Passphrases That You Can Memorize — But That Even the NSA Can’t Guess
December 15, 2015 4:35 AM   Subscribe

Passphrases That You Can Memorize — But That Even the NSA Can’t Guess. It turns out, coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. If you use an entirely random sequence of characters it might be very secure, but it’s also agonizing to memorize (and honestly, a waste of brain power). ... But luckily this usability/security trade-off doesn’t have to exist. ...

But luckily this usability/security trade-off doesn’t have to exist. There is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. The method is called Diceware, and it’s based on some simple math.
...
Imagine your adversary has taken the lyrics from every song ever written, taken the scripts from every movie and TV show, taken the text from every book ever digitized and every page on Wikipedia, in every language, and used that as a basis for their guess list. Will your passphrase still survive?
...
(after all that doom and gloom, let's cut to the good part now - dtb)
In other words, if an attacker knows that you are using a seven-word Diceware passphrase, and they pick seven random words from the Diceware word list to guess, there is a one in 1,719,070,799,748,422,591,028,658,176 chance that they’ll pick your passphrase each try.

At one trillion guesses per second — per Edward Snowden’s January 2013 warning — it would take an average of 27 million years to guess this passphrase.
VIA Micah Lee @ The Intercept
posted by dancestoblue (114 comments total) 76 users marked this as a favorite
 
I created a 7 word password, using Diceware, as suggested in the linked page. It took about ten minutes maybe, fifteen max. Ridiculously simple.

I wrote the words down on paper, as suggested, with an eye toward tossing the paper upon memorizing the password. Actually, two slips of paper for me; I put one in my wallet, for use with my smart phone.

I am *not* noted for my memory. No one has ever accused me of having a mind like a steel trap.

I easily had it memorized inside two days.

That was a week ago; I tend now to transpose the last two words sometimes, though less and less. The paper is gone. And: since memorizing it, I went ahead and added an *extra* word, for fun. You know, because I can....
posted by dancestoblue at 4:36 AM on December 15, 2015 [3 favorites]


Related XKCD
posted by exogenous at 4:46 AM on December 15, 2015 [12 favorites]


Exogenous beat me by a nose!
posted by oheso at 4:46 AM on December 15, 2015


There are a bunch of python scripts going by names like xkcdpass that generate similar passwords using /usr/share/dict/words, which has almost 100k words as opposed to 8k for Diceware, so you'll only need like 5 words instead of 7. Now these passwords generated by Diceware should consist of words you already know, and maybe even spell, so maybe that simplifies things.
posted by jeffburdges at 4:48 AM on December 15, 2015 [2 favorites]


Exogenous beat me by a nose!

How did you guess my diceware password?!?
posted by fairmettle at 4:51 AM on December 15, 2015 [34 favorites]


Past metafilter post on a teenager who will roll one for you.

I ordered one out of curiosity, modified it a bit and it's now in use.

I think what most people have to worry about, though, is not the NSA but just getting hacked by some scammer or other internet rando. These people don't brute force your password, they just steal it from a third party with bad security.

And so step one is to make sure you have a different password for each site and two factor auth enabled wherever possible. You can use one of these diceware passwords for the password database if you like.
posted by selfnoise at 4:54 AM on December 15, 2015 [13 favorites]


But what about how I have to remember a password for a wiki that includes a lower case letter, upper case letter, at least one number, at least one special character, can't include any words in the English dictionary, and can't be a password I've used previously? That I have to change every ninety days.

I have a bank password I didn't change for fifteen years but for some reason the wiki admin thinks the wiki requires national security level protection despite the fact that no one reads it or updates it, most likely because no one knows their own password.

And to change the password you have to go use a hash generator.

Good God.
posted by A Terrible Llama at 4:55 AM on December 15, 2015 [49 favorites]


... Now these passwords generated by Diceware should consist of words you already know, and maybe even spell, so maybe that simplifies things.
posted by jeffburdges at 6:48 AM on December 15

I looked over the Diceware list, saw that many of the entries aren't words at all, in fact some are two letter combinations like ob or xr -- how long they are or if they are words apparently doesn't matter, though of course I suspect that words would be easier to memorize at the first...
posted by dancestoblue at 4:57 AM on December 15, 2015


This will work up until the NSA completes the research to put together its definitive 'big book of cat names'.
posted by biffa at 5:16 AM on December 15, 2015 [4 favorites]


The important part is *don't reuse your email password anywhere else*, everything else is rounding error.

