Join 3,415 readers in helping fund MetaFilter (Hide)


zk8NJgAOqc4
November 21, 2013 4:20 PM   Subscribe

The Greatest Crossword Puzzle In The History Of The World is now playable: Adobe Crossword
posted by the man of twists and turns (37 comments total) 20 users marked this as a favorite

 
I am both appalled and not surprised by the number of people who put their actual password into the password hint field.
posted by caution live frogs at 4:49 PM on November 21, 2013 [3 favorites]


Hint
He did the mash. He did the _________


Someone's password is Monster Mash? I've been doing it wrong.
posted by 2bucksplus at 4:49 PM on November 21, 2013 [3 favorites]


Yeah, I wasn't surprised that some people had easy passwords and hints that made it obvious in conjunction with each other, but... adobe*2? Somehow it's more unnerving to realize that people somehow think nobody else could possibly guess from something like that than to see someone using 'test' as a password.
posted by Sequence at 5:03 PM on November 21, 2013


I am both appalled and not surprised by the number of people who put their actual password into the password hint field.

.. adobe*2?

In their defense, its just some Adobe cloud thing. Using a simple throwaway password there was probably fine - the dangerous thing is using the same password accross multiple places.
posted by memebake at 5:26 PM on November 21, 2013 [1 favorite]


Including a mandatory (or even suggested) password hint box in your sign up is so ridiculously silly it completely precludes any shock at or mocking of people's hint choices, frankly.
posted by lucidium at 5:28 PM on November 21, 2013


If you go for password popularity 700-800 you actually start getting interesting words and clues.
posted by memebake at 5:33 PM on November 21, 2013


I have never once actually utilized the reminder for what it was intentioned. I always write something completely crazy and unrelated.
posted by nevercalm at 5:43 PM on November 21, 2013


Wow, this is awesome.

...

Easy way to make a decent password: create a random portmanteau word which does not exist in any dictionary. Add arbitrary characters. Done.

For example, near me is a British Shorthair sitting on a table. So, "brible1883" comes to mind.

It's easy enough to memorize such a password, because it's actually pronounceable, and I'm attaching it to things that I can see and remember. But, it's also impossible to guess through mere brute force. Even if you know that I have a cat, there's no reason whatsoever to suspect that "brible" would be a relevant phrase, let alone 1883, which has no significance whatsoever to me.
posted by Sticherbeast at 5:46 PM on November 21, 2013 [1 favorite]


For passwords I actually have to remember, I got a dumb little free 'random word' app for my phone. Launch it and it gives you three random words (Correct Horse Battery Staple), to which I add a number. Random, but easy to remember.

For everything else I use a password manager, because duh.
posted by device55 at 6:33 PM on November 21, 2013 [1 favorite]


I usually write worthless stuff in my password hint, like "come on dude" or "you know this"
posted by 2bucksplus at 6:36 PM on November 21, 2013 [2 favorites]


Sticherbeast: But, it's also impossible to guess through mere brute force.
Your scheme is undoubtedly a huge improvement over common practice. But. This is from Wikipedia:
As of 2011, available commercial products claim the ability to test up to 2,800,000,000 passwords a second on a standard desktop computer using a high-end graphics processor.[10] Such a device can crack a 10 letter single-case password in one day. Note that the work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs.
Services like Amazon's S3 make it possible to rent time on hundreds or thousands of so-equipped computers for a tiny fraction of their capital cost.

To get the best out of passwords, you really need to make them longish and deliberately arrange for them to draw on the full available character set - uppercase, lowercase, digits, symbols, etc.

I'm not a robot, so my password habits could be improved too.
posted by Western Infidels at 6:36 PM on November 21, 2013 [3 favorites]


To get the best out of passwords, you really need to make them longish and deliberately arrange for them to draw on the full available character set - uppercase, lowercase, digits, symbols, etc.

Which makes it completely infuriating when you try to sign up for a service, and it complains that Your Password Is Too Long! 8 characters Max! or Letters and Numbers Only!. Strangely, banks seem to be the most guilty of this.
posted by Jimbob at 7:09 PM on November 21, 2013 [4 favorites]


The password advice here is not good. As much as it pains me to say and link this because I hate when other people do similar, the xkcd comic on "correcthorsebatterystaple" is much better than that common advice of single words followed by numbers, or with certain letters replaced by numbers.

