really random, that's big enough to stop them for at least a couple of weeks, giving you some time to detect and respond to a local breach. Remember, what's going to happen, if the cracker gets your plaintext password fragments, is that those fragments will be seeded into the global databases, and tried against every major password breach. If your secret prefix is too short, they're likely to find it quite quickly. These guys are cooperating, they're not just working alone anymore.

Ten-character passwords, if they're truly random, and especially if they have some punctuation in them, should still be immune from brute-force attacks for the foreseeable future (unless someone gets very, very lucky, at any rate.) It would take many years of cracking to get just one password. Long passwords like this are very vulnerable to pattern analysis, but random generation should prevent that whole class of attack from working.

You're defeating smart crack programs by being random, and you're defeating brute force by being long.

It's worth mentioning the story about how some American codes, in WW2, were partially cracked because a sweet little old lady, assigned to pulling out random golf balls with digits on them to generate random numbers, would discard sequences that didn't look random enough. She thought she was helping, by making the keys she was generating more random, but in actual fact she was putting a pattern into the encryption keys that the enemy was able to detect, and thus partially decrypt some of our transmissions.

The idea that cryptanalysis of this class would ever be aimed at a civilian was laughable up until recently, but the advent of global computer networks and global hacker networks means that enormous brain- and computer-power can be brought to bear on your specific passwords. Even in aggregate, it's not going to be like Alan Turing attacking you personally, but raw computer power can make up for a serious brainpower deficit.
posted by Malor at 10:59 PM on August 21, 2012


exogenous The four digit PIN is found on average once in 10^4 tries, right? Not that it matters much for large numbers, but isn't a 4 digit PIN always found in 10^4 attempts? Some might be found earlier and so the average is .5*10^4
posted by epo at 3:04 AM on August 22, 2012


True war story: I had some cheap web hosting a a couple of years ago. the site got hacked, or rather the web host got hacked through a (recently published) flaw in an open-source control panel they were using. The hackers bulk erased all the sites, the web host had no backup, (cheap is good, right?).

This is like having strong locks on the front door but having people break into the cellar, start a fire and burn the house down.

The point? Regardless of password security there are ways in which people can bypass passwords. Your encrypted file is not much use to you if it is the only copy and someone deletes it. Always take backups and remember, an unchecked backup is useless.

The sad footnote is that I later read that the developer of the open source control panel (Korean I think, possibly Japanese) hung himself.
posted by epo at 3:22 AM on August 22, 2012


That's absolutely true, epo, but website security is something that we have little to no control over. All we can control, as end-users, is the passwords we're generating.

If they're doing things right, we want to be sure to create genuinely strong passwords, so that the weakest link isn't anything under our control. And if they're screwing it up, using a unique password on each site limits our exposure to their foulup.

In your basement metaphor, using separate passwords is like partitioning it into rooms, so that no matter what window an intruder breaks into, he can only burn a small area, hopefully not too damaging. The hole from the fire (ie, personal data he/she collects from a website's database) may let him into more damaging areas of your home, and he may eventually be able to burn the whole thing down, but there's an excellent chance that the partitions will keep him or her out of the stuff you really care about.
posted by Malor at 3:48 AM on August 22, 2012


It's worth mentioning the story about how some American codes, in WW2, were partially cracked because a sweet little old lady, assigned to pulling out random golf balls with digits on them to generate random numbers, would discard sequences that didn't look random enough. She thought she was helping, by making the keys she was generating more random, but in actual fact she was putting a pattern into the encryption keys that the enemy was able to detect, and thus partially decrypt some of our transmissions.

Similar bias appears to have been a problem with Soviet implementations of one-time pads according to Kahn's wonderful must-read history of cryptography.

The idea that cryptanalysis of this class would ever be aimed at a civilian was laughable up until recently, but the advent of global computer networks and global hacker networks means that enormous brain- and computer-power can be brought to bear on your specific passwords. Even in aggregate, it's not going to be like Alan Turing attacking you personally, but raw computer power can make up for a serious brainpower deficit.