If someone pops your email, they can reset all your passwords. Use 2-factor if available.
posted by you at 5:19 AM on December 15, 2015 [11 favorites]


A Terrible Llama: "But what about how I have to remember a password for a wiki that includes a lower case letter, upper case letter, at least one number, at least one special character, can't include any words in the English dictionary, and can't be a password I've used previously? That I have to change every ninety days. "

Generate one strong but easily memorisable passphrase, and use that as the master password for a password manager (eg. 1Password, or KeePass, or Pass) that stores the passwords for each of your accounts, which should be unique but need not be memorizable.
posted by James Scott-Brown at 5:19 AM on December 15, 2015 [14 favorites]


I looked over the Diceware list, saw that many of the entries aren't words at all, in fact some are two letter combinations like ob or xr

Looks like someone is not a Scrabble player.
posted by St. Sorryass at 5:23 AM on December 15, 2015 [7 favorites]


This is all well and good but the vast bulk of websites for which I need actual security (due to containing financial information and access to my money) subscribe to the "something between 8 and 16 numbers and letters containing at least one capital letter and one number, no spaces or special characters" school of "security" so, yeah. I can *have* good passwords (and I personally have the ability to type and remember things like j2Kb235x838 27pa;563h coq2dqbm c7ldwutu2) but the websites that NEED to let me have decent passwords frequently don't allow me to do so.

Also, for phishing fun, your "security questions" are typically not sanity checked... so feel free to put things like "85 turtles red crapitude" for "When was your first child born" and "portable 9000 running" for "what you would buy for a million dollars" and "barked eat oranges" for "How long have you been beating your wife?"
posted by which_chick at 5:23 AM on December 15, 2015 [15 favorites]


Meanwhile, some banks limit you to 8 characters, no special characters or numbers...
posted by blue_beetle at 5:23 AM on December 15, 2015 [5 favorites]


Yeah, password managers are the real answer. They have their own problems (namely, entrusting all of your passwords to a single third party), but they're currently the best option. They make it actually-practical to use a different password for every account, and to use high-entropy, difficult-to-crack, truly random passwords. (And you only need to remember one password: your master password.)
posted by escape from the potato planet at 5:25 AM on December 15, 2015 [7 favorites]


Anyway, if the NSA is interested in you, they're probably not gonna use brute-force password attacks.
posted by escape from the potato planet at 5:29 AM on December 15, 2015 [9 favorites]


The one true answer is a bunch of index cards under P for password in a Moleskine address book like my Grandpappy used to do.
posted by A Terrible Llama at 5:35 AM on December 15, 2015 [12 favorites]


XR is a Scrabble word now? Man, and I'd become so comfortable with AX EX XI OX XU.
posted by box at 5:40 AM on December 15, 2015 [2 favorites]


(Note to self: replace all passwords with Scrabble-related mnemonic devices.)
posted by box at 5:43 AM on December 15, 2015 [2 favorites]


One development in the security/ID front that I really don't understand are sites using your full email address as your username. That seems like a step backward, security-wise.
posted by Thorzdad at 5:46 AM on December 15, 2015 [1 favorite]


Meanwhile, some banks limit you to 8 characters, no special characters or numbers...

Not banks with my money in them.

So my bank decided to upgrade their password system. I'd been using the same password for over a decade. It was something like, "I'mFeel1ngAb1tP0larBearBlu3." It was never stored anywhere other than my head, and this was an account I used maybe once a year (it was my emergency fund). One day I log in and get a message that says, "It's been 3,967 days since you changed your password. You must change it." So I try, "I'mFeel1ngAb1tP0larBearBlu3!" But it comes back with, "Too long." So I go back and forth and it won't let me use a ' or the !.

Finally I pick something it will let me do, and I email the bank research about how forcing someone to change a complex password on a regular basis means they will just pick insecure, easily guessed passwords that are hard for the person to remember, or they will write them down on post-it notes. I suggest they should fire the guy who came up with the new password policy.