Following the leak of the Rockyou database, which was ~38m passwords, password crackers were dramatically improved by a large corpus of passwords that people actually used, as well as seeing how people modified their passwords to be "stronger". Considering the adobe breach is ~156m, I expect we'll see another step forward in the dictionaries that are out there.

Password managers that create and save good password can also be a very good idea, depending on your use case. This is the direction Apple has introduced with 10.9, and I expect we'll see Google/Firefox follow shortly.
posted by yeahwhatever at 7:15 PM on November 21, 2013 [1 favorite]


From my experience running a BBS, this is far fewer swears than I expected. I suppose that's because most of the swears came after the BBS software told them they couldn't use their name, and it looks like the Adobe website had no such limitations.

(Of course, there was the dude who, after finding out he couldn't use his name as his password, tried to log in as any other user he could figure under the assumption that he couldn't use that password because someone else was already using it.)
posted by ckape at 7:19 PM on November 21, 2013


Yeah, longer is better than shorter, but many websites have a hard limit on your password length.

Either way, the xkcd advice is fine, but I still say to not use real words. Portmanteaux can be both memorable and not found in any dictionary.
posted by Sticherbeast at 7:22 PM on November 21, 2013


Acronyms of sentences, adding capitals and numbers as necessary, can be pretty good because they come with their own mnemonic. But almost certainly statistical properties of language mean that they have less entropy than the number of letters would suggest...
posted by en forme de poire at 7:32 PM on November 21, 2013 [1 favorite]


Oh yeah - also? I don't recall ever getting a warning about this from Adobe. But my fucking DNS provider sent me an email saying they found my email in the released logs.

If I didn't have that provider, how would I have even known? Yep - I looked in all my email boxes and fucking NADA from adobe about this.

I should really just close my fucking account, period. Fuck them for such shit security. XKCD is right. Pirates were safer (well, assuming they got a legit pirate copy and not some malware infested shit LULZ - WE ARE FUCKED!)
posted by symbioid at 8:09 PM on November 21, 2013 [1 favorite]


My password for certain things is a band's album name that is around 30-some characters long, then I add a number or something at the end. It's good, I can type it fast, and it's near gibberish.
posted by gucci mane at 8:10 PM on November 21, 2013


Just about any information that you insert into a password will help make it easier to crack. The number of "pronouncable" passwords is far smaller than the number of wholly random ones.

I suggest using a password database like Password Safe, which is endorsed by security guru Bruce Schneier. I keep the encrypted database file in dropbox, so I have access to my passwords on any computer (even my phone). There's implementations for just about every platform. It lets you generate random passwords of any length, with any set of characters, so you can make the strongest password that any site will allow.

It's also handy for keeping track of other information, like URLs and user names for the sites you use.
posted by rustcrumb at 8:12 PM on November 21, 2013


Gucci mane - I hope that's not Vivadixiesubmarinetransmissionplot232, otherwise we're both sunk.
posted by Devonian at 9:53 PM on November 21, 2013 [2 favorites]


Your scheme is undoubtedly a huge improvement over common practice. But. This is from Wikipedia:

As of 2011, available commercial products claim the ability to test up to 2,800,000,000 passwords a second on a standard desktop computer using a high-end graphics processor.[10] Such a device can crack a 10 letter single-case password in one day. Note that the work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs.

Services like Amazon's S3 make it possible to rent time on hundreds or thousands of so-equipped computers for a tiny fraction of their capital cost.

To get the best out of passwords, you really need to make them longish and deliberately arrange for them to draw on the full available character set - uppercase, lowercase, digits, symbols, etc.


The ideas of "search space size" and "bits of entropy" are useful when thinking about passwords. Both are measures of unknownness.

The search space size is simply the number of different values that a password constructed by a given set of rules could possibly have. You can work out the search space size for a password constructed from multiple independent components by multiplying together the search space sizes for each of the individual components. For example, there are 10 distinct numeric digits, so if I were to use a single numeric digit as my password, the search space size would be 10. Two numeric digits would get me a search space of 100, three would get me 1000 and so on.

The number of bits of entropy is the base-2 logarithm of the search space size. You can get this from a calculator by taking the ordinary log of the search space size, then dividing the result by the ordinary log of 2. For example, search spaces of sizes 10, 100 and 1000 have 3.32, 6.64 and 9.96 bits of entropy respectively.

Bits of entropy is a logarithmic measure, so you can work out the total entropy of a multi-component password by adding the entropies for the individual components. And it's a base 2 logarithm, so doubling the search space size adds exactly one bit of entropy. Another way of saying that is that each additional bit of entropy makes your password take twice as long to crack by brute force.