When I was I child, I wanted to wake up in the Star Trek future, but instead, I ended up in Neuromancer future.

We saw a bit of what government-sponsored Turings are doing earlier this year with Flame: worms to create backdoors into Iranian computers backed by a supercomputer capable of creating an MD5 collision during a window of opportunity measured in seconds, probably using a shortcut previously unknown to cryptoanalysis.

Ultimately, we can't say whether the NSA does or does not have a better-than-brute-force shortcut through password hash algorithms. (I do assume that they don't need it for the operating systems I use.) The bears I'm running from are hooligans and international identity-theft syndicates, so I'm willing to settle for "frustrating" and "unprofitable" over "unbreakable."
posted by CBrachyrhynchos at 6:58 AM on August 22, 2012 [1 favorite]


Google's 2-factor auth is on my phone; when I login on a new computer, I need my password *and* my phone.
http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744

That said, arguably the world's best computer security expert advises you to use different passwords everywhere, and write down the lesser-used ones on a sheet of paper you keep in your wallet. If you can keep $200 in your wallet... you can also manage to not lose a sheet of notes.
http://www.schneier.com/blog/archives/2005/06/write_down_your.html
posted by talldean at 7:24 AM on August 22, 2012


epo: " exogenous The four digit PIN is found on average once in 10^4 tries, right? Not that it matters much for large numbers, but isn't a 4 digit PIN always found in 10^4 attempts? Some might be found earlier and so the average is .5*10^4"

Ah, you're right. I never was very good at probabilities.
posted by exogenous at 7:37 AM on August 22, 2012


write down the lesser-used ones on a sheet of paper you keep in your wallet

One hates to disagree with Schneier on a matter of security, but... this always seemed to me like a really rotten idea. I've had a wallet stoien. Dealing with cancelling credit cards and an ATM card and replacing my driver's license was enough of a pain without also having to worry about all of my passwords being in the hands of a thief.
posted by Zed at 9:21 AM on August 22, 2012


Yeah, seems like a safe place in the home would be much better. I do not have the numbers in front of me to verify my gut feeling that you are more likely to have your wallet stolen (or even lost) than your house burgled.
posted by adamdschneider at 11:20 AM on August 22, 2012


The problem is that it links your business to Google. Or my suggestions above, you're linked to Facebook or Twitter. That's a business problem, and also potentially a security problem if your chosen authentication provider breaks it.

Another problem is that this way you'd tie users to the policies of another company. Users who want to use a pseudonym, users who are blocked by the authenticator or if users who use the authenticator in different contexts and don't want to have their account associated with it: all these cases could be problematic.
posted by ersatz at 11:55 AM on August 22, 2012 [1 favorite]


The wallet idea is based on a number of assumptions. First, you need the passwords close at hand, but you need a set of passwords that's too complex to memorize. Second, we tend to notice when our wallets go inexplicably missing. And third, your wallet likely contains information useful for faking your identity and getting a manual password reset.

It's something I'll do after a password change to get over the muscle memory hump from using a password only once or twice a day.
posted by CBrachyrhynchos at 12:28 PM on August 22, 2012


Also, there's nothing forcing you to write out the website or username the password corresponds to on that paper.
posted by Holy Zarquon's Singing Fish at 12:47 PM on August 22, 2012


So, is 2-factor authentication secure enough that as long as you don't lose control of your authenticator you can have a trivial password and be fine?
posted by adamdschneider at 1:53 PM on August 22, 2012


Re: Schneier & the wallet

One hates to disagree with Schneier on a matter of security, but... this always seemed to me like a really rotten idea. I've had a wallet stoien. Dealing with cancelling credit cards and an ATM card and replacing my driver's license was enough of a pain without also having to worry about all of my passwords being in the hands of a thief.