Eventually I go about my business, and a couple months go by, and I can't get in because I've forgotten my password. So I try the reset form, but I don't remember setting up any questions, and they are questions I can't remember anyway, "What was your favorite author in high school?" Which genre? Which year? "What was your favorite band in college?" I had dozens. "What was your kindergartner teacher's aunt's favorite color?" "What's your favorite sports team." None. I don't have one. Sometimes it would also reject the answers. "What's the name of your grandmother on your mother's side?" "Joy is too short!" If I can't write my own security question I will never remember the answer. They are rage inducing for me.

So I can't reset the password. SO I call the bank. I tell them who I am and ask for a password reset. They don't ask for proof of who I am. A few minutes later I get an email that says, "Your password is: "FuckY0s3" They didn't send me a reset link. They sent me the password I selected in the clear un email!

So I called them back and swore a lot and got mad and told them to write me a check for all the money I had left in the account and close the account. A few days later the check arrived. I hadn't had to give them any information other than my name to get the account closed.

I have other stories like this. Like one of my banks I couldn't use a password secure enough that 1 Password would rate it as acceptable. Money moved.
posted by cjorgensen at 5:53 AM on December 15, 2015 [61 favorites]


Suspected government agencies have been implicated in using supercomputers, cutting-edge mathematics, and highly advanced malware. I have my doubts that the demands for key escrow because hashcat is just so hard is more than a polite cover over their probable ability to root most devices. Or more likely, prosecutors want a cut of the action.

But, against criminal groups and adventuring script kiddies using hashcat against plundered database tables for the purpose of identity or credit fraud, diceware is a good system. I have my own variant that builds passphrases from Gutenberg texts, with the downside that you sometimes get a 10-letter word.
posted by CBrachyrhynchos at 5:54 AM on December 15, 2015


But what about how I have to remember a password for a wiki that includes a lower case letter, upper case letter, at least one number, at least one special character, can't include any words in the English dictionary, and can't be a password I've used previously? That I have to change every ninety days.

I use a phrase. So, like, for my work email, I think of a sentence like: "I don't want to attend 10 meetings in October." I use only the first letters of the words, plus the numbers: IDWTA10MIO. I choose some of them to be upper case and some to be lower case: IdwtA10MiO. Then I add a question mark or an exclamation point or something on the end: IdwtA10MiO!.

Then when it is November, I change my password to IdwtA11MiN!. I have a new password every month that no one can guess. I read about this method in a Slate article at least 5 years ago and thought it sounded way more secure than using my middle name spelled backwards plus my graduation year. No one has been able to explain to me why it may be less secure than using "correcthorsebatterystaple", so.
posted by chainsofreedom at 6:16 AM on December 15, 2015 [2 favorites]


I also never use the right answer for those dumb security questions. If it asks for the name of my high school I put the mascot, or I put the mascot for my elementary school if it asks for high school, or I put my mother's maiden name when it asks for my father's middle name, etc. That way even people who know me and my life won't be able to guess, because they can't predict how I answered the questions (obviously, I do different substitutions than what I listed above).
posted by chainsofreedom at 6:19 AM on December 15, 2015 [2 favorites]


For maximum security make sure you are alone and close the curtains.

No sweeping for bugs?
posted by stupidsexyFlanders at 6:24 AM on December 15, 2015


Yeah, password managers are the real answer. They have their own problems (namely, entrusting all of your passwords to a single third party)

That's why I've never understood why people use LastPass. I mean, I guess I do, because it makes things really simple? But it seems self defeating to have all your passwords online. Even if it's all secured, it's still a potential target to attack.

I personally use KeyPass. It's just a program on my computer. I suppose it's still possible for attackers to get my passwords, but it strikes me as much more difficult or less likely to happen.
posted by Dalby at 6:31 AM on December 15, 2015


Tell me more about free programs that remember (and generate? and submit?) passwords for me. Are they actually safe? And easy to use? And are they free free, or free as in "unless you send us money we will bombard you with update messages worse than Avast virus software messages" free?
posted by pracowity at 6:40 AM on December 15, 2015


I also never use the right answer for those dumb security questions.

I get that this is what we're all supposed to do (and that my demographic is supposed to be Tech Savvy and all that nonsense), but, seriously, this kind of suggestion falls into the category of stuff life is too short for.