Examples: a randomly chosen single letter gives a search space size of 26, which comes to 4.7 bits of entropy. Treating lowercase and uppercase as distinct doubles the search space size to 52 and adds one bit of entropy, getting you 5.7 bits.

A single character that could be a letter or a numeric digit has a search space size of 36, or 5.17 bits of entropy. Digits plus case-sensitive letters: search space size 62, 5.95 bits of entropy. Allowing any printable character defined in the ASCII set takes the search space size to 95: 6.6 bits of entropy.

So a ten-character password made entirely of randomly chosen lowercase letters would have 47 bits of entropy; if made of mixed-case letters, 57 bits; mixed-case letters and digits, 59.5 bits; arbitrary printable ASCII gibberish, 66 bits.

66 bits divided by 4.7 bits (entropy of a single lowercase letter) yields the length you'd need for a password composed solely of lowercase letters to have the same entropy as a 10-character arbitrary ASCII one: 14 letters. To get the same strength with digits and lowercase you'd need 66 ÷ 5.17 = 13 characters; with digits and mixed case, 11 characters.

All of the above assumes that the password characters are being chosen completely at random by some process equivalent to coin flips or dice rolls. But that's not how people typically generate passwords. Instead, people usually use words or maybe syllables, and this is where a false sense of security can creep in.

I'm about to pull some numbers out of my arse but I don't think they'd be too far off: I'm going to suggest that the number of candidate syllables would be under 1,000; words, somewhere south of 20,000. This gives syllables an entropy of about 10 bits and words about 14. So if you pick two syllables at random and tack on four digits to get "brible1883", you're looking at 10 + 10 + 13 = 33 bits of entropy, well short of the 10 * 5.17 = 51 bits you might be tempted to assume by thinking of it as 10-character mix of letters and digits.

Those 18 missing bits of entropy mean that a cracker built to search the space of two-syllable plus four-digit "nonsense" passwords has 218 = about a quarter of a million times less work to do than you might naively expect.

And this is why, for any given password length limit, you get by far the best strength by letting a computer pick characters at random from as large an alphabet as the rules allow: point one in favour of using password management software, which usually makes this easy. Point two is that long passwords are a pain in the arse to type - much easier to let the software paste them in for you.

So how much entropy is enough?

Let's start by assuming that you want the chance of your password being cracked in any given year by a dedicated cracker run against it to be under one in a billion, and start with the cracker the Wikipedia article claims can run 2.8 billion tests per second.

2.8 × 109 tests/second × 60 seconds/minute × 60 minutes/hour × 24 hours/day × 365 days/year = 8.8 × 1016 tests/year. We want a search space a billion times bigger than that: 8.8 × 1025. Log to base 2 of that is 86, so it looks like 86 bits of entropy ought to do.

But there's a twist: search rate improvement rate. Computers get about twice as fast every year, so each additional year of desired password life needs roughly one additional bit of entropy. On the other hand, there is reason to believe that this improvement rate will run into some kind of physical wall before we see too many more doublings. So bung on an extra 42 bits (because 42 is of course the Answer), make it your policy to choose passwords with 128 bits of entropy and call it done (reassuringly, 128 bits is the size of an SSL encryption key and that size was chosen by people smarter than either of us).

Here are some example passwords that had at least 128 bits of entropy before I posted them (now that I have, they all have none):

1@:8#r`]bk6{lfurV_H- (20 printable ASCII characters)
TZAU5znG0tLp6ix5goT5f0 (22 mixed-case letters and digits, 131 bits)
mupc.dqmx.uggu.ssyy.faja.aqlt.jhfx (28 lowercase characters, 132 bits; punctuation for human convenience is in predictable locations and doesn't count as entropy though it does improve resistance to simple minded brute forcing)

None of these are anything a person could reasonably be expected to remember at all, let alone per service, which is exactly why Password Safe and KeePass and 1Password and LastPass exist. Pick one you like and use it. If you do that, and always generate the longest and most varied password the service you're using will allow you to set, then your passwords will always be among the 5% that the crackers leave behind after extracting all the goodness from the rest of what they stole.

Banks cop a lot of stick for using what seem to be completely dopey password schemes. Westpac, for example, wants you to use an onscreen keyboard to enter a mix of uppercase letters and digits that can't be more than 6 characters long. By the calculations above that comes out to 31 bits of entropy or a search space of 2,176,782,336 - about 0.8 seconds of work for our example cracking engine.

They can get away with this because high speed cracking engines need unrestricted offline access to material encrypted by the passwords they're trying to crack, or to hashes of those passwords, and the bank and its customers reckon the bank's system security is hardened enough to prevent theft of that kind of stuff. As long as they're right, they can rate-limit password cracking attempts to an extent that makes the resulting fraud success rate economically tolerable.

LinkedIn and now Adobe, not so much.
posted by flabdablet at 11:55 PM on November 21, 2013 [6 favorites]


I suggest using a password database like Password Safe, which is endorsed by security guru Bruce Schneier. I keep the encrypted database file in dropbox, so I have access to my passwords on any computer (even my phone).

Where do you keep your Dropbox password?
posted by rollick at 1:10 AM on November 22, 2013


I keep mine in my KeePass password database file, a copy of which I keep on DropBox. I also have a copy on a micro SD card I keep in a tiny USB card reader attached to my car keys, giving me nearly-as-convenient access to my passwords from devices not connected to my DropBox account.

The DropBox copy is the authoritative one; If I need to create a new entry in the car keys copy, I'll manually update it from the DropBox version first, then copy it back to DropBox when I'm done.

My KeePass master password is in the same format as the mupc.dqmx.uggu.ssyy.faja.aqlt.jhfx one I mentioned above; I used this random.org page to create it. Breaking it into four-letter groups that way made it possible to remember after a while; until that happened, I had it on a card in my wallet. That card is now in safer storage, in case I lose my marbles.
posted by flabdablet at 3:15 AM on November 22, 2013 [3 favorites]


It's absolutely infuriating the way Adobe are handling this. I only signed up to bypass the annoying login screen that pops up when I run Elements. It's a throwaway password so I don't give a shit about that, but to find out about the compromise from a fucking XKCD comic is ridiculous. Nothing from Adobe until I actually logged in on their website last night to check if I was affected.
posted by IanMorr at 7:22 AM on November 22, 2013 [1 favorite]


All you folks complaining you got nothing from Adobe have a different experience from me.

I've had two "your account has been locked, please reset your password" emails from them, distinguishable from phishing attempts only by a distinct lack of grammatical and spelling errors and the fact that their headers show they came from servers run by Adobe. Which I have ignored, because (a) anybody who can breach Adobe's security to that extent can probably send godknowswtf through their mail servers as well and (b) I only have an Adobe account to courtesy-comply with the terms of Flash, Shockwave and Reader distribution licenses that I am no longer even going to pretend to give a shit about.

The Adobe C-suite appears to be running around with a chicken and its head cut off.
posted by flabdablet at 7:35 AM on November 22, 2013


By the way, the OS X built in Keychain is a password manager. It can generate passwords with varying methods, letting you set the length. I always cycle through a few suggestions of the "two dictionary words and a couple random characters in the middle" method until I find one that's easy to remember.
posted by yoHighness at 7:39 AM on November 22, 2013


Thanks flabdablet. I hadn't thought of random.org.

And your mention of a locked away password card made me wonder about how a password card could be designed for easy use by the owner and not-so-easy use by random coworker who finds your card.

I wonder if this would work. The alphanums were generated with random.org. The card owner could memorize simple patterns, such as the Amazon pw is every 3rd character going right to left, bottom to top. The metafilter PW could be the T shape from each square. And so on, so that one's commonly used passwords could all be on one card. Wouldn't stop random NSA guy who finds your card but would possibly thwart a random onlooker.
posted by honestcoyote at 8:49 AM on November 22, 2013


> The Adobe C-suite appears to be running around with a chicken and its head cut off.

Which is why it's great that this entire fiasco was perfectly timed with Adobe's rollout of CreativeCloud.
posted by nathan_teske at 9:23 AM on November 22, 2013


Considering the adobe breach is ~156m, I expect we'll see another step forward in the dictionaries that are out there.

The passwords were encrypted with 3DES. As far as I know no one has revealed/cracked the actual key used for the encryption, so this isn't a boon for cracking dictionaries as Rockyou was. The most interesting thing here are the password hints.

(Also, halfway kudos to Adobe, they actually did not allow you to enter the same text for your hint as your password, which is why you see so many strange variants of hints.)
posted by ymgve at 10:43 AM on November 22, 2013


The card owner could memorize simple patterns, such as the Amazon pw is every 3rd character going right to left, bottom to top. The metafilter PW could be the T shape from each square. And so on, so that one's commonly used passwords could all be on one card.

Schemes like this are fun to devise but in my opinion are all still Doing It Wrong. Really, just use password management software.

I have logon credentials in my password database for about 80 different services at present. If I were to attempt to do the same thing with a card, then not only would I need to use insanely small print on the card or perhaps switch to a notebook, but I would need to pick out and type in a crazily error-prone long password every time I wanted to log on somewhere.

With KeePass I only need to type an annoying password once per login session, to get my database open. The process for all the rest goes: click the KeePass button in the task bar to bring KeePass to the front; find and click the entry for the service I want to use; hit Ctrl-U to open the site's login page (doing it this way ensures I'm not using a fake site); make sure the Username box on the site is empty and has keyboard focus; bring KeePass back to the front; hit Ctrl-V to auto-type the username and password and log in.

Four clicks and two keypresses is so much better than playing hunt-and-peck games with a card.

Unfortunately there are still times when I do need to type a long password by hand. The most irritating of these involves (naturally) Apple IDs on iPhones.

Apple's commitment to security theatre is second to none. They won't let me create an Apple ID password that looks like yqox ompo twna tisf ugbw qucy pahh (easy to type in on their idiot virtual keyboard that has no punctuation available other than Space) because they're "not strong enough": they don't contain at least one digit and at least one uppercase letter. Also they contain spaces, which are not allowed (wtf?). Fartarsing about with keyboard mode shifts is mandatory for Apple ID passwords. Pfleugh.

Then, to add insult to injury, many of the dialogs into which you need to type an Apple ID password are modal - you can't put them aside while you go and fetch a password from your password management software. And there are idiot rules that appeared with iOS 6 iirc that mean you can't paste into a password box anyway.

But you want your Apple ID password to be Pa55w0rd? No problem.
posted by flabdablet at 4:41 PM on November 22, 2013 [1 favorite]


oblig
xkcd password reuse

Being an IT admin, I get to put a copy of that strip into every new user packet.
And the one that yeahwhatever linked to.
posted by Zangal at 7:12 PM on November 22, 2013 [1 favorite]


Really, just use password management software.

I wasn't suggesting that anyone avoid using pw management software.

I was thinking of a solution to the paper backup solution since you had mentioned making a card and then locking it up. My idea was there might be a way to create a paper backup, which would be relatively secure from prying eyes and could potentially contain several passwords. Hence the quick mockup I created in a business card layout.

Obviously, not something you'd want to squint at every day, but if the usb key failed, or if you were in a situation where you couldn't copy&paste, etc. So not a replacement but a supplement.
posted by honestcoyote at 8:57 PM on November 22, 2013


Fair enough. Still overkill for me though; the only password I needed on my card was my KeePass master password, and my fingers learned that after a couple of weeks' use.

The point of backups is reliability, not quick accessibility, so I'm actually happier to have my master password backed up in a totally obvious form. If I'm ever incapacitated enough to forget my master password, I doubt I'd remember the right rule to use to extract it from a long-unused grid.
posted by flabdablet at 2:31 AM on November 23, 2013


So I have a zillion digit password managed by a password manager. What on earth do I do when logging in somewhere that isn't my computer? I assume they have android versions. Do those databases exist on my phone, or do they assume I never lose cell signal in old campus buildings with thick walls?
posted by Canageek at 5:37 PM on November 23, 2013


KeePass uses a local password database file, which can be anywhere. I use the one on my keyring micro-SD card if I need to use an Android device I haven't already saved a DropBox-synced copy on. Here's a good guide to using KeePassDroid with DropBox.
posted by flabdablet at 3:19 AM on November 24, 2013


gucci mane: "My password for certain things is a band's album name that is around 30-some characters long, then I add a number or something at the end. It's good, I can type it fast, and it's near gibberish."

If it appears in print online, it's not near-gibberish; it's a line in the hackers' database of password source words. That boat sailed already.
posted by IAmBroom at 2:28 PM on November 25, 2013


Indeed, as a friend of mine found out to his considerable inconvenience after deciding that the motherboard model number printed on his computer parts box was a random-looking mix of letters, numbers and hyphens and would therefore make a good password. Gmail account breached in six weeks.
posted by flabdablet at 2:31 AM on November 26, 2013 [2 favorites]


« Older 8 reasons I'm happy it isn't 1963...  |  We are Monty Python. Ask Us A... Newer »


This thread has been archived and is closed to new comments