Let me enthuse once more about the memorized common prefix scheme. If you use this, and your prefix is strong, your wallet may get stolen, but the passwords in it are useless (unless the attacker has access to Rubber-hose cryptanalysis).
posted by Anything at 3:03 PM on August 22, 2012


Of course in the above case there's still the lesser issue that if, through other means, they have access to one of your complete passwords (prefix+what's written down), they will then have access to all your complete passwords. But that still means, in other words, that they have to cross both of the two hurdles of stealing your wallet and cracking one of your complete passwords, which is a far less common scenario than either one in isolation.

And even that threat can be mitigated by using, instead of one prefix for all passwords, two or more prefixes for passwords of different categories of sites, categorized by the degree to which you trust your passwords to be safe and well salted and hashed on their servers.
posted by Anything at 3:12 PM on August 22, 2012


As a practical matter, is there any worry that an incomplete or unusable password stolen from your wallet is going to end up in a hacker's standard dictionary? A mugger might try and use your banking password along with your credit cards, social security number, etc., but they're not going to be working in concert with Internet douchebags to wreck your life on principle. A written list will be used or, if properly salted, discarded as worthless gibberish, but it seems vanishingly unlikely that it'd make its way to the hacking community – there's no profit in that for the thief, unless there are people who pick pockets specifically to discover passwords.
posted by Holy Zarquon's Singing Fish at 3:30 PM on August 22, 2012


And, it gets even worse, password hints extracted from Windows registry using 8-line ruby script.

adamschneider: So, is 2-factor authentication secure enough that as long as you don't lose control of your authenticator you can have a trivial password and be fine?

I wouldn't trust it. 2-factor authentication is vulnerable to man-in-the-middle, and the authentication codes are usually trivially weak on their own. As the linked article shows, the combination of two weak elements is still crackable, albeit tougher to crack than a weak element on its own.
posted by CBrachyrhynchos at 3:41 PM on August 22, 2012


And even that threat can be mitigated by using, instead of one prefix for all passwords, two or more prefixes for passwords of different categories of sites, categorized by the degree to which you trust your passwords to be safe and well salted and hashed on their servers.

Now this seems like an impossible burden. One 10-digit prefix I can probably memorize. Multiple 10-digit prefixes? Forget it.
posted by adamdschneider at 4:17 PM on August 22, 2012


You know what I never see with articles like this one? A strategy for how to go about overhauling one's password setup which assumes you've got an online life as messy and poorly thought out as most peoples'are. I get that I need stronger passwords. What I don't get is how I'm supposed to fix the fact that I didn't know what the fuck I was doing in the past, and remember every last site I need to change the password for.
posted by ocherdraco at 10:33 PM on August 22, 2012 [2 favorites]


I'm struggling with the same issue, ocherdraco. I suspect that the most workable strategy is to focus on the high-value targets first- banking, anything with your credit card number, etc. Hopefully these sites are memorable enough. Then, maybe google your own name and pseudonyms to find sites that you have accounts with. After those are changed, other sites (which are probably pretty low-value) can be changed whenever you access them next.
posted by a snickering nuthatch at 11:02 PM on August 22, 2012


Now this seems like an impossible burden. One 10-digit prefix I can probably memorize. Multiple 10-digit prefixes? Forget it.

I think just two would get you pretty far, if that sounds at all manageable? You would probably be using both frequently, so it might not be as difficult as it might first look.

And in any case, even just one seems perfectly reasonable for someone like myself, which is why I'm not bothering switching even up to two.
posted by Anything at 12:03 AM on August 23, 2012


Here's what I did:

Install KeePass (free)
(optional) Install Dropbox or equivalent cloud share service
Change my Big 3 - email, online banking, and identity (identity being facebook and linkedin)
Whenever I happen to use a service with a password, change that password

What I don't get is how I'm supposed to fix the fact that I didn't know what the fuck I was doing in the past, and remember every last site I need to change the password for.

This is sort of like the technique for cleaning out your closet. If it's not a site you use in a year, it's probably not a site you need to worry about, password-wise.
posted by muddgirl at 7:09 AM on August 23, 2012 [2 favorites]


« Older Just in case puberty wasn't horrifying enough   |   My Money's on Nolan Newer »


This thread has been archived and is closed to new comments