I've had the same account at my bank for the past ten years now. And a bunch of techies are telling me that, because they failed (over and over again) to implement better methods of password security, I have to remember multiple wrong answers to security questions that I originally answered a decade ago? Yeah, no. I get that I'm supposed to do that. I get that I put myself at risk for being hacked if I don't. But I'm also supposed to (according to the most current research) put in ~1 hour of cardio each day and spend fifteen minutes a day brushing my teeth. At least my doctors and dentists are telling me what to do to maintain a system they played no part in creating. Software with shitty password requirements and even more useless security questions were written by programmers, and they could be altered tomorrow if a few companies cared to. I shouldn't have to compensate for their failures.

When I'm given the opportunity (which is rarely), I'll use modified song lyrics or (more recently) in-jokes. I can easily remember a 30-40 character in-joke from fifteen years back, complete with punctuation. But that requires the password form to accept spaces, which it very rarely does.
posted by steady-state strawberry at 6:41 AM on December 15, 2015 [4 favorites]


Even if it's all secured, it's still a potential target to attack.

Yes, but even if attackers manage to breach a password service (like they did back in June), they still only have hashed or encrypted data. They'll have to break that encryption before they'll have any actual, usable passwords.

And LastPass planned for exactly this sort of breach. Every user's master password is hashed using a unique salt, so attackers can't rely on rainbow tables—and they deliberately chose a computationally expensive hash function, so any attempt to crack an individual password through brute force will take forever.

And without a user's master password, you can't decrypt their actual password file.

Of course, password managers still have their vulnerabilities—e.g., if someone gets their hands on your master password through phishing or other social engineering, all bets are off. But if you're careful to avoid that, it's a pretty secure solution to the problem.

Tell me more about free programs that remember (and generate? and submit?) passwords for me. Are they actually safe? And easy to use? And are they free free, or free as in "unless you send us money we will bombard you with update messages worse than Avast virus software messages" free?

I use LastPass. 1Password is up-and-coming, and looks pretty nice. There are others. Yes, LastPass remembers, generates, and autofills passwords. It's widely used by tech-savvy folks, and is considered pretty secure. It really is free, and there are no ads/nagware/upsells/crapware.
posted by escape from the potato planet at 6:46 AM on December 15, 2015 [1 favorite]


Tell me more about free programs that remember (and generate? and submit?) passwords for me. Are they actually safe? And easy to use? And are they free free, or free as in "unless you send us money we will bombard you with update messages worse than Avast virus software messages" free?

If you care about security, don't use a cloud service like LastPass. Don't use anything closed source. Use KeePassX, put a seriously beefy master password on your vault, and then share it between your computers with Syncthing.
posted by fifthrider at 6:51 AM on December 15, 2015 [2 favorites]


Why even bother with the trouble of encrypting it at rest with KeePassX if you're not using 3rd party intermediaries like Dropbox to sync? What is your threat model?
posted by indubitable at 7:10 AM on December 15, 2015 [2 favorites]


No one has been able to explain to me why it may be less secure than using "correcthorsebatterystaple", so.

Password Strength Test

" IdwtA10MiO!" has 51.8 bits of entropy and the strength is considered "reasonable."
"correct horse battery staple" has 104.2 bits of entropy and the strength is "strong."
"correct 3 horse! BATTERY staple" has 146.5 bits of entropy and is "very strong" (probably overkill)
posted by Foosnark at 7:27 AM on December 15, 2015 [5 favorites]


Because your local computer is far less vulnerable than LastPass's hardened systems (not).
posted by aydeejones at 7:31 AM on December 15, 2015 [2 favorites]


If you care about security, don't use a cloud service like LastPass. Don't use anything closed source

Talk about the perfect being the enemy of the good. If a person is using LastPass to generate and keep unique passwords for each of their accounts and has a strong master password, then they are already more secure than 99% of Internet users. It makes security easy for general users which I think trumps concerns over closed source, cloud based services.
posted by boubelium at 7:33 AM on December 15, 2015 [9 favorites]


If you follow escape from the potato planet's LastPass link you'll see that the guy who wrote it used a diceware password and doesn't feel compelled to change it because LastPass uses a ridiculously slow 100,000 iteration hashing function
posted by aydeejones at 7:33 AM on December 15, 2015 [1 favorite]


I use KeePass with a nice long passphrase. I store the database and the application itself in the cloud, under a fairly strong password. But I also require a separate keyfile on the local computer, and I do NOT store that in the cloud.

I also have two-factor authentication enabled for any critical accounts that support it.
posted by Foosnark at 7:47 AM on December 15, 2015 [1 favorite]


I know nothing about all this. Is there some reason why a secure system has to allow a trillion guesses a second?
posted by Segundus at 7:58 AM on December 15, 2015 [4 favorites]


For Lastpass, all of the encryption and at least half of the hashing is done locally in the client. So the only thing that should leave your browser is a BLOB encrypted with a key-strengthening algorithm that should be resistant to massively parallel hybrid dictionary/brute force attacks.

That said, they just changed owners a few months ago, and any software is potentially vulnerable to mistakes or intentional vulnerabilities slipped in upstream. And there are always problems if someone gets access to your browser or OS architecture, but nothing is safe under those scenarios.

So, like, for my work email, I think of a sentence like: "I don't want to attend 10 meetings in October." .... No one has been able to explain to me why it may be less secure than using "correcthorsebatterystaple", so.

The biggest problem with this method is that the state of the art for password crunching is big data mining of literary texts for sentences to use as passphrases. So if your chosen sentence (or part of it) has appeared in any of the most popular Gutenberg texts, Wikipedia, or any correspondence related to you, it gets fed into a dictionary, reduced to an acronym, and mutated according to algorithms that account for almost all human attempts at slipping in numbers and punctuation.

Passphrases ideally require random selection and random ordering in order to beat automated data mining these days.
posted by CBrachyrhynchos at 8:08 AM on December 15, 2015 [2 favorites]


I have often wondered about Segundus' question. (Is there some reason why a secure system has to allow a trillion guesses a second?) Some of the sites I use lock me out after three miserable misremembered password attempts, and it's a big hassle to get back in. (It usually involves, ugh, talking to a human being.) Why does it seem to be such a trivial thing for attackers to hit those same accounts millions of times in an attempt to crack my password?
posted by Mothlight at 8:11 AM on December 15, 2015 [3 favorites]


No one has been able to explain to me why it may be less secure than using "correcthorsebatterystaple"

The why is that letters aren't equally used in english. There are more Ts than Xs, for example. This is even more true when you're just using the initial letters.

On preview, more or less what CBrachyrhynchos said.
posted by ChurchHatesTucker at 8:12 AM on December 15, 2015 [1 favorite]


Part of the point of Diceware is you generate it without a computer, but if you just want to see what it looks like this Javascript page is a nice Diceware generator. TIL about window.crypto.getRandomValues().

I'm a big fan of LastPass. I have 400+ Internet accounts. No way could I manage secure unique passwords for each site without it. There's a definite risk associated with LastPass's storage, but I think it's a reasonable tradeoff. 1Password is a good choice too. Both of them require a master password; a Diceware password is a good choice.
posted by Nelson at 8:22 AM on December 15, 2015 [2 favorites]


I know nothing about all this. Is there some reason why a secure system has to allow a trillion guesses a second?

A common failure mode these days involves an attacker downloading entire database tables including (hopefully) hashed password fields. The attacker (anyone with bittorrent and a link) can then run dictionary/brute force attacks on the entire table without worrying about lockouts or limitations. Successes might be used against other systems.
posted by CBrachyrhynchos at 8:24 AM on December 15, 2015 [5 favorites]


In fact, just today 13 million accounts exposed due to database misconfiguration.
posted by CBrachyrhynchos at 8:34 AM on December 15, 2015


S00?BigBroWunz2Kn0'b0utIMayAtzKay??
posted by Oyéah at 8:36 AM on December 15, 2015 [1 favorite]


You can do the DiceWare thing with any dictionary and dice. Roll for the page number and roll for the word. The entropy is greater because the corpus is larger. As long as you roll for each digit (and say make 1=0), then you should be good. Unless I'm missing something.
posted by OmieWise at 8:39 AM on December 15, 2015


Also, I gotta say that 1 trillion guesses a second seems pretty low. I mean, I'm way out of my depth here since I've got no idea what I'm talking about, but even five years ago, "On December 2, 2010, the US Air Force unveiled a defense supercomputