Password strength: Difference between revisions
Undid revision 879404941 by Ooooooga Boooooga 360 (talk) |
VulcanSphere (talk | contribs) Updating screenshot of example |
||
(294 intermediate revisions by more than 100 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|Resistance of a password to being guessed}} |
|||
⚫ | |||
{{for|organizational rules on passwords|Password policy}} |
|||
⚫ | '''Password strength''' |
||
⚫ | [[File:Bitwarden Desktop 2024.12.1 password generator screenshot.webp|thumb|upright=1.2|Options menu of the [[random password generation]] tool in [[Bitwarden]]. Enabling more character subsets raises the strength of generated passwords a small amount, whereas increasing their length raises the strength a large amount.]] |
||
⚫ | '''Password strength''' is a measure of the effectiveness of a [[password]] against guessing or [[brute-force attack]]s. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.<ref name=CERT>{{cite web | url = http://www.us-cert.gov/cas/tips/ST04-002.html | title = Cyber Security Tip ST04-002 | work = Choosing and Protecting Passwords | date = 21 May 2009 | publisher = US CERT | access-date = June 20, 2009 | url-status = live | archive-url = https://web.archive.org/web/20090707141138/http://www.us-cert.gov/cas/tips/ST04-002.html | archive-date = July 7, 2009 }}</ref> |
||
Using strong passwords lowers overall [[risk]] of a security breach, but strong passwords do not replace the need for other effective [[security controls]]. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the [[Authentication# |
Using strong passwords lowers the overall [[risk]] of a security breach, but strong passwords do not replace the need for other effective [[security controls]].<ref>{{Cite web|title=Why User Names and Passwords Are Not Enough {{!}} SecurityWeek.Com|url=https://www.securityweek.com/why-user-names-and-passwords-are-not-enough|access-date=2020-10-31|website=www.securityweek.com|date=31 January 2019 }}</ref> The effectiveness of a password of a given strength is strongly determined by the design and implementation of the [[Authentication#Authentication_factors|authentication factors]] (knowledge, ownership, inherence). The first factor is the main focus of this article. |
||
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g. three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secured with relatively simple passwords. However the system |
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g. three) of failed password entry attempts. In the absence of other [[Vulnerability (computer security)|vulnerabilities]], such systems can be effectively secured with relatively simple passwords. However, the system store information about the user's passwords in some form and if that information is stolen, say by breaching system security, the user's passwords can be at risk. |
||
In 2019, the United Kingdom's [[National Cyber Security Centre (United Kingdom)|NCSC]] analyzed public databases of breached accounts to see which words, phrases, and strings people used. The most popular password on the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while the top five included "[[qwerty]]", "password", and 1111111.<ref>{{Cite web|url=https://www.bbc.com/news/technology-47974583|title=Millions using 123456 as password, security study finds|date=21 April 2019|website=BBC News|access-date=24 April 2019}}</ref> |
|||
==Password creation== |
==Password creation== |
||
Passwords are created either automatically (using randomizing equipment) or by a human; the latter case is more common. While the strength of randomly chosen passwords against a [[brute-force attack]] can be calculated with precision, determining the strength of human-generated passwords is |
Passwords are created either automatically (using randomizing equipment) or by a human; the latter case is more common. While the strength of randomly chosen passwords against a [[brute-force attack]] can be calculated with precision, determining the strength of human-generated passwords is difficult. |
||
Typically, humans are asked to choose a password, sometimes guided by suggestions or restricted by a set of rules, when creating a new account for a computer system or |
Typically, humans are asked to choose a password, sometimes guided by suggestions or restricted by a set of rules, when creating a new account for a computer system or internet website. Only rough estimates of strength are possible since humans tend to follow patterns in such tasks, and those patterns can usually assist an attacker.<ref name=NIST /> In addition, lists of commonly chosen passwords are widely available for use by password-guessing programs. Such lists include the numerous online dictionaries for various human languages, breached databases of [[plaintext]] and [[Cryptographic_hash_function|hashed]] passwords from various online business and social accounts, along with other common passwords. All items in such lists are considered weak, as are passwords that are simple modifications of them. |
||
Although random password generation programs are available nowadays which are meant to be easy to use, they usually generate random, hard-to-remember passwords, often resulting in people preferring to choose their own. However, this is inherently insecure because the person's lifestyle, entertainment preferences, and other key individualistic qualities usually come into play to influence the choice of password, while the prevalence of online [[social media]] has made obtaining information about people much easier. |
|||
==Password guess validation== |
==Password guess validation== |
||
Systems that use passwords for authentication must have some way to check any password entered to gain access. If the valid passwords are simply stored in a system file or database, an attacker who gains sufficient access to the system will obtain all user passwords, giving the attacker access to all accounts on the attacked system |
Systems that use passwords for [[authentication]] must have some way to check any password entered to gain access. If the valid passwords are simply stored in a system file or database, an attacker who gains sufficient access to the system will obtain all user passwords, giving the attacker access to all accounts on the attacked system and possibly other systems where users employ the same or similar passwords. One way to reduce this risk is to store only a [[cryptographic hash]] of each password instead of the password itself. Standard cryptographic hashes, such as the [[Secure Hash Algorithm (disambiguation)|Secure Hash Algorithm]] (SHA) series, are very hard to reverse, so an attacker who gets hold of the hash value cannot directly recover the password. However, knowledge of the hash value lets the attacker quickly test guesses offline. [[Password cracking]] programs are widely available that will test a large number of trial passwords against a purloined cryptographic hash. |
||
Improvements in computing technology keep increasing the rate at which guessed passwords can be tested. For example, in 2010, the [[Georgia Tech Research Institute]] developed a method of using [[GPGPU]] to crack passwords much faster.<ref name="gtri"/> [[Elcomsoft]] invented the usage of common graphic cards for quicker password recovery in August 2007 and soon filed a corresponding patent in the US.<ref name="belenko">{{ cite patent | country=US | number=7929707 | status=patent | title=Use of graphics processors as parallel math co-processors for password recovery | assign1=Elcomsoft Co. Ltd. | inventor= Andrey V. Belenko | gdate=2011-04-19 }}</ref> |
Improvements in computing technology keep increasing the rate at which guessed passwords can be tested. For example, in 2010, the [[Georgia Tech Research Institute]] developed a method of using [[GPGPU]] to crack passwords much faster.<ref name="gtri"/> [[Elcomsoft]] invented the usage of common graphic cards for quicker password recovery in August 2007 and soon filed a corresponding patent in the US.<ref name="belenko">{{ cite patent | country=US | number=7929707 | status=patent | title=Use of graphics processors as parallel math co-processors for password recovery | assign1=Elcomsoft Co. Ltd. | inventor= Andrey V. Belenko | gdate=2011-04-19 }}</ref> By 2011, commercial products were available that claimed the ability to test up to 112,000 passwords per second on a standard desktop computer, using a high-end graphics processor for that time.<ref name=elcomsoft>[http://www.elcomsoft.com/eprb.html#gpu Elcomsoft.com] {{webarchive|url=https://web.archive.org/web/20061017173506/http://www.elcomsoft.com/eprb.html |date=2006-10-17 }}, [[ElcomSoft]] Password Recovery Speed table, [[NTLM]] passwords, [[Nvidia Tesla]] S1070 GPU, accessed 2011-02-01</ref> Such a device will crack a six-letter single-case password in one day. The work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs. Special [[key stretching]] hashes are available that take a relatively long time to compute, reducing the rate at which guessing can take place. Although it is considered best practice to use key stretching, many common systems do not. |
||
Another situation where quick guessing is possible is when the password is used to form a [[cryptographic key]]. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data. For example, one commercial product claims to test 103,000 [[Wi-Fi Protected Access|WPA]] PSK passwords per second.<ref>[http://www.elcomsoft.com/ewsa.html Elcomsoft Wireless Security Auditor, HD5970 GPU] {{webarchive|url=https://web.archive.org/web/20110219131825/http://www.elcomsoft.com/ewsa.html |date=2011-02-19 }} accessed 2011-02-11</ref> |
Another situation where quick guessing is possible is when the password is used to form a [[cryptographic key]]. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data. For example, one commercial product claims to test 103,000 [[Wi-Fi Protected Access|WPA]] PSK passwords per second.<ref>[http://www.elcomsoft.com/ewsa.html Elcomsoft Wireless Security Auditor, HD5970 GPU] {{webarchive|url=https://web.archive.org/web/20110219131825/http://www.elcomsoft.com/ewsa.html |date=2011-02-19 }} accessed 2011-02-11</ref> |
||
If a password system only stores the hash of the password, an attacker can pre-compute hash values for common |
If a password system only stores the hash of the password, an attacker can pre-compute hash values for common password variants and all passwords shorter than a certain length, allowing very rapid recovery of the password once its hash is obtained. Very long lists of pre-computed password hashes can be efficiently stored using [[rainbow tables]]. This method of attack can be foiled by storing a random value, called a [[cryptographic salt]], along with the hash. The salt is combined with the password when computing the hash, so an attacker precomputing a rainbow table would have to store for each password its hash with every possible salt value. This becomes infeasible if the salt has a big enough range, say a 32-bit number. Many authentication systems in common use do not employ salts and rainbow tables are available on the Internet for several such systems. |
||
===Entropy as a measure of password strength=== |
===Entropy as a measure of password strength=== |
||
Password strength is specified by the amount of [[information entropy]], which is measured in [[Shannon_(unit)|shannon]] (Sh) and is a concept from [[information theory]]. It can be regarded as the minimum number of [[bit]]s necessary to hold the information in a password of a given type. A related measure is the [[Binary logarithm|base-2 logarithm]] of the number of guesses needed to find the password with certainty, which is commonly referred to as the "bits of entropy".<ref>{{cite conference |url=http://www.isiweb.ee.ethz.ch/archive/massey_pub/pdf/BI633.pdf |title=Guessing and entropy |author=James Massey |year=1994 |publisher=IEEE |pages=204|book-title=Proceedings of 1994 IEEE International Symposium on Information Theory|author-link=James Massey }}</ref> A password with 42 bits of entropy would be as strong as a string of 42 bits chosen randomly, for example by a [[fair coin]] toss. Put another way, a password with 42 bits of entropy would require 2<sup>42</sup> (4,398,046,511,104) attempts to exhaust all possibilities during a [[brute force search]]. Thus, increasing the entropy of the password by one bit doubles the number of guesses required, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.<ref name=NIST /> |
|||
=== Random passwords === |
=== Random passwords === |
||
{{Main|Random password generator}} |
{{Main|Random password generator}} |
||
Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the [[ASCII]] character set), syllables designed to form pronounceable passwords |
Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the [[ASCII]] character set), syllables designed to form pronounceable passwords or even words from a word list (thus forming a [[passphrase]]). |
||
The strength of random passwords depends on the actual entropy of the underlying number generator; however, these are often not truly random, but |
The strength of random passwords depends on the actual entropy of the underlying number generator; however, these are often not truly random, but pseudorandom. Many publicly available password generators use random number generators found in programming libraries that offer limited entropy. However, most modern operating systems offer cryptographically strong random number generators that are suitable for password generation. It is also possible to use ordinary [[dice]] to generate random passwords {{xref|(see {{slink|Random password generator|Stronger methods}})}}. Random password programs often can ensure that the resulting password complies with a local [[password policy]]; for instance, by always producing a mix of letters, numbers, and special characters. |
||
For passwords generated by a process that randomly selects a string of symbols of length, ''L'', from a set of ''N'' possible symbols, the number of possible passwords can be found by raising the number of symbols to the power ''L'', i.e. ''N''<sup>''L''</sup>. Increasing either ''L'' or ''N'' will strengthen the generated password. The strength of a random password as measured by the [[information entropy]] is just the [[binary logarithm|base-2 logarithm]] or log<sub>2</sub> of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password's information entropy, ''H'', is given by the formula |
For passwords generated by a process that randomly selects a string of symbols of length, ''L'', from a set of ''N'' possible symbols, the number of possible passwords can be found by raising the number of symbols to the power ''L'', i.e. ''N''<sup>''L''</sup>. Increasing either ''L'' or ''N'' will strengthen the generated password. The strength of a random password as measured by the [[information entropy]] is just the [[binary logarithm|base-2 logarithm]] or log<sub>2</sub> of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password's information entropy, ''H'', is given by the formula: |
||
{{align|center| |
|||
<math>H = \log_2 N^L = L\log_2 N = L {\log N \over \log 2}</math> |
|||
}} |
|||
where ''N'' is the number of possible symbols and ''L'' is the number of symbols in the password. ''H'' is measured in [[bit]]s.<ref name=NIST/><ref>Schneier, B: ''Applied Cryptography'', 2e, page 233 ff. John Wiley and Sons.</ref> In the last expression, ''log'' can be to any [[Base (exponentiation)|base]]. |
where ''N'' is the number of possible symbols and ''L'' is the number of symbols in the password. ''H'' is measured in [[bit]]s.<ref name=NIST/><ref>Schneier, B: ''Applied Cryptography'', 2e, page 233 ff. John Wiley and Sons.</ref> In the last expression, ''log'' can be to any [[Base (exponentiation)|base]]. |
||
Line 39: | Line 47: | ||
:{| class="wikitable" style="text-align: right;" |
:{| class="wikitable" style="text-align: right;" |
||
|+ Entropy per symbol for different symbol sets |
|+ Entropy per symbol for different symbol sets |
||
! Symbol set || Symbol count ''N'' || Entropy per symbol ''H'' |
! Symbol set || Symbol count<br />''N'' || Entropy per symbol<br />''H'' |
||
|- |
|- |
||
| align=left|[[Arabic numerals]] (0–9) (e.g. [[Personal identification number|PIN]]) || 10 || {{Rnd|3.3219280948874|3}} bits |
| align=left|[[Arabic numerals]] (0–9) (e.g. [[Personal identification number|PIN]]) || 10 || {{Rnd|3.3219280948874|3}} bits |
||
|- |
|- |
||
| align=left|[[ |
| align=left|[[Hexadecimal]] numerals (0–9, A–F) (e.g. [[Wired Equivalent Privacy|WEP]] keys) || 16 || 4.000 bits |
||
|- |
|- |
||
| align=left|[[Case sensitivity|Case insensitive]] [[Latin alphabet]] (a–z or A–Z) || 26 || {{Rnd|4.7004397181411|3}} bits |
| align=left|[[Case sensitivity|Case insensitive]] [[Latin alphabet]] (a–z or A–Z) || 26 || {{Rnd|4.7004397181411|3}} bits |
||
Line 54: | Line 62: | ||
|- |
|- |
||
| align=left|All [[Printable characters|ASCII printable characters]] except space || 94 || {{Rnd|6.55458885|3}} bits |
| align=left|All [[Printable characters|ASCII printable characters]] except space || 94 || {{Rnd|6.55458885|3}} bits |
||
|- |
|||
| align=left|All [[Latin-1 Supplement|Latin-1 Supplement characters]] || 94 || {{Rnd|6.55458885|3}} bits |
|||
|- |
|- |
||
| align=left|All [[Printable characters|ASCII printable characters]] || 95 || {{Rnd|6.5698556083309|3}} bits |
| align=left|All [[Printable characters|ASCII printable characters]] || 95 || {{Rnd|6.5698556083309|3}} bits |
||
Line 66: | Line 76: | ||
A [[binary number|binary]] [[byte]] is usually expressed using two hexadecimal characters. |
A [[binary number|binary]] [[byte]] is usually expressed using two hexadecimal characters. |
||
To find the length, ''L,'' needed to achieve a desired strength ''H,'' with a password drawn randomly from a set of ''N'' symbols, one computes |
To find the length, ''L,'' needed to achieve a desired strength ''H,'' with a password drawn randomly from a set of ''N'' symbols, one computes: |
||
<math>L = {\left \lceil \frac {H}{\log_2 N} \right \rceil}</math> |
|||
where <math> \left \lceil \ \right \rceil </math> denotes the mathematical [[Floor and ceiling functions|ceiling function]], ''i.e.'' rounding up to the next largest [[natural number|whole number]]. |
|||
⚫ | |||
⚫ | |||
{{Anchor|EntropyTable}} |
|||
{| class="wikitable" |
{| class="wikitable" |
||
|+ Lengths ''L'' of truly randomly generated passwords required to achieve a desired password entropy ''H'' for symbol sets containing ''N'' symbols |
|+ Lengths ''L'' of truly randomly generated passwords required to achieve a desired password entropy ''H'' for symbol sets containing ''N'' symbols |
||
|- |
|||
! rowspan=2|Desired password<br />entropy ''H'' !!rowspan=2| [[Arabic numerals|Arabic<br />numerals]]!!rowspan=2| [[Hexadecimal]] !! colspan=2|[[Case sensitivity|Case insensitive]] !! colspan=2|[[Case sensitivity|Case sensitive]] !! All ASCII !! All [[Extended ASCII|Extended<br />ASCII]] !! rowspan=2|[[Diceware]]<br />word list |
|||
|- |
|- |
||
! |
! [[Latin alphabet|Latin<br />alphabet]] !![[alphanumeric|alpha-<br />numeric]] !! Latin<br />alphabet !! alpha-<br />numeric !!colspan=2|[[printable characters]] |
||
|- |
|- |
||
| 8 bits (1 byte) || 3 || 2 || 2 || 2 || 2 || 2 || 2 || 2 || 1 word |
| 8 bits (1 byte) || 3 || 2 || 2 || 2 || 2 || 2 || 2 || 2 || 1 word |
||
Line 101: | Line 115: | ||
=== Human-generated passwords === |
=== Human-generated passwords === |
||
People are notoriously poor at achieving sufficient entropy to produce satisfactory passwords. According to one study involving half a million users, the average password entropy was estimated at 40.54 bits.<ref>{{cite |
People are notoriously poor at achieving sufficient entropy to produce satisfactory passwords. According to one study involving half a million users, the average password entropy was estimated at 40.54 bits.<ref>{{cite book|last1=Florencio|first1=Dinei|last2=Herley|first2=Cormac|title=Proceedings of the 16th international conference on World Wide Web |chapter=A large-scale study of web password habits |date=May 8, 2007|page=657|doi=10.1145/1242572.1242661|isbn=9781595936547|s2cid=10648989|chapter-url=http://research.microsoft.com/pubs/74164/www2007.pdf|ref=ACM 978-1-59593-654-7/07/0005.|url-status=live|archive-url=https://web.archive.org/web/20150327031521/http://research.microsoft.com/pubs/74164/www2007.pdf|archive-date=March 27, 2015}}</ref> |
||
Thus, in one analysis of over 3 million eight-character passwords, the letter "e" was used over 1.5 million times, while the letter "f" was used only 250,000 times. A [[uniform distribution (discrete)|uniform distribution]] would have had each character being used about 900,000 times. The most common number used is "1", whereas the most common letters are a, e, o, and r.<ref name=perfect /> |
Thus, in one analysis of over 3 million eight-character passwords, the letter "e" was used over 1.5 million times, while the letter "f" was used only 250,000 times. A [[uniform distribution (discrete)|uniform distribution]] would have had each character being used about 900,000 times. The most common number used is "1", whereas the most common letters are a, e, o, and r.<ref name=perfect /> |
||
Users rarely make full use of larger character sets in forming passwords. For example, hacking results obtained from a MySpace phishing scheme in 2006 revealed 34,000 passwords, of which only 8.3% used mixed case, numbers, and symbols.<ref name=myspace-passwords>{{cite news | url = http://archive.wired.com/politics/security/commentary/securitymatters/2006/12/72300?currentPage=all | title = MySpace Passwords aren't so Dumb | author = Bruce Schneier | publisher = Wired Magazine | |
Users rarely make full use of larger character sets in forming passwords. For example, hacking results obtained from a MySpace phishing scheme in 2006 revealed 34,000 passwords, of which only 8.3% used mixed case, numbers, and symbols.<ref name=myspace-passwords>{{cite news | url = http://archive.wired.com/politics/security/commentary/securitymatters/2006/12/72300?currentPage=all | title = MySpace Passwords aren't so Dumb | author = Bruce Schneier | publisher = Wired Magazine | access-date = April 11, 2008 | date = December 14, 2006 | url-status = live | archive-url = https://web.archive.org/web/20140521031354/http://archive.wired.com/politics/security/commentary/securitymatters/2006/12/72300?currentPage=all | archive-date = May 21, 2014 }}</ref> |
||
The full strength associated with using the entire ASCII character set (numerals, mixed case letters and special characters) is only achieved if each possible password is equally likely. This seems to suggest that all passwords must contain characters from each of several character classes, perhaps upper and lower |
The full strength associated with using the entire ASCII character set (numerals, mixed case letters, and special characters) is only achieved if each possible password is equally likely. This seems to suggest that all passwords must contain characters from each of several character classes, perhaps upper and lower-case letters, numbers, and non-alphanumeric characters. Such a requirement is a pattern in password choice and can be expected to reduce an attacker's "work factor" (in Claude Shannon's terms). This is a reduction in password "strength". A better requirement would be to require a password ''not'' to contain any word in an online dictionary, or list of names, or any license plate pattern from any state (in the US) or country (as in the EU). If patterned choices are required, humans are likely to use them in predictable ways, such as capitalizing a letter, adding one or two numbers, and a special character. This predictability means that the increase in password strength is minor when compared to random passwords. |
||
'''Password Safety Awareness Projects''' |
|||
⚫ | |||
⚫ | [[NIST]] Special Publication 800-63 of June 2004 (revision |
||
* The entropy of the first character is four bits; |
|||
* The entropy of the next seven characters are two bits per character; |
|||
* The ninth through the twentieth character has 1.5 bits of entropy per character; |
|||
* Characters 21 and above have one bit of entropy per character. |
|||
* A "bonus" of six bits is added if both upper case letters and non-alphabetic characters are used. |
|||
* A "bonus" of six bits is added for passwords of length 1 through 19 characters following an extensive dictionary check to ensure the password is not contained within a large dictionary. Passwords of 20 characters or more do not receive this bonus because it is assumed they are pass-phrases consisting of multiple dictionary words. |
|||
Google developed Interland teach the kid internet audience safety on internet. On the chapter called ''Tower Of Tresure'' it is advised to use unusual names paired with characters like (₺&@#%) with a game.<ref>{{Cite web |title=Play Interland - Be Internet Awesome |url=https://beinternetawesome.withgoogle.com/en_us/interland/ |access-date=2024-09-10 |website=Play Interland - Be Internet Awesome |language=en-us}}</ref> |
|||
Using this scheme, an eight-character human-selected password without upper case letters and non-alphabetic characters is estimated to have 18 bits of entropy. The NIST publication concedes that at the time of development, little information was available on the real world selection of passwords. |
|||
⚫ | |||
⚫ | [[NIST]] Special Publication 800-63 of June 2004 (revision two) suggested a scheme to approximate the entropy of human-generated passwords:<ref name=NIST>{{cite web | url = http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63v6_3_3.pdf | title = SP 800-63 – Electronic Authentication Guideline | publisher = NIST | access-date = April 20, 2014 | url-status = dead | archive-url = https://web.archive.org/web/20040712152833/http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63v6_3_3.pdf | archive-date = July 12, 2004 }}</ref> |
||
Later research into human-selected password entropy using newly available real |
Using this scheme, an eight-character human-selected password without uppercase characters and non-alphabetic characters OR with either but of the two character sets is estimated to have eighteen bits of entropy. The NIST publication concedes that at the time of development, little information was available on the real-world selection of passwords. Later research into human-selected password entropy using newly available real-world data has demonstrated that the NIST scheme does not provide a valid metric for entropy estimation of human-selected passwords.<ref name=WeirEtAl>{{cite web | url = http://reusablesec.blogspot.com/2010/10/new-paper-on-password-security-metrics.html | title = Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords | format = PDF | author1 = Matt Weir | author2 = Susdhir Aggarwal | author3 = Michael Collins | author4 = Henry Stern | date = 7 October 2010 | access-date = March 21, 2012 | url-status = live | archive-url = https://web.archive.org/web/20120706124704/http://reusablesec.blogspot.com/2010/10/new-paper-on-password-security-metrics.html | archive-date = July 6, 2012 }}</ref> The June 2017 revision of SP 800-63 (Revision three) drops this approach.<ref>{{cite web | url = https://pages.nist.gov/800-63-3 | title = SP 800-63-3 – Digital Identity Guidelines | format = PDF | publisher = NIST | date = June 2017 | access-date = August 6, 2017 | url-status = live | archive-url = https://web.archive.org/web/20170806142240/https://pages.nist.gov/800-63-3/ | archive-date = August 6, 2017 }}</ref> |
||
===Usability and implementation considerations=== |
===Usability and implementation considerations=== |
||
Because national keyboard implementations vary, not all 94 ASCII printable characters can be used everywhere.<!-- The situation of assorted 7-bit ASCII character sets is long and sordid, quite indeterminate, and |
Because national keyboard implementations vary, not all 94 ASCII printable characters can be used everywhere.<!-- The situation of assorted 7-bit ASCII character sets is long and sordid, quite indeterminate, and a dog's breakfast. The advent of Unicode / UCS has at least 'settled' what the lowest 128 characters are, though this is not exactly what most of the prior character sets had. --> This can present a problem to an international traveler who wished to log into a remote system using a keyboard on a local computer {{xref|(see article concerned with [[List of Latin-script keyboard layouts|keyboard layouts]])}}. Many handheld devices, such as [[tablet computer]]s and [[smart phone]]s, require complex shift sequences or keyboard app swapping to enter special characters. |
||
Authentication programs vary |
Authentication programs can vary as to the list of allowable password characters. Some do not recognize case differences (e.g., the upper-case "E" is considered equivalent to the lower-case "e"), and others prohibit some of the other symbols. In the past few decades, systems have permitted more characters in passwords, but limitations still exist. Systems also vary as to the maximum length of passwords allowed. |
||
As a practical matter, passwords must be both reasonable and functional for the end user as well as strong enough for the intended purpose. Passwords that are too difficult to remember may be forgotten and so are more likely to be written on paper, which some consider a security risk.<ref name=Gartner>{{cite web | url = http://www.indevis.de/dokumente/gartner_passwords_breakpoint.pdf | title = Passwords are Near the Breaking Point |
As a practical matter, passwords must be both reasonable and functional for the end user as well as strong enough for the intended purpose. Passwords that are too difficult to remember may be forgotten and so are more likely to be written on paper, which some consider a security risk.<ref name=Gartner>{{cite web | url = http://www.indevis.de/dokumente/gartner_passwords_breakpoint.pdf | title = Passwords are Near the Breaking Point | publisher = Gartner | author = A. Allan | access-date = April 10, 2008 | url-status = dead | archive-url = https://web.archive.org/web/20060427032938/http://www.indevis.de/dokumente/gartner_passwords_breakpoint.pdf | archive-date = April 27, 2006 }}</ref> In contrast, others argue that forcing users to remember passwords without assistance can only accommodate weak passwords, and thus poses a greater security risk. According to [[Bruce Schneier]], most people are good at securing their wallets or purses, which is a "great place" to store a written password.<ref name=Schneier-writedown>{{cite web | url = http://www.schneier.com/blog/archives/2005/06/write_down_your.html | title = Schneier on Security | work = Write Down Your Password | author = Bruce Schneier | access-date = April 10, 2008 | url-status = live | archive-url = https://web.archive.org/web/20080413032636/http://www.schneier.com/blog/archives/2005/06/write_down_your.html | archive-date = April 13, 2008 }}</ref> |
||
== Required bits of entropy == |
== Required bits of entropy == |
||
The minimum number of bits of entropy needed for a password depends on the [[threat model]] for the given application. If [[key stretching]] is not used, passwords with more entropy are needed. RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one.<ref>{{cite IETF | title = Randomness Requirements for Security | rfc = 4086}}</ref> Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period |
The minimum number of bits of entropy needed for a password depends on the [[threat model]] for the given application. If [[key stretching]] is not used, passwords with more entropy are needed. RFC 4086, "Randomness Requirements for Security", published June 2005, presents some example threat models and how to calculate the entropy desired for each one.<ref>{{cite IETF | title = Randomness Requirements for Security | rfc = 4086}}</ref> Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period and stretching isn't applicable. A 2010 [[Georgia Tech Research Institute]] study based on unstretched keys recommended a 12-character random password but as a minimum length requirement.<ref name="gtri">{{cite web|url=http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System|title=Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World's Password Security System|publisher=[[Georgia Tech Research Institute]]|access-date=2010-11-07|url-status=live|archive-url=https://web.archive.org/web/20101230063449/http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System|archive-date=2010-12-30}}</ref><ref name="msnbc">{{cite news|url=http://www.nbcnews.com/id/38771772|archive-url=https://web.archive.org/web/20130711022009/http://www.nbcnews.com/id/38771772/|url-status=dead|archive-date=July 11, 2013|title=Want to deter hackers? Make your password longer|publisher=[[NBC News]]|date=2010-08-19|access-date=2010-11-07}}</ref> It pays to bear in mind that since computing power continually grows, to prevent offline attacks the required number of bits of entropy should also increase over time. |
||
The upper end is related to the stringent requirements of choosing keys used in encryption. In 1999, [[EFF DES cracker|an Electronic Frontier Foundation project]] broke 56-bit [[Data Encryption Standard|DES]] encryption in less than a day using specially designed hardware.<ref name=EFF-deep-crack>{{cite web | url = http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_descracker_pressrel.html | title = EFF DES Cracker machine brings honesty to crypto debate | publisher = EFF | |
The upper end is related to the stringent requirements of choosing keys used in encryption. In 1999, [[EFF DES cracker|an Electronic Frontier Foundation project]] broke 56-bit [[Data Encryption Standard|DES]] encryption in less than a day using specially designed hardware.<ref name=EFF-deep-crack>{{cite web | url = http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_descracker_pressrel.html | title = EFF DES Cracker machine brings honesty to crypto debate | publisher = EFF | access-date = March 27, 2008 | url-status = dead | archive-url = https://web.archive.org/web/20100101001853/http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_descracker_pressrel.html | archive-date = January 1, 2010 }}</ref> In 2002, ''[[distributed.net]]'' cracked a 64-bit key in 4 years, 9 months, and 23 days.<ref name=distributed>{{cite web | url = http://stats.distributed.net/projects.php?project_id=5 | title = 64-bit key project status | publisher = Distributed.net | access-date = March 27, 2008 | archive-url = https://web.archive.org/web/20130910051812/http://stats.distributed.net/projects.php?project_id=5 | archive-date = September 10, 2013 | url-status = dead }}</ref> As of October 12, 2011, ''distributed.net'' estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years.<ref name=distributed-72>{{cite web | url = http://stats.distributed.net/projects.php?project_id=8 | title = 72-bit key project status | publisher = Distributed.net | access-date = October 12, 2011 }}</ref> Due to currently understood limitations from fundamental physics, there is no expectation that any [[digital computer]] (or combination) will be capable of breaking 256-bit encryption via a brute-force attack.<ref name=schneier-cyptogram>{{cite web | url = http://www.schneier.com/crypto-gram-9902.html | title = Snakeoil: Warning Sign #5: Ridiculous key lengths | author = Bruce Schneier | access-date = March 27, 2008 | url-status = live | archive-url = https://web.archive.org/web/20080418225248/http://www.schneier.com/crypto-gram-9902.html | archive-date = April 18, 2008 }}</ref> Whether or not [[quantum computers]] will be able to do so in practice is still unknown, though theoretical analysis suggests such possibilities.<ref>{{cite web |url=https://stackoverflow.com/questions/2768807/quantum-computing-and-encryption-breaking |title=Quantum Computing and Encryption Breaking |publisher=Stack Overflow |date=2011-05-27 |access-date=2013-03-17 |url-status=live |archive-url=https://web.archive.org/web/20130521043721/http://stackoverflow.com/questions/2768807/quantum-computing-and-encryption-breaking |archive-date=2013-05-21 }}</ref> |
||
== Guidelines for strong passwords == |
== Guidelines for strong passwords == |
||
⚫ | |||
=== Common guidelines === |
=== Common guidelines === |
||
⚫ | Guidelines for choosing good passwords are typically designed to make passwords harder to discover by intelligent guessing. Common guidelines advocated by proponents of software system security have included:<ref>Microsoft Corporation, [http://www.microsoft.com/protect/yourself/password/create.mspx Strong passwords: How to create and use them] {{webarchive|url=https://web.archive.org/web/20080101132156/http://www.microsoft.com/protect/yourself/password/create.mspx |date=2008-01-01 }}</ref><ref name="schneier07">Bruce Schneier, [http://www.schneier.com/blog/archives/2007/01/choosing_secure.html Choosing Secure Passwords] {{webarchive|url=https://web.archive.org/web/20080223002450/http://www.schneier.com/blog/archives/2007/01/choosing_secure.html |date=2008-02-23 }}</ref><ref>Google, Inc., [https://www.google.com/accounts/PasswordHelp How safe is your password?] {{webarchive|url=https://web.archive.org/web/20080222225549/https://www.google.com/accounts/PasswordHelp |date=2008-02-22 }}</ref><ref name="UMD01">University of Maryland, [http://www.cs.umd.edu/faq/Passwords.shtml Choosing a Good Password] {{webarchive|url=https://web.archive.org/web/20140614022254/http://www.cs.umd.edu/faq/Passwords.shtml |date=2014-06-14 }}</ref><ref name="Bidwell000">{{cite book |
||
⚫ | Guidelines for choosing good passwords are typically designed to make passwords harder to discover by intelligent guessing. Common guidelines advocated by proponents of software system security |
||
| first = Teri |
| first = Teri |
||
| last = Bidwell |
| last = Bidwell |
||
| title = Hack Proofing Your Identity in the Information Age |
| title = Hack Proofing Your Identity in the Information Age |
||
| url = https://archive.org/details/hackproofingyour0000bidw |
|||
| url-access = registration |
|||
| publisher = Syngress Publishing |
| publisher = Syngress Publishing |
||
| year = 2002 |
| year = 2002 |
||
| isbn = 1-931836-51- |
| isbn = 978-1-931836-51-7 |
||
}}</ref> |
}}</ref> |
||
* Use a minimum password length of 8 or more characters if permitted. |
|||
* Consider a minimum password length of 8<ref>{{cite web |title=NIST PASSWORD GUIDELINES IN 2020 |date = 18 August 2020|url=https://stealthbits.com/blog/nist-password-guidelines/#:~:text=NIST%20now%20requires%20that%20all,characters%20as%20a%20maximum%20length. |publisher=Stealthbits |access-date=17 May 2021}}</ref> characters as a general guide. Both the US and UK cyber security departments recommend long and easily memorable passwords over short complex ones.<ref>{{cite web|title=Password Policy - Updating your approach|url=https://www.ncsc.gov.uk/collection/passwords/updating-your-approach|access-date=17 May 2021|publisher=UK National Cyber Security Centre}}</ref><ref>{{Cite web|title=Choosing and Protecting Passwords|url=https://www.cisa.gov/news-events/news/choosing-and-protecting-passwords|date=2019-11-18|access-date=2023-10-10|publisher=US Cybersecurity & Infrastructure Security Agency (CISA)}}</ref> |
|||
* Include lowercase and uppercase alphabetic characters, numbers and symbols if permitted. |
|||
* Generate passwords randomly where feasible. |
* Generate passwords randomly where feasible. |
||
* Avoid using the same password twice (e.g. |
* Avoid using the same password twice (e.g. across multiple user accounts and/or software systems). |
||
* Avoid character repetition, keyboard patterns, dictionary words, |
* Avoid character repetition, keyboard patterns, dictionary words, and sequential letters or numbers. |
||
* Avoid using information that is or might become publicly associated with the user or the account. |
* Avoid using information that is or might become publicly associated with the user or the account, such as the user name, ancestors' names, or dates. |
||
* Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user. |
* Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user, such as relatives or pet names, romantic links (current or past), and biographical information (e.g. ID numbers, ancestors' names or dates). |
||
* Do not use passwords |
* Do not use passwords that consist wholly of any simple combination of the aforementioned weak components. |
||
Forcing the inclusion of lowercase letters, uppercase letters, numbers, and symbols in passwords was a common policy but has been found to decrease security, by making it easier to crack. Research has shown how predictable the common use of such symbols are, and the US<ref>{{cite web |title=Digital Identity Guidelines |url=https://pages.nist.gov/800-63-3/sp800-63b.html#a3-complexity |publisher=USA National Institute for Standards and Technology |access-date=17 May 2021}}</ref> and UK<ref>{{cite web |title=Password administration for system owners |url=https://www.ncsc.gov.uk/collection/passwords/updating-your-approach |publisher=UK National Cyber Security Centre |access-date=17 May 2021}}</ref> government cyber security departments advise against forcing their inclusion in password policy. Complex symbols also make remembering passwords much harder, which increases writing down, password resets, and password reuse – all of which lower rather than improve password security. The original author of password complexity rules, Bill Burr, has apologized and admits they decrease security, as research has found; this was widely reported in the media in 2017.<ref name="tesla.tours">{{cite web |title=Password Rules - Founder of Password Complexity Says SORRY! |url=https://www.tesla.tours/campaigns/password-rules#h.8jxqtu8i7po2 |access-date=17 May 2021}}</ref> Online security researchers<ref>{{cite web |title=CyLab Usable Privacy and Security Laboratory (CUPS) |url=http://cups.cs.cmu.edu/passwords.html |publisher=Carnegie Mellon University (USA) |access-date=17 May 2021}}</ref> and consultants are also supportive of the change<ref>{{cite web |last1=Bruce |first1=Schneier |title=Changes in Password Best Practices |url=https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html |publisher=Schneier on Security |access-date=17 May 2021}}</ref> in best practice advice on passwords. |
|||
Some guidelines advise against writing passwords down, while others, noting the large numbers of password |
Some guidelines advise against writing passwords down, while others, noting the large numbers of password-protected systems users must access, encourage writing down passwords as long as the written password lists are kept in a safe place, not attached to a monitor or in an unlocked desk drawer.<ref name="schneier.com">{{cite web|url=http://www.schneier.com/blog/archives/2005/06/write_down_your.html|title=Write Down Your Password - Schneier on Security|website=www.schneier.com|url-status=live|archive-url=https://web.archive.org/web/20080413032636/http://www.schneier.com/blog/archives/2005/06/write_down_your.html|archive-date=2008-04-13}}</ref> Use of a [[password manager]] is recommended by the NCSC.<ref name="National Cyber Security Centre">{{cite web|url=https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers|title=What does the NCSC think of password managers?|website=www.ncsc.gov.uk|url-status=live|archive-url=https://web.archive.org/web/20190305053922/https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers|archive-date=2019-03-05}}</ref> |
||
The possible character set for a password can be constrained by different |
The possible character set for a password can be constrained by different websites or by the range of keyboards on which the password must be entered.<ref>e.g. for a keyboard with only 17 nonalphanumeric characters, see one for a BlackBerry phone in [http://www.hardwaresecrets.com/fullimage.php?image=18705 an enlarged image] {{webarchive|url=https://web.archive.org/web/20110406121058/http://www.hardwaresecrets.com/fullimage.php?image=18705 |date=2011-04-06 }} in support of [http://www.hardwaresecrets.com/article/795/2 Sandy Berger, ''BlackBerry Tour 9630 (Verizon) Cell Phone Review'', in Hardware Secrets (August 31, 2009)] {{webarchive|url=https://web.archive.org/web/20110406121111/http://www.hardwaresecrets.com/article/795/2 |date=April 6, 2011 }}, both as accessed January 19, 2010. That some websites don’t allow nonalphanumerics is indicated by [http://forums.theregister.co.uk/post/527230 Kanhef, ''Idiots, For Different Reasons'' (June 30, 2009) (topic post)] {{webarchive|url=https://web.archive.org/web/20110406121058/http://forums.theregister.co.uk/post/527230 |date=April 6, 2011 }}, as accessed January 20, 2010.</ref> |
||
=== Examples of weak passwords === |
=== Examples of weak passwords === |
||
{{See also|Password cracking|List of the most common passwords}} |
{{See also|Password cracking|List of the most common passwords}} |
||
As with any security measure, passwords vary in |
As with any security measure, passwords vary in strength; some are weaker than others. For example, the difference in strength between a dictionary word and a word with obfuscation (e.g. letters in the password are substituted by, say, numbers — a common approach) may cost a password-cracking device a few more seconds; this adds little strength. The examples below illustrate various ways weak passwords might be constructed, all of which are based on simple patterns which result in extremely low entropy, allowing them to be tested automatically at high speeds.:<ref name=perfect>{{cite book |
||
| last = Burnett |
| last = Burnett |
||
| first = Mark |
| first = Mark |
||
Line 170: | Line 184: | ||
| year = 2006 |
| year = 2006 |
||
| location = Rockland, Massachusetts |
| location = Rockland, Massachusetts |
||
| isbn = 1-59749-041- |
| isbn = 978-1-59749-041-2 |
||
| page = 181 |
| page = 181 |
||
| editor-link = Dave Kleiman }}</ref> |
| editor-link = Dave Kleiman }}</ref> |
||
* [[Default password]]s (as supplied by the system vendor and meant to be changed at installation time): ''password'', ''default'', ''admin'', ''guest'', etc. Lists of default passwords are widely available on the internet. |
* [[Default password]]s (as supplied by the system vendor and meant to be changed at installation time): ''password'', ''default'', ''admin'', ''guest'', etc. Lists of default passwords are widely available on the internet. |
||
* Reused passwords: Passwords should be unique to a particular account. Altering reused passwords, such as changing a few letters or numbers, does not provide sufficient security. |
|||
* Dictionary words: ''chameleon'', ''RedSox'', ''sandbags'', ''bunnyhop!'', ''IntenseCrabtree'', etc., including words in non-English dictionaries. |
* Dictionary words: ''chameleon'', ''RedSox'', ''sandbags'', ''bunnyhop!'', ''IntenseCrabtree'', etc., including words in non-English dictionaries. |
||
* Words with numbers appended: ''password1'', ''deer2000'', ''john1234'', etc., can be easily tested automatically with little lost time. |
* Words with numbers appended: ''password1'', ''deer2000'', ''john1234'', etc., can be easily tested automatically with little lost time. |
||
* |
* [[Munged password]]s (words with simple obfuscation): ''p@ssw0rd'', ''l33th4x0r'', ''g0ldf1sh'', etc., can be tested automatically with little additional effort. For example, a domain administrator password compromised in the [[DigiNotar]] attack was reportedly ''Pr0d@dm1n.''<ref>{{cite web |url=http://thehackernews.com/2011/09/comodohacker-responsible-for-diginotar.html |title=ComodoHacker responsible for DigiNotar Attack – Hacking News |publisher=Thehackernews.com |date=2011-09-06 |access-date=2013-03-17 |url-status=live |archive-url=https://web.archive.org/web/20130517204022/http://thehackernews.com/2011/09/comodohacker-responsible-for-diginotar.html |archive-date=2013-05-17 }}</ref> |
||
* Doubled words: ''crabcrab'', ''stopstop'', ''treetree'', ''passpass'', etc. |
* Doubled words: ''crabcrab'', ''stopstop'', ''treetree'', ''passpass'', etc. |
||
* Common sequences from a keyboard row: ''qwerty'', '' |
* Common sequences from a keyboard row: ''qwerty'', ''123456'', ''asdfgh'', etc. including diagonal or backward sequences (qazplm, ytrewq, etc). |
||
* Numeric sequences based on well known numbers such as 911 <sup>([[9-1-1]], [[September 11 attacks|9/11]])</sup>, 314159... <sup>([[pi]])</sup>, 27182... <sup>([[E (mathematical constant)|e]])</sup>, 112 <sup>([[112 (emergency telephone number)|1-1-2]])</sup>, etc. |
* Numeric sequences based on well known numbers such as 911 <sup>([[9-1-1]], [[September 11 attacks|9/11]])</sup>, 314159... <sup>([[pi]])</sup>, 27182... <sup>([[E (mathematical constant)|e]])</sup>, 112 <sup>([[112 (emergency telephone number)|1-1-2]])</sup>, etc. |
||
* Identifiers: ''jsmith123'', ''1/1/1970'', ''555–1234'', one's username, etc. |
* Identifiers: ''jsmith123'', ''1/1/1970'', ''555–1234'', one's username, etc. |
||
* Weak passwords in non-English languages, such as contraseña (Spanish) and ji32k7au4a83 (bopomofo keyboard encoding from Chinese)<ref>{{cite news|url=https://www.iheart.com/content/2019-03-08-heres-why-ji32k7au4a83-is-a-surprisingly-common-password/|title=Here's Why 'ji32k7au4a83' Is A Surprisingly Common Password|access-date=25 March 2019|date=8 March 2019|author=Dave Basner}}</ref> |
|||
* Anything personally related to an individual: license plate number, Social Security number, current or past telephone numbers, student ID, current address, previous addresses, birthday, sports team, relative's or pet's names/nicknames/birthdays/initials, etc., can easily be tested automatically after a simple investigation of a person's details. |
* Anything personally related to an individual: license plate number, Social Security number, current or past telephone numbers, student ID, current address, previous addresses, birthday, sports team, relative's or pet's names/nicknames/birthdays/initials, etc., can easily be tested automatically after a simple investigation of a person's details. |
||
* Dates: dates follow a pattern and make your password weak. |
|||
* Names of well-known locations: New York, Texas, China, London, etc. |
|||
* Names of brands, celebrities, sports teams, musical groups, TV shows, movies, etc. |
|||
* Short passwords: Even if a password doesn't have any of the weaknesses listed above, if it is too short, it can be easily cracked. |
|||
There are many other ways a password can be weak,<ref>Bidwell, p. 87</ref> corresponding to the strengths of various attack schemes; the core principle is that a password should have high entropy (usually taken to be equivalent to randomness) and ''not'' be readily derivable by any "clever" pattern, nor should passwords be mixed with information identifying the user. |
There are many other ways a password can be weak,<ref>Bidwell, p. 87</ref> corresponding to the strengths of various attack schemes; the core principle is that a password should have high entropy (usually taken to be equivalent to randomness) and ''not'' be readily derivable by any "clever" pattern, nor should passwords be mixed with information identifying the user. Online services often provide a restore password function that a hacker can figure out and by doing so bypass a password. |
||
=== Rethinking password change guidelines === |
=== Rethinking password change guidelines === |
||
{{outdated section|reason="standards of today" and processor speeds have both change significantly since 2012|date=September 2017}} |
|||
In the landscape of 2012, as delineated by [[William Cheswick]] in an article for ACM magazine, password security predominantly emphasized an alpha-numeric password of eight characters or more. Such a password, it was deduced, could resist ten million attempts per second for a duration of 252 days. However, with the assistance of contemporary GPUs at the time, this period was truncated to just about 9 hours, given a cracking rate of 7 billion attempts per second. A 13-character password was estimated to withstand GPU-computed attempts for over 900,000 years.<ref>{{Cite web|url=https://queue.acm.org/detail.cfm?id=2422416|title=HTML version - Rethinking Passwords|last=William|first=Cheswick|date=2012-12-31|website=[[Association for Computing Machinery]] (ACM)|url-status=live|archive-url=https://archive.today/20191103172648/https://queue.acm.org/detail.cfm?id=2422416|archive-date=2019-11-03|access-date=2019-11-03}}</ref><ref>{{Cite journal|title=ACM Digital Library - Rethinking Passwords|last=William|first=Cheswick|date=2012-12-31|journal=Queue|volume=10|issue=12|pages=50–56|doi=10.1145/2405116.2422416|doi-access=free}}</ref> |
|||
In December, 2012, [[William Cheswick]] wrote an article published in ACM magazine that included the mathematical possibilities of how easy or difficult it would be to break passwords that are constructed using the commonly recommended, and sometimes followed, standards of today. In his article, William showed that a standard eight character alpha-numeric password could withstand a brute force attack of ten million attempts per second, and remain unbroken for 252 days. Ten million attempts each second is the acceptable rate of attempts using a multi-core system that most users would have access to. A much greater degree of attempts, at the rate of 7 billion per second, could also be achieved when using modern GPUs. At this rate, the same 8 character alpha-numeric password could be broken in approximately 30 seconds. Increasing the password complexity to a 13 character alpha-numeric password increases the time needed to crack it to more than 900,000 years at 7 billion attempts per second. This is, of course, assuming the password does not use a common word that a dictionary attack could break much sooner. Using a password of this strength reduces the obligation to change it as often as many organizations require, including the U.S. Government, as it could not be reasonably broken in such a short period of time.<ref>Cheswick, William. ''Rethinking Passwords''. Association of Computing Machinery, 2012</ref> |
|||
In the context of 2023 hardware technology, the 2012 standard of an eight-character alpha-numeric password has become vulnerable, succumbing in a few hours. The time needed to crack a 13-character password is reduced to a few years. The current emphasis, thus, has shifted. Password strength is now gauged not just by its complexity but its length, with recommendations leaning towards passwords comprising at least 13-16 characters. This era has also seen the rise of Multi-Factor Authentication (MFA) as a crucial fortification measure. The advent and widespread adoption of password managers have further aided users in cultivating and maintaining an array of strong, unique passwords.<ref>{{Cite web |title=The State of Password Security 2023 Report {{!}} Bitwarden Resources |url=https://bitwarden.com/resources/the-state-of-password-security/ |access-date=2023-09-24 |website=Bitwarden |language=en-US}}</ref> |
|||
== Password policy == |
== Password policy == |
||
Line 195: | Line 217: | ||
* assist users in choosing strong passwords |
* assist users in choosing strong passwords |
||
* ensure the passwords are suited to the target population |
* ensure the passwords are suited to the target population |
||
* |
* Provide recommendations for users concerning the handling of their passwords |
||
* impose a |
* impose a recommendation to change any password which has been lost or suspected of compromise |
||
⚫ | |||
* (in some cases) prescribe the pattern of characters which passwords must contain |
|||
⚫ | |||
Previous password policies used to prescribe the characters which passwords must contain, such as numbers, symbols, or upper/lower case. While this is still in use, it has been debunked as less secure by university research,<ref>{{cite web |title=Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements |url=http://www.andrew.cmu.edu/user/nicolasc/publications/Tan-CCS20.pdf |publisher=Carnegie Mellon University |access-date=17 May 2021}}</ref> by the original instigator<ref>{{cite web |title=Bill Burr, Founder of Password complexity rules says SORRY! |url=https://www.tesla.tours/campaigns/password-rules#h.8jxqtu8i7po2 |access-date=17 May 2021}}</ref> of this policy, and by the cyber security departments (and other related government security bodies<ref>{{cite web |title=Passwords in online services |url=https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/passwords-in-online-services/#whatrequirementsshould |publisher=UK Information Commissioner's Office (ICO) |access-date=17 May 2021}}</ref>) of USA<ref>{{cite web |title=Digital Identity Guidelines |url=https://pages.nist.gov/800-63-3/sp800-63b.html#a3-complexity |publisher=USA National Institute of Standards and Technology |access-date=17 May 2021}}</ref> and UK.<ref>{{cite web |title=Password guidance |url=https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf |publisher=Cyber Security, UK Government Communications Headquarters |access-date=17 May 2021}}</ref> Password complexity rules of enforced symbols were previously used by major platforms such as Google<ref>{{cite web |title=Create a Strong Password |url=https://support.google.com/accounts/answer/32040?hl=en#:~:text=Meet%20password%20requirements,accented%20characters%20aren't%20supported. |publisher=Google Inc. |access-date=17 May 2021}}</ref> and Facebook,<ref>{{cite web |title=Login and Password Help |url=https://www.facebook.com/help/1573156092981768/ |publisher=FaceBook Inc |access-date=17 May 2021}}</ref> but these have removed the requirement following the discovery that they actually reduced security. This is because the human element is a far greater risk than cracking, and enforced complexity leads most users to highly predictable patterns (number at the end, swap 3 for E, etc.) which helps crack passwords. So password simplicity and length (passphrases) are the new best practice and complexity is discouraged. Forced complexity rules also increase support costs, and user friction and discourage user signups. |
|||
For example, password expiration is often covered by password policies. Password expiration serves two purposes:<ref name=LOPSA>{{cite web | url = http://lopsa.org/node/295 | title = In Defense of Password Expiration | publisher = League of Professional Systems Administrators | accessdate = April 14, 2008 | deadurl = yes | archiveurl = https://web.archive.org/web/20081012063918/http://lopsa.org/node/295 | archivedate = October 12, 2008 | df = }}</ref> |
|||
Password expiration was in some older password policies but has been debunked<ref name="tesla.tours"/> as best practice and is not supported by USA or UK governments, or Microsoft which removed<ref>{{cite web |title=Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903 |date=23 May 2019 |url=https://docs.microsoft.com/en-au/archive/blogs/secguide/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903 |publisher=Microsoft |access-date=17 May 2021}}</ref> the password expiry feature. Password expiration was previously trying to serve two purposes:<ref name=LOPSA>{{cite web | url = http://lopsa.org/node/295 | title = In Defense of Password Expiration | publisher = League of Professional Systems Administrators | access-date = April 14, 2008 | url-status = dead | archive-url = https://web.archive.org/web/20081012063918/http://lopsa.org/node/295 | archive-date = October 12, 2008 }}</ref> |
|||
* If the time to crack a password is estimated to be 100 days, password expiration times fewer than 100 days may help ensure insufficient time for an attacker. |
* If the time to crack a password is estimated to be 100 days, password expiration times fewer than 100 days may help ensure insufficient time for an attacker. |
||
* If a password has been compromised, requiring it to be changed regularly |
* If a password has been compromised, requiring it to be changed regularly may limit the access time for the attacker. |
||
However, password expiration has its drawbacks:<ref name=WEB> |
However, password expiration has its drawbacks:<ref name=WEB> |
||
{{cite web |
{{cite web |
||
Line 210: | Line 233: | ||
|work = IA Matters |
|work = IA Matters |
||
|publisher = CESG: the Information Security Arm of GCHQ |
|publisher = CESG: the Information Security Arm of GCHQ |
||
| |
|access-date = 5 Aug 2016 |
||
| |
|url-status = dead |
||
| |
|archive-url = https://web.archive.org/web/20160817223701/https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry |
||
| |
|archive-date = 17 August 2016 |
||
|df = |
|||
}} |
}} |
||
</ref><ref name=CERIAS>{{cite web | url = http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ | title = Security Myths and Passwords | publisher = The Center for Education and Research in Information Assurance and Security | author = Eugene Spafford | |
</ref><ref name=CERIAS>{{cite web | url = http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ | title = Security Myths and Passwords | publisher = The Center for Education and Research in Information Assurance and Security | author = Eugene Spafford | access-date = April 14, 2008 | url-status = live | archive-url = https://web.archive.org/web/20080411123000/http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ | archive-date = April 11, 2008 }}</ref> |
||
* Asking users to change passwords frequently encourages simple, weak passwords. |
* Asking users to change passwords frequently encourages simple, weak passwords. |
||
* If one has a truly strong password, there is little point in changing it. Changing passwords |
* If one has a truly strong password, there is little point in changing it. Changing passwords that are already strong introduces a risk that the new password may be less strong. |
||
* A compromised password is likely to be used immediately by an attacker to install a [[backdoor (computing)|backdoor]], often via [[privilege escalation]]. Once this is accomplished, password changes won't prevent future |
* A compromised password is likely to be used immediately by an attacker to install a [[backdoor (computing)|backdoor]], often via [[privilege escalation]]. Once this is accomplished, password changes won't prevent future attackers from accessing them. |
||
* Moving from never changing one's password to changing the password on every authenticate attempt (pass ''or'' fail attempts) only doubles the number of attempts the attacker must make on average before guessing the password in a brute force attack. One gains ''much'' more security by just increasing the password length by one character than changing the password on every use. |
* Moving from never changing one's password to changing the password on every authenticate attempt (pass ''or'' fail attempts) only doubles the number of attempts the attacker must make on average before guessing the password in a brute force attack. One gains ''much'' more security by just increasing the password length by one character than changing the password on every use.{{cn|date=June 2024| reason = Not in the references. This is certainly not true if the passwords are truely randomly generated.}} |
||
=== Creating and handling passwords === |
=== Creating and handling passwords === |
||
⚫ | The hardest passwords to crack, for a given length and character set, are random character strings; if long enough they resist brute force attacks (because there are many characters) and guessing attacks (due to high entropy). However, such passwords are typically the hardest to remember. The imposition of a requirement for such passwords in a password policy may encourage users to write them down, store them in [[mobile device]]s, or share them with others as a safeguard against memory failure. While some people consider each of these user resorts to increase security risks, others suggest the absurdity of expecting users to remember distinct complex passwords for each of the dozens of accounts they access. For example, in 2005, security expert [[Bruce Schneier]] recommended writing down one's password: |
||
⚫ | {{Blockquote|quote=Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.<ref name="schneier.com"/>}} |
||
⚫ | The hardest passwords to crack, for a given length and character set, are random character strings; if long enough they resist brute force attacks (because there are many characters) and guessing attacks (due to high entropy). However, such passwords are typically the hardest to remember. The imposition of a requirement for such passwords in a password policy may encourage users to write them down, store them in |
||
⚫ | |||
⚫ | {{ |
||
⚫ | |||
* a training program. Also, updated training for those who fail to follow the password policy (lost passwords, inadequate passwords, etc.). |
* a training program. Also, updated training for those who fail to follow the password policy (lost passwords, inadequate passwords, etc.). |
||
* rewarding strong password users by reducing the rate, or eliminating |
* rewarding strong password users by reducing the rate, or eliminating, the need for password changes (password expiration). The strength of user-chosen passwords can be estimated by automatic programs which inspect and evaluate proposed passwords when setting or changing a password. |
||
* displaying to each user the last login date and time in the hope that the user may notice unauthorized access, suggesting a compromised password. |
* displaying to each user the last login date and time in the hope that the user may notice unauthorized access, suggesting a compromised password. |
||
* allowing users to reset their passwords via an automatic system, which reduces help desk call volume. However, some systems are themselves insecure; for instance, easily guessed or researched answers to password reset questions bypass the advantages of a strong password system. |
* allowing users to reset their passwords via an automatic system, which reduces help desk call volume. However, some systems are themselves insecure; for instance, easily guessed or researched answers to password reset questions bypass the advantages of a strong password system. |
||
* using randomly generated passwords that do not allow users to choose their |
* using randomly generated passwords that do not allow users to choose their passwords, or at least offering randomly generated passwords as an option. |
||
=== Memory techniques === |
=== Memory techniques === |
||
Password policies sometimes suggest memory |
Password policies sometimes suggest [[Memory improvement|memory technique]]s to assist remembering passwords: |
||
* mnemonic passwords: Some users develop [[mnemonic]] phrases and use them to generate more or less random passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Research estimates the password strength of such passwords to be about 3.7 bits per character, compared to the 6.6 bits for random passwords from ASCII printable characters.<ref>{{cite conference |url=https://www.internetsociety.org/sites/default/files/ndss2017_03A-4_Kiesel_paper.pdf |title=A Large-scale Analysis of the Mnemonic Password Advice |author=Johannes Kiesel |
* mnemonic passwords: Some users develop [[mnemonic]] phrases and use them to generate more or less random passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Research estimates the password strength of such passwords to be about 3.7 bits per character, compared to the 6.6 bits for random passwords from ASCII printable characters.<ref>{{cite conference |url=https://www.internetsociety.org/sites/default/files/ndss2017_03A-4_Kiesel_paper.pdf |title=A Large-scale Analysis of the Mnemonic Password Advice |author=Johannes Kiesel |author2=Benno Stein |author3=Stefan Lucks |year=2017 |publisher=Internet Society |book-title=Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS 17) |url-status=dead |archive-url=https://web.archive.org/web/20170330174637/https://www.internetsociety.org/sites/default/files/ndss2017_03A-4_Kiesel_paper.pdf |archive-date=2017-03-30 |access-date=2017-03-30 }}</ref> Silly ones are possibly more memorable.<ref>[http://uc.iupui.edu/uploadedFiles/Learning_Center_Site/Mnemonic%20Devices.pdf ''Mnemonic Devices'' (Indianapolis, Ind.: Bepko Learning Ctr., University College)], as accessed January 19, 2010 {{webarchive |url=https://web.archive.org/web/20100610000727/http://uc.iupui.edu/uploadedFiles/Learning_Center_Site/Mnemonic%20Devices.pdf |date=June 10, 2010 }}</ref> Another way to make random-appearing passwords more memorable is to use random words (see [[diceware]]) or syllables instead of randomly chosen letters. |
||
* after-the-fact mnemonics: After the password has been established, invent a mnemonic that fits.<ref>[http://changingminds.org/techniques/memory/remembering_passwords.htm Remembering Passwords (ChangingMinds.org)] {{webarchive|url=http://archive.wikiwix.com/cache/20100121181700/http://changingminds.org/techniques/memory/remembering_passwords.htm |date=2010-01-21 }}, as accessed January 19, 2010</ref> It does not have to be reasonable or sensible, only memorable. This allows passwords to be random. |
* after-the-fact mnemonics: After the password has been established, invent a mnemonic that fits.<ref>[http://changingminds.org/techniques/memory/remembering_passwords.htm Remembering Passwords (ChangingMinds.org)] {{webarchive|url=http://archive.wikiwix.com/cache/20100121181700/http://changingminds.org/techniques/memory/remembering_passwords.htm |date=2010-01-21 }}, as accessed January 19, 2010</ref> It does not have to be reasonable or sensible, only memorable. This allows passwords to be random. |
||
* visual representations of passwords: a password is memorized based on a sequence of keys pressed, not the values of the keys themselves, e.g. a sequence !qAsdE#2 represents a [[rhomboid]] on a US keyboard. The method to produce such passwords is called PsychoPass |
* visual representations of passwords: a password is memorized based on a sequence of keys pressed, not the values of the keys themselves, e.g. a sequence !qAsdE#2 represents a [[rhomboid]] on a US keyboard. The method to produce such passwords is called PsychoPass.<ref name=":10">{{cite journal | last1 = Cipresso | first1 = P | last2 = Gaggioli | first2 = A | last3 = Serino | first3 = S | last4 = Cipresso | first4 = S | last5 = Riva | first5 = G | year = 2012 | title = How to Create Memorizable and Strong Passwords | journal = J Med Internet Res | volume = 14 | issue = 1| page = e10 | doi = 10.2196/jmir.1906 | pmid = 22233980 | pmc=3846346 | doi-access = free }}</ref> Passwords produced by this method are much weaker than their length suggests, since successive keys are not independent and common keyboard sequences are included in password dictionaries. But some improvements can be made.<ref>{{cite journal | pmc = 3742392 | pmid=23942458 | doi=10.2196/jmir.2366 | volume=15 | issue=8 | title=Security analysis and improvements to the PsychoPass method. | year=2013 | journal=J Med Internet Res | page=e161 | last1 = Brumen | first1 = B | last2 = Heričko | first2 = M | last3 = Rozman | first3 = I | last4 = Hölbl | first4 = M | doi-access=free }}</ref><ref>{{cite web|url=https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/|title=zxcvbn: realistic password strength estimation|website=Dropbox Tech Blog|url-status=live|archive-url=https://web.archive.org/web/20150405131234/https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/|archive-date=2015-04-05}}</ref> |
||
* password patterns: Any pattern in a password makes guessing (automated or not) easier and reduces an attacker's work factor. |
* password patterns: Any pattern in a password makes guessing (automated or not) easier and reduces an attacker's work factor. |
||
** For example, passwords of the following case-insensitive form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example ''pinray45'') are called Environ passwords. |
** For example, passwords of the following case-insensitive form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example ''pinray45'') are called Environ passwords. The pattern of alternating vowel and consonant characters was intended to make passwords more likely to be pronounceable and thus more memorable. Such patterns severely reduce the password's [[information entropy]], making [[brute force attack|brute force]] password attacks considerably more efficient. In the UK in October 2005, employees of [[Departments of the United Kingdom Government|the British government]] were advised to use passwords in this form.{{Citation needed|date=January 2012}} |
||
| first = Ross |
|||
| last = Anderson |
|||
| year = 2001 |
|||
| title = Security engineering: A guide to building dependable distributed systems |
|||
| publisher = John Wiley & Sons, Inc. |
|||
| isbn = 0470068523 |
|||
}}</ref> The pattern of alternating vowel and consonant characters was intended to make passwords more likely to be pronounceable and thus more memorable. Unfortunately, such patterns severely reduce the password's [[information entropy]], making [[brute force attack|brute force]] password attacks considerably more efficient. In the UK in October 2005, employees of [[Departments of the United Kingdom Government|the British government]] were advised to use passwords in this form.{{Citation needed|date=January 2012}} |
|||
=== Protecting passwords === |
|||
⚫ | |||
Computer users are generally advised to "never write down a password anywhere, no matter what" and "never use the same password for more than one account."<ref>{{Cite news|url=https://www.telegraph.co.uk/finance/personalfinance/bank-accounts/12149022/Use-the-same-password-for-everything-Youre-fuelling-a-surge-in-current-account-fraud.html|title=Use the same password for everything? You're fuelling a surge in current account fraud|last=Morley|first=Katie|date=2016-02-10|work=Telegraph.co.uk|access-date=2017-05-22|language=en|deadurl=no|archiveurl=https://web.archive.org/web/20170513044756/http://www.telegraph.co.uk/finance/personalfinance/bank-accounts/12149022/Use-the-same-password-for-everything-Youre-fuelling-a-surge-in-current-account-fraud.html|archivedate=2017-05-13|df=}}</ref> However, an ordinary computer user may have dozens of password-protected accounts. Users with multiple accounts needing passwords often give up and use the same password for every account. When varied password complexity requirements prevent use of the same (memorable) scheme for producing high-strength passwords, oversimplified passwords will often be created to satisfy irritating and conflicting password requirements. |
|||
A [[Microsoft]] expert was quoted as saying at a 2005 security conference: "I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."<ref>[http://www.cnet.com/news/microsoft-security-guru-jot-down-your-passwords/ Microsoft security guru: Jot down your passwords] {{webarchive|url=https://web.archive.org/web/20160205211730/http://www.cnet.com/news/microsoft-security-guru-jot-down-your-passwords/ |date=2016-02-05 }}, ''c\net'' Retrieved on 2016-02-02</ref> |
|||
Software is available for popular hand-held computers that can store passwords for numerous accounts in encrypted form. Passwords can be [[Encryption|encrypted]] by hand on paper and remember the encryption method and key.<ref>Simple methods (e.g., [[Rot13|ROT13]] and [[Cipher#Historical ciphers|some other old ciphers]]) may suffice; for more sophisticated hand-methods see [http://www.schneier.com/solitaire.html Bruce Schneier, The Solitaire Encryption Algorithm (May 26, 1999) (ver. 1.2)] {{webarchive|url=https://web.archive.org/web/20151113061059/https://www.schneier.com/solitaire.html |date=November 13, 2015 }}, as accessed January 19, 2010, and [http://www.ibm.com/developerworks/power/library/pa-bigiron5/ Sam Siewert, ''Big Iron Lessons, Part 5: Introduction to Cryptography, From Egypt Through Enigma'' (IBM, July 26, 2005)] {{webarchive|url=https://web.archive.org/web/20100803202847/http://www.ibm.com/developerworks/power/library/pa-bigiron5/ |date=August 3, 2010 }}, as accessed January 19, 2010.</ref> And another approach is to use a single password or slightly varying passwords for low-security accounts and select distinctly separate strong passwords for a smaller number of high-value applications such as for [[online banking]]. |
|||
A single "master" password can be used with software to generate a new password for each application, based on the master password and the application's name. This approach is used by Stanford's PwdHash,<ref>{{cite conference |url=http://crypto.stanford.edu/PwdHash/pwdhash.pdf |title=Stronger Password Authentication Using Browser Extensions |author=Blake Ross |authorlink= |author2=Collin Jackson |author3=Nicholas Miyake |author4=Dan Boneh |author5=John C. Mitchell |year=2005 |publisher=USENIX |booktitle=Proceedings of the 14th Usenix Security Symposium |pages=17–32 |deadurl=no |archiveurl=http://archive.wikiwix.com/cache/20120429031741/http://crypto.stanford.edu/PwdHash/pwdhash.pdf |archivedate=2012-04-29 |df= }}</ref> Princeton's Password Multiplier,<ref>{{cite conference |url=http://www.cs.utexas.edu/~bwaters/publications/papers/www2005.pdf |title=A Convenient Method for Securely Managing Passwords |author=[[J. Alex Halderman]] |authorlink= |author2=Brent Waters |author3=Edward W. Felten |year=2005 |publisher=ACM |pages=1–9 |deadurl=no |archiveurl=https://web.archive.org/web/20160115062049/http://www.cs.utexas.edu/~bwaters/publications/papers/www2005.pdf |archivedate=2016-01-15 |df= }}</ref> and other stateless password managers. In this approach, protecting the master password is essential, as all passwords are compromised if the master password is revealed, and lost if the master password is forgotten or misplaced. |
|||
==Password managers== |
==Password managers== |
||
{{Main|Password manager}} |
{{Main|Password manager}} |
||
A reasonable compromise for using large numbers of passwords is to record them in a password manager program, which include stand-alone applications, web browser extensions, or a manager built into the operating system. A password manager allows the user to use hundreds of different passwords, and only have to remember a single password, the one which opens the encrypted password database. Needless to say, this single password should be strong and well-protected (not recorded anywhere). Most password managers can automatically create strong passwords using a cryptographically secure [[random password generator]], as well as calculating the entropy of the generated password. A good password manager will provide resistance against attacks such as [[key logging]], clipboard logging and various other memory spying techniques. |
A reasonable compromise for using large numbers of passwords is to record them in a password manager program, which include stand-alone applications, web browser extensions, or a manager built into the operating system. A password manager allows the user to use hundreds of different passwords, and only have to remember a single password, the one which opens the encrypted password database.<ref>{{Cite web |title=The Emperor's New Password Manager: Security Analysis of Web-based Password Managers {{!}} EECS at UC Berkeley |url=https://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-138.html |access-date=2023-10-01 |website=www2.eecs.berkeley.edu}}</ref> Needless to say, this single password should be strong and well-protected (not recorded anywhere). Most password managers can automatically create strong passwords using a cryptographically secure [[random password generator]], as well as calculating the entropy of the generated password. A good password manager will provide resistance against attacks such as [[key logging]], clipboard logging and various other memory spying techniques. |
||
==See also== |
==See also== |
||
{{Portal|Computer security}} |
|||
* [[Keystroke logging]] |
* [[Keystroke logging]] |
||
* [[Passphrase]] |
* [[Passphrase]] |
||
Line 273: | Line 278: | ||
== References == |
== References == |
||
{{ |
{{reflist}} |
||
6 Types of Password Attacks & How to Stop Them | OneLogin. (n.d.). Retrieved April 24, 2024, from https://www.google.com/ |
|||
Franchi, E., Poggi, A., & Tomaiuolo, M. (2015). Information and Password Attacks on Social Networks: An Argument for Cryptography. Journal of Information Technology Research, 8(1), 25–42. https://doi.org/10.4018/JITR.2015010103 |
|||
== External links == |
== External links == |
||
* [ |
* [https://tools.ietf.org/html/rfc4086 RFC 4086: Randomness Requirements for Security] |
||
* [https://web.archive.org/web/20160416035311/http://www.architectingsecurity.com/2010/09/11/password-patterns/ Password Patterns:The next generation dictionary attacks] |
* [https://web.archive.org/web/20160416035311/http://www.architectingsecurity.com/2010/09/11/password-patterns/ Password Patterns:The next generation dictionary attacks] |
||
Latest revision as of 03:48, 23 December 2024
Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.[1]
Using strong passwords lowers the overall risk of a security breach, but strong passwords do not replace the need for other effective security controls.[2] The effectiveness of a password of a given strength is strongly determined by the design and implementation of the authentication factors (knowledge, ownership, inherence). The first factor is the main focus of this article.
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g. three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secured with relatively simple passwords. However, the system store information about the user's passwords in some form and if that information is stolen, say by breaching system security, the user's passwords can be at risk.
In 2019, the United Kingdom's NCSC analyzed public databases of breached accounts to see which words, phrases, and strings people used. The most popular password on the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while the top five included "qwerty", "password", and 1111111.[3]
Password creation
[edit]Passwords are created either automatically (using randomizing equipment) or by a human; the latter case is more common. While the strength of randomly chosen passwords against a brute-force attack can be calculated with precision, determining the strength of human-generated passwords is difficult.
Typically, humans are asked to choose a password, sometimes guided by suggestions or restricted by a set of rules, when creating a new account for a computer system or internet website. Only rough estimates of strength are possible since humans tend to follow patterns in such tasks, and those patterns can usually assist an attacker.[4] In addition, lists of commonly chosen passwords are widely available for use by password-guessing programs. Such lists include the numerous online dictionaries for various human languages, breached databases of plaintext and hashed passwords from various online business and social accounts, along with other common passwords. All items in such lists are considered weak, as are passwords that are simple modifications of them.
Although random password generation programs are available nowadays which are meant to be easy to use, they usually generate random, hard-to-remember passwords, often resulting in people preferring to choose their own. However, this is inherently insecure because the person's lifestyle, entertainment preferences, and other key individualistic qualities usually come into play to influence the choice of password, while the prevalence of online social media has made obtaining information about people much easier.
Password guess validation
[edit]Systems that use passwords for authentication must have some way to check any password entered to gain access. If the valid passwords are simply stored in a system file or database, an attacker who gains sufficient access to the system will obtain all user passwords, giving the attacker access to all accounts on the attacked system and possibly other systems where users employ the same or similar passwords. One way to reduce this risk is to store only a cryptographic hash of each password instead of the password itself. Standard cryptographic hashes, such as the Secure Hash Algorithm (SHA) series, are very hard to reverse, so an attacker who gets hold of the hash value cannot directly recover the password. However, knowledge of the hash value lets the attacker quickly test guesses offline. Password cracking programs are widely available that will test a large number of trial passwords against a purloined cryptographic hash.
Improvements in computing technology keep increasing the rate at which guessed passwords can be tested. For example, in 2010, the Georgia Tech Research Institute developed a method of using GPGPU to crack passwords much faster.[5] Elcomsoft invented the usage of common graphic cards for quicker password recovery in August 2007 and soon filed a corresponding patent in the US.[6] By 2011, commercial products were available that claimed the ability to test up to 112,000 passwords per second on a standard desktop computer, using a high-end graphics processor for that time.[7] Such a device will crack a six-letter single-case password in one day. The work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs. Special key stretching hashes are available that take a relatively long time to compute, reducing the rate at which guessing can take place. Although it is considered best practice to use key stretching, many common systems do not.
Another situation where quick guessing is possible is when the password is used to form a cryptographic key. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data. For example, one commercial product claims to test 103,000 WPA PSK passwords per second.[8]
If a password system only stores the hash of the password, an attacker can pre-compute hash values for common password variants and all passwords shorter than a certain length, allowing very rapid recovery of the password once its hash is obtained. Very long lists of pre-computed password hashes can be efficiently stored using rainbow tables. This method of attack can be foiled by storing a random value, called a cryptographic salt, along with the hash. The salt is combined with the password when computing the hash, so an attacker precomputing a rainbow table would have to store for each password its hash with every possible salt value. This becomes infeasible if the salt has a big enough range, say a 32-bit number. Many authentication systems in common use do not employ salts and rainbow tables are available on the Internet for several such systems.
Entropy as a measure of password strength
[edit]Password strength is specified by the amount of information entropy, which is measured in shannon (Sh) and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. A related measure is the base-2 logarithm of the number of guesses needed to find the password with certainty, which is commonly referred to as the "bits of entropy".[9] A password with 42 bits of entropy would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with 42 bits of entropy would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, increasing the entropy of the password by one bit doubles the number of guesses required, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.[4]
Random passwords
[edit]Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), syllables designed to form pronounceable passwords or even words from a word list (thus forming a passphrase).
The strength of random passwords depends on the actual entropy of the underlying number generator; however, these are often not truly random, but pseudorandom. Many publicly available password generators use random number generators found in programming libraries that offer limited entropy. However, most modern operating systems offer cryptographically strong random number generators that are suitable for password generation. It is also possible to use ordinary dice to generate random passwords . Random password programs often can ensure that the resulting password complies with a local password policy; for instance, by always producing a mix of letters, numbers, and special characters.
For passwords generated by a process that randomly selects a string of symbols of length, L, from a set of N possible symbols, the number of possible passwords can be found by raising the number of symbols to the power L, i.e. NL. Increasing either L or N will strengthen the generated password. The strength of a random password as measured by the information entropy is just the base-2 logarithm or log2 of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password's information entropy, H, is given by the formula:
where N is the number of possible symbols and L is the number of symbols in the password. H is measured in bits.[4][10] In the last expression, log can be to any base.
Entropy per symbol for different symbol sets Symbol set Symbol count
NEntropy per symbol
HArabic numerals (0–9) (e.g. PIN) 10 3.322 bits Hexadecimal numerals (0–9, A–F) (e.g. WEP keys) 16 4.000 bits Case insensitive Latin alphabet (a–z or A–Z) 26 4.700 bits Case insensitive alphanumeric (a–z or A–Z, 0–9) 36 5.170 bits Case sensitive Latin alphabet (a–z, A–Z) 52 5.700 bits Case sensitive alphanumeric (a–z, A–Z, 0–9) 62 5.954 bits All ASCII printable characters except space 94 6.555 bits All Latin-1 Supplement characters 94 6.555 bits All ASCII printable characters 95 6.570 bits All extended ASCII printable characters 218 7.768 bits Binary (0–255 or 8 bits or 1 byte) 256 8.000 bits Diceware word list 7776 12.925 bits per word
A binary byte is usually expressed using two hexadecimal characters.
To find the length, L, needed to achieve a desired strength H, with a password drawn randomly from a set of N symbols, one computes:
where denotes the mathematical ceiling function, i.e. rounding up to the next largest whole number.
The following table uses this formula to show the required lengths of truly randomly generated passwords to achieve desired password entropies for common symbol sets:
Desired password entropy H |
Arabic numerals |
Hexadecimal | Case insensitive | Case sensitive | All ASCII | All Extended ASCII |
Diceware word list | ||
---|---|---|---|---|---|---|---|---|---|
Latin alphabet |
alpha- numeric |
Latin alphabet |
alpha- numeric |
printable characters | |||||
8 bits (1 byte) | 3 | 2 | 2 | 2 | 2 | 2 | 2 | 2 | 1 word |
32 bits (4 bytes) | 10 | 8 | 7 | 7 | 6 | 6 | 5 | 5 | 3 words |
40 bits (5 bytes) | 13 | 10 | 9 | 8 | 8 | 7 | 7 | 6 | 4 words |
64 bits (8 bytes) | 20 | 16 | 14 | 13 | 12 | 11 | 10 | 9 | 5 words |
80 bits (10 bytes) | 25 | 20 | 18 | 16 | 15 | 14 | 13 | 11 | 7 words |
96 bits (12 bytes) | 29 | 24 | 21 | 19 | 17 | 17 | 15 | 13 | 8 words |
128 bits (16 bytes) | 39 | 32 | 28 | 25 | 23 | 22 | 20 | 17 | 10 words |
160 bits (20 bytes) | 49 | 40 | 35 | 31 | 29 | 27 | 25 | 21 | 13 words |
192 bits (24 bytes) | 58 | 48 | 41 | 38 | 34 | 33 | 30 | 25 | 15 words |
224 bits (28 bytes) | 68 | 56 | 48 | 44 | 40 | 38 | 35 | 29 | 18 words |
256 bits (32 bytes) | 78 | 64 | 55 | 50 | 45 | 43 | 39 | 33 | 20 words |
Human-generated passwords
[edit]People are notoriously poor at achieving sufficient entropy to produce satisfactory passwords. According to one study involving half a million users, the average password entropy was estimated at 40.54 bits.[11]
Thus, in one analysis of over 3 million eight-character passwords, the letter "e" was used over 1.5 million times, while the letter "f" was used only 250,000 times. A uniform distribution would have had each character being used about 900,000 times. The most common number used is "1", whereas the most common letters are a, e, o, and r.[12]
Users rarely make full use of larger character sets in forming passwords. For example, hacking results obtained from a MySpace phishing scheme in 2006 revealed 34,000 passwords, of which only 8.3% used mixed case, numbers, and symbols.[13]
The full strength associated with using the entire ASCII character set (numerals, mixed case letters, and special characters) is only achieved if each possible password is equally likely. This seems to suggest that all passwords must contain characters from each of several character classes, perhaps upper and lower-case letters, numbers, and non-alphanumeric characters. Such a requirement is a pattern in password choice and can be expected to reduce an attacker's "work factor" (in Claude Shannon's terms). This is a reduction in password "strength". A better requirement would be to require a password not to contain any word in an online dictionary, or list of names, or any license plate pattern from any state (in the US) or country (as in the EU). If patterned choices are required, humans are likely to use them in predictable ways, such as capitalizing a letter, adding one or two numbers, and a special character. This predictability means that the increase in password strength is minor when compared to random passwords.
Password Safety Awareness Projects
Google developed Interland teach the kid internet audience safety on internet. On the chapter called Tower Of Tresure it is advised to use unusual names paired with characters like (₺&@#%) with a game.[14]
NIST Special Publication 800-63-2
[edit]NIST Special Publication 800-63 of June 2004 (revision two) suggested a scheme to approximate the entropy of human-generated passwords:[4]
Using this scheme, an eight-character human-selected password without uppercase characters and non-alphabetic characters OR with either but of the two character sets is estimated to have eighteen bits of entropy. The NIST publication concedes that at the time of development, little information was available on the real-world selection of passwords. Later research into human-selected password entropy using newly available real-world data has demonstrated that the NIST scheme does not provide a valid metric for entropy estimation of human-selected passwords.[15] The June 2017 revision of SP 800-63 (Revision three) drops this approach.[16]
Usability and implementation considerations
[edit]Because national keyboard implementations vary, not all 94 ASCII printable characters can be used everywhere. This can present a problem to an international traveler who wished to log into a remote system using a keyboard on a local computer tablet computers and smart phones, require complex shift sequences or keyboard app swapping to enter special characters.
. Many handheld devices, such asAuthentication programs can vary as to the list of allowable password characters. Some do not recognize case differences (e.g., the upper-case "E" is considered equivalent to the lower-case "e"), and others prohibit some of the other symbols. In the past few decades, systems have permitted more characters in passwords, but limitations still exist. Systems also vary as to the maximum length of passwords allowed.
As a practical matter, passwords must be both reasonable and functional for the end user as well as strong enough for the intended purpose. Passwords that are too difficult to remember may be forgotten and so are more likely to be written on paper, which some consider a security risk.[17] In contrast, others argue that forcing users to remember passwords without assistance can only accommodate weak passwords, and thus poses a greater security risk. According to Bruce Schneier, most people are good at securing their wallets or purses, which is a "great place" to store a written password.[18]
Required bits of entropy
[edit]The minimum number of bits of entropy needed for a password depends on the threat model for the given application. If key stretching is not used, passwords with more entropy are needed. RFC 4086, "Randomness Requirements for Security", published June 2005, presents some example threat models and how to calculate the entropy desired for each one.[19] Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period and stretching isn't applicable. A 2010 Georgia Tech Research Institute study based on unstretched keys recommended a 12-character random password but as a minimum length requirement.[5][20] It pays to bear in mind that since computing power continually grows, to prevent offline attacks the required number of bits of entropy should also increase over time.
The upper end is related to the stringent requirements of choosing keys used in encryption. In 1999, an Electronic Frontier Foundation project broke 56-bit DES encryption in less than a day using specially designed hardware.[21] In 2002, distributed.net cracked a 64-bit key in 4 years, 9 months, and 23 days.[22] As of October 12, 2011, distributed.net estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years.[23] Due to currently understood limitations from fundamental physics, there is no expectation that any digital computer (or combination) will be capable of breaking 256-bit encryption via a brute-force attack.[24] Whether or not quantum computers will be able to do so in practice is still unknown, though theoretical analysis suggests such possibilities.[25]
Guidelines for strong passwords
[edit]This article contains instructions, advice, or how-to content. (January 2022) |
Common guidelines
[edit]Guidelines for choosing good passwords are typically designed to make passwords harder to discover by intelligent guessing. Common guidelines advocated by proponents of software system security have included:[26][27][28][29][30]
- Consider a minimum password length of 8[31] characters as a general guide. Both the US and UK cyber security departments recommend long and easily memorable passwords over short complex ones.[32][33]
- Generate passwords randomly where feasible.
- Avoid using the same password twice (e.g. across multiple user accounts and/or software systems).
- Avoid character repetition, keyboard patterns, dictionary words, and sequential letters or numbers.
- Avoid using information that is or might become publicly associated with the user or the account, such as the user name, ancestors' names, or dates.
- Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user, such as relatives or pet names, romantic links (current or past), and biographical information (e.g. ID numbers, ancestors' names or dates).
- Do not use passwords that consist wholly of any simple combination of the aforementioned weak components.
Forcing the inclusion of lowercase letters, uppercase letters, numbers, and symbols in passwords was a common policy but has been found to decrease security, by making it easier to crack. Research has shown how predictable the common use of such symbols are, and the US[34] and UK[35] government cyber security departments advise against forcing their inclusion in password policy. Complex symbols also make remembering passwords much harder, which increases writing down, password resets, and password reuse – all of which lower rather than improve password security. The original author of password complexity rules, Bill Burr, has apologized and admits they decrease security, as research has found; this was widely reported in the media in 2017.[36] Online security researchers[37] and consultants are also supportive of the change[38] in best practice advice on passwords.
Some guidelines advise against writing passwords down, while others, noting the large numbers of password-protected systems users must access, encourage writing down passwords as long as the written password lists are kept in a safe place, not attached to a monitor or in an unlocked desk drawer.[39] Use of a password manager is recommended by the NCSC.[40]
The possible character set for a password can be constrained by different websites or by the range of keyboards on which the password must be entered.[41]
Examples of weak passwords
[edit]As with any security measure, passwords vary in strength; some are weaker than others. For example, the difference in strength between a dictionary word and a word with obfuscation (e.g. letters in the password are substituted by, say, numbers — a common approach) may cost a password-cracking device a few more seconds; this adds little strength. The examples below illustrate various ways weak passwords might be constructed, all of which are based on simple patterns which result in extremely low entropy, allowing them to be tested automatically at high speeds.:[12]
- Default passwords (as supplied by the system vendor and meant to be changed at installation time): password, default, admin, guest, etc. Lists of default passwords are widely available on the internet.
- Reused passwords: Passwords should be unique to a particular account. Altering reused passwords, such as changing a few letters or numbers, does not provide sufficient security.
- Dictionary words: chameleon, RedSox, sandbags, bunnyhop!, IntenseCrabtree, etc., including words in non-English dictionaries.
- Words with numbers appended: password1, deer2000, john1234, etc., can be easily tested automatically with little lost time.
- Munged passwords (words with simple obfuscation): p@ssw0rd, l33th4x0r, g0ldf1sh, etc., can be tested automatically with little additional effort. For example, a domain administrator password compromised in the DigiNotar attack was reportedly Pr0d@dm1n.[42]
- Doubled words: crabcrab, stopstop, treetree, passpass, etc.
- Common sequences from a keyboard row: qwerty, 123456, asdfgh, etc. including diagonal or backward sequences (qazplm, ytrewq, etc).
- Numeric sequences based on well known numbers such as 911 (9-1-1, 9/11), 314159... (pi), 27182... (e), 112 (1-1-2), etc.
- Identifiers: jsmith123, 1/1/1970, 555–1234, one's username, etc.
- Weak passwords in non-English languages, such as contraseña (Spanish) and ji32k7au4a83 (bopomofo keyboard encoding from Chinese)[43]
- Anything personally related to an individual: license plate number, Social Security number, current or past telephone numbers, student ID, current address, previous addresses, birthday, sports team, relative's or pet's names/nicknames/birthdays/initials, etc., can easily be tested automatically after a simple investigation of a person's details.
- Dates: dates follow a pattern and make your password weak.
- Names of well-known locations: New York, Texas, China, London, etc.
- Names of brands, celebrities, sports teams, musical groups, TV shows, movies, etc.
- Short passwords: Even if a password doesn't have any of the weaknesses listed above, if it is too short, it can be easily cracked.
There are many other ways a password can be weak,[44] corresponding to the strengths of various attack schemes; the core principle is that a password should have high entropy (usually taken to be equivalent to randomness) and not be readily derivable by any "clever" pattern, nor should passwords be mixed with information identifying the user. Online services often provide a restore password function that a hacker can figure out and by doing so bypass a password.
Rethinking password change guidelines
[edit]In the landscape of 2012, as delineated by William Cheswick in an article for ACM magazine, password security predominantly emphasized an alpha-numeric password of eight characters or more. Such a password, it was deduced, could resist ten million attempts per second for a duration of 252 days. However, with the assistance of contemporary GPUs at the time, this period was truncated to just about 9 hours, given a cracking rate of 7 billion attempts per second. A 13-character password was estimated to withstand GPU-computed attempts for over 900,000 years.[45][46]
In the context of 2023 hardware technology, the 2012 standard of an eight-character alpha-numeric password has become vulnerable, succumbing in a few hours. The time needed to crack a 13-character password is reduced to a few years. The current emphasis, thus, has shifted. Password strength is now gauged not just by its complexity but its length, with recommendations leaning towards passwords comprising at least 13-16 characters. This era has also seen the rise of Multi-Factor Authentication (MFA) as a crucial fortification measure. The advent and widespread adoption of password managers have further aided users in cultivating and maintaining an array of strong, unique passwords.[47]
Password policy
[edit]A password policy is a guide to choosing satisfactory passwords. It is intended to:
- assist users in choosing strong passwords
- ensure the passwords are suited to the target population
- Provide recommendations for users concerning the handling of their passwords
- impose a recommendation to change any password which has been lost or suspected of compromise
- use a password blacklist to block the use of weak or easily guessed passwords.
Previous password policies used to prescribe the characters which passwords must contain, such as numbers, symbols, or upper/lower case. While this is still in use, it has been debunked as less secure by university research,[48] by the original instigator[49] of this policy, and by the cyber security departments (and other related government security bodies[50]) of USA[51] and UK.[52] Password complexity rules of enforced symbols were previously used by major platforms such as Google[53] and Facebook,[54] but these have removed the requirement following the discovery that they actually reduced security. This is because the human element is a far greater risk than cracking, and enforced complexity leads most users to highly predictable patterns (number at the end, swap 3 for E, etc.) which helps crack passwords. So password simplicity and length (passphrases) are the new best practice and complexity is discouraged. Forced complexity rules also increase support costs, and user friction and discourage user signups.
Password expiration was in some older password policies but has been debunked[36] as best practice and is not supported by USA or UK governments, or Microsoft which removed[55] the password expiry feature. Password expiration was previously trying to serve two purposes:[56]
- If the time to crack a password is estimated to be 100 days, password expiration times fewer than 100 days may help ensure insufficient time for an attacker.
- If a password has been compromised, requiring it to be changed regularly may limit the access time for the attacker.
However, password expiration has its drawbacks:[57][58]
- Asking users to change passwords frequently encourages simple, weak passwords.
- If one has a truly strong password, there is little point in changing it. Changing passwords that are already strong introduces a risk that the new password may be less strong.
- A compromised password is likely to be used immediately by an attacker to install a backdoor, often via privilege escalation. Once this is accomplished, password changes won't prevent future attackers from accessing them.
- Moving from never changing one's password to changing the password on every authenticate attempt (pass or fail attempts) only doubles the number of attempts the attacker must make on average before guessing the password in a brute force attack. One gains much more security by just increasing the password length by one character than changing the password on every use.[citation needed]
Creating and handling passwords
[edit]The hardest passwords to crack, for a given length and character set, are random character strings; if long enough they resist brute force attacks (because there are many characters) and guessing attacks (due to high entropy). However, such passwords are typically the hardest to remember. The imposition of a requirement for such passwords in a password policy may encourage users to write them down, store them in mobile devices, or share them with others as a safeguard against memory failure. While some people consider each of these user resorts to increase security risks, others suggest the absurdity of expecting users to remember distinct complex passwords for each of the dozens of accounts they access. For example, in 2005, security expert Bruce Schneier recommended writing down one's password:
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.[39]
The following measures may increase acceptance of strong password requirements if carefully used:
- a training program. Also, updated training for those who fail to follow the password policy (lost passwords, inadequate passwords, etc.).
- rewarding strong password users by reducing the rate, or eliminating, the need for password changes (password expiration). The strength of user-chosen passwords can be estimated by automatic programs which inspect and evaluate proposed passwords when setting or changing a password.
- displaying to each user the last login date and time in the hope that the user may notice unauthorized access, suggesting a compromised password.
- allowing users to reset their passwords via an automatic system, which reduces help desk call volume. However, some systems are themselves insecure; for instance, easily guessed or researched answers to password reset questions bypass the advantages of a strong password system.
- using randomly generated passwords that do not allow users to choose their passwords, or at least offering randomly generated passwords as an option.
Memory techniques
[edit]Password policies sometimes suggest memory techniques to assist remembering passwords:
- mnemonic passwords: Some users develop mnemonic phrases and use them to generate more or less random passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Research estimates the password strength of such passwords to be about 3.7 bits per character, compared to the 6.6 bits for random passwords from ASCII printable characters.[59] Silly ones are possibly more memorable.[60] Another way to make random-appearing passwords more memorable is to use random words (see diceware) or syllables instead of randomly chosen letters.
- after-the-fact mnemonics: After the password has been established, invent a mnemonic that fits.[61] It does not have to be reasonable or sensible, only memorable. This allows passwords to be random.
- visual representations of passwords: a password is memorized based on a sequence of keys pressed, not the values of the keys themselves, e.g. a sequence !qAsdE#2 represents a rhomboid on a US keyboard. The method to produce such passwords is called PsychoPass.[62] Passwords produced by this method are much weaker than their length suggests, since successive keys are not independent and common keyboard sequences are included in password dictionaries. But some improvements can be made.[63][64]
- password patterns: Any pattern in a password makes guessing (automated or not) easier and reduces an attacker's work factor.
- For example, passwords of the following case-insensitive form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example pinray45) are called Environ passwords. The pattern of alternating vowel and consonant characters was intended to make passwords more likely to be pronounceable and thus more memorable. Such patterns severely reduce the password's information entropy, making brute force password attacks considerably more efficient. In the UK in October 2005, employees of the British government were advised to use passwords in this form.[citation needed]
Password managers
[edit]A reasonable compromise for using large numbers of passwords is to record them in a password manager program, which include stand-alone applications, web browser extensions, or a manager built into the operating system. A password manager allows the user to use hundreds of different passwords, and only have to remember a single password, the one which opens the encrypted password database.[65] Needless to say, this single password should be strong and well-protected (not recorded anywhere). Most password managers can automatically create strong passwords using a cryptographically secure random password generator, as well as calculating the entropy of the generated password. A good password manager will provide resistance against attacks such as key logging, clipboard logging and various other memory spying techniques.
See also
[edit]References
[edit]- ^ "Cyber Security Tip ST04-002". Choosing and Protecting Passwords. US CERT. 21 May 2009. Archived from the original on July 7, 2009. Retrieved June 20, 2009.
- ^ "Why User Names and Passwords Are Not Enough | SecurityWeek.Com". www.securityweek.com. 31 January 2019. Retrieved 2020-10-31.
- ^ "Millions using 123456 as password, security study finds". BBC News. 21 April 2019. Retrieved 24 April 2019.
- ^ a b c d "SP 800-63 – Electronic Authentication Guideline" (PDF). NIST. Archived from the original (PDF) on July 12, 2004. Retrieved April 20, 2014.
- ^ a b "Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World's Password Security System". Georgia Tech Research Institute. Archived from the original on 2010-12-30. Retrieved 2010-11-07.
- ^ US patent 7929707, Andrey V. Belenko, "Use of graphics processors as parallel math co-processors for password recovery", issued 2011-04-19, assigned to Elcomsoft Co. Ltd.
- ^ Elcomsoft.com Archived 2006-10-17 at the Wayback Machine, ElcomSoft Password Recovery Speed table, NTLM passwords, Nvidia Tesla S1070 GPU, accessed 2011-02-01
- ^ Elcomsoft Wireless Security Auditor, HD5970 GPU Archived 2011-02-19 at the Wayback Machine accessed 2011-02-11
- ^ James Massey (1994). "Guessing and entropy" (PDF). Proceedings of 1994 IEEE International Symposium on Information Theory. IEEE. p. 204.
- ^ Schneier, B: Applied Cryptography, 2e, page 233 ff. John Wiley and Sons.
- ^ Florencio, Dinei; Herley, Cormac (May 8, 2007). "A large-scale study of web password habits" (PDF). Proceedings of the 16th international conference on World Wide Web. p. 657. doi:10.1145/1242572.1242661. ISBN 9781595936547. S2CID 10648989. Archived (PDF) from the original on March 27, 2015.
- ^ a b Burnett, Mark (2006). Kleiman, Dave (ed.). Perfect Passwords. Rockland, Massachusetts: Syngress Publishing. p. 181. ISBN 978-1-59749-041-2.
- ^ Bruce Schneier (December 14, 2006). "MySpace Passwords aren't so Dumb". Wired Magazine. Archived from the original on May 21, 2014. Retrieved April 11, 2008.
- ^ "Play Interland - Be Internet Awesome". Play Interland - Be Internet Awesome. Retrieved 2024-09-10.
- ^ Matt Weir; Susdhir Aggarwal; Michael Collins; Henry Stern (7 October 2010). "Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords" (PDF). Archived from the original on July 6, 2012. Retrieved March 21, 2012.
- ^ "SP 800-63-3 – Digital Identity Guidelines" (PDF). NIST. June 2017. Archived from the original on August 6, 2017. Retrieved August 6, 2017.
- ^ A. Allan. "Passwords are Near the Breaking Point" (PDF). Gartner. Archived from the original (PDF) on April 27, 2006. Retrieved April 10, 2008.
- ^ Bruce Schneier. "Schneier on Security". Write Down Your Password. Archived from the original on April 13, 2008. Retrieved April 10, 2008.
- ^ Randomness Requirements for Security. doi:10.17487/RFC4086. RFC 4086.
- ^ "Want to deter hackers? Make your password longer". NBC News. 2010-08-19. Archived from the original on July 11, 2013. Retrieved 2010-11-07.
- ^ "EFF DES Cracker machine brings honesty to crypto debate". EFF. Archived from the original on January 1, 2010. Retrieved March 27, 2008.
- ^ "64-bit key project status". Distributed.net. Archived from the original on September 10, 2013. Retrieved March 27, 2008.
- ^ "72-bit key project status". Distributed.net. Retrieved October 12, 2011.
- ^ Bruce Schneier. "Snakeoil: Warning Sign #5: Ridiculous key lengths". Archived from the original on April 18, 2008. Retrieved March 27, 2008.
- ^ "Quantum Computing and Encryption Breaking". Stack Overflow. 2011-05-27. Archived from the original on 2013-05-21. Retrieved 2013-03-17.
- ^ Microsoft Corporation, Strong passwords: How to create and use them Archived 2008-01-01 at the Wayback Machine
- ^ Bruce Schneier, Choosing Secure Passwords Archived 2008-02-23 at the Wayback Machine
- ^ Google, Inc., How safe is your password? Archived 2008-02-22 at the Wayback Machine
- ^ University of Maryland, Choosing a Good Password Archived 2014-06-14 at the Wayback Machine
- ^ Bidwell, Teri (2002). Hack Proofing Your Identity in the Information Age. Syngress Publishing. ISBN 978-1-931836-51-7.
- ^ "NIST PASSWORD GUIDELINES IN 2020". Stealthbits. 18 August 2020. Retrieved 17 May 2021.
- ^ "Password Policy - Updating your approach". UK National Cyber Security Centre. Retrieved 17 May 2021.
- ^ "Choosing and Protecting Passwords". US Cybersecurity & Infrastructure Security Agency (CISA). 2019-11-18. Retrieved 2023-10-10.
- ^ "Digital Identity Guidelines". USA National Institute for Standards and Technology. Retrieved 17 May 2021.
- ^ "Password administration for system owners". UK National Cyber Security Centre. Retrieved 17 May 2021.
- ^ a b "Password Rules - Founder of Password Complexity Says SORRY!". Retrieved 17 May 2021.
- ^ "CyLab Usable Privacy and Security Laboratory (CUPS)". Carnegie Mellon University (USA). Retrieved 17 May 2021.
- ^ Bruce, Schneier. "Changes in Password Best Practices". Schneier on Security. Retrieved 17 May 2021.
- ^ a b "Write Down Your Password - Schneier on Security". www.schneier.com. Archived from the original on 2008-04-13.
- ^ "What does the NCSC think of password managers?". www.ncsc.gov.uk. Archived from the original on 2019-03-05.
- ^ e.g. for a keyboard with only 17 nonalphanumeric characters, see one for a BlackBerry phone in an enlarged image Archived 2011-04-06 at the Wayback Machine in support of Sandy Berger, BlackBerry Tour 9630 (Verizon) Cell Phone Review, in Hardware Secrets (August 31, 2009) Archived April 6, 2011, at the Wayback Machine, both as accessed January 19, 2010. That some websites don’t allow nonalphanumerics is indicated by Kanhef, Idiots, For Different Reasons (June 30, 2009) (topic post) Archived April 6, 2011, at the Wayback Machine, as accessed January 20, 2010.
- ^ "ComodoHacker responsible for DigiNotar Attack – Hacking News". Thehackernews.com. 2011-09-06. Archived from the original on 2013-05-17. Retrieved 2013-03-17.
- ^ Dave Basner (8 March 2019). "Here's Why 'ji32k7au4a83' Is A Surprisingly Common Password". Retrieved 25 March 2019.
- ^ Bidwell, p. 87
- ^ William, Cheswick (2012-12-31). "HTML version - Rethinking Passwords". Association for Computing Machinery (ACM). Archived from the original on 2019-11-03. Retrieved 2019-11-03.
- ^ William, Cheswick (2012-12-31). "ACM Digital Library - Rethinking Passwords". Queue. 10 (12): 50–56. doi:10.1145/2405116.2422416.
- ^ "The State of Password Security 2023 Report | Bitwarden Resources". Bitwarden. Retrieved 2023-09-24.
- ^ "Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements" (PDF). Carnegie Mellon University. Retrieved 17 May 2021.
- ^ "Bill Burr, Founder of Password complexity rules says SORRY!". Retrieved 17 May 2021.
- ^ "Passwords in online services". UK Information Commissioner's Office (ICO). Retrieved 17 May 2021.
- ^ "Digital Identity Guidelines". USA National Institute of Standards and Technology. Retrieved 17 May 2021.
- ^ "Password guidance" (PDF). Cyber Security, UK Government Communications Headquarters. Retrieved 17 May 2021.
- ^ "Create a Strong Password". Google Inc. Retrieved 17 May 2021.
- ^ "Login and Password Help". FaceBook Inc. Retrieved 17 May 2021.
- ^ "Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903". Microsoft. 23 May 2019. Retrieved 17 May 2021.
- ^ "In Defense of Password Expiration". League of Professional Systems Administrators. Archived from the original on October 12, 2008. Retrieved April 14, 2008.
- ^ "The problems with forcing regular password expiry". IA Matters. CESG: the Information Security Arm of GCHQ. 15 April 2016. Archived from the original on 17 August 2016. Retrieved 5 Aug 2016.
- ^ Eugene Spafford. "Security Myths and Passwords". The Center for Education and Research in Information Assurance and Security. Archived from the original on April 11, 2008. Retrieved April 14, 2008.
- ^ Johannes Kiesel; Benno Stein; Stefan Lucks (2017). "A Large-scale Analysis of the Mnemonic Password Advice" (PDF). Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS 17). Internet Society. Archived from the original (PDF) on 2017-03-30. Retrieved 2017-03-30.
- ^ Mnemonic Devices (Indianapolis, Ind.: Bepko Learning Ctr., University College), as accessed January 19, 2010 Archived June 10, 2010, at the Wayback Machine
- ^ Remembering Passwords (ChangingMinds.org) Archived 2010-01-21 at Wikiwix, as accessed January 19, 2010
- ^ Cipresso, P; Gaggioli, A; Serino, S; Cipresso, S; Riva, G (2012). "How to Create Memorizable and Strong Passwords". J Med Internet Res. 14 (1): e10. doi:10.2196/jmir.1906. PMC 3846346. PMID 22233980.
- ^ Brumen, B; Heričko, M; Rozman, I; Hölbl, M (2013). "Security analysis and improvements to the PsychoPass method". J Med Internet Res. 15 (8): e161. doi:10.2196/jmir.2366. PMC 3742392. PMID 23942458.
- ^ "zxcvbn: realistic password strength estimation". Dropbox Tech Blog. Archived from the original on 2015-04-05.
- ^ "The Emperor's New Password Manager: Security Analysis of Web-based Password Managers | EECS at UC Berkeley". www2.eecs.berkeley.edu. Retrieved 2023-10-01.
6 Types of Password Attacks & How to Stop Them | OneLogin. (n.d.). Retrieved April 24, 2024, from https://www.google.com/
Franchi, E., Poggi, A., & Tomaiuolo, M. (2015). Information and Password Attacks on Social Networks: An Argument for Cryptography. Journal of Information Technology Research, 8(1), 25–42. https://doi.org/10.4018/JITR.2015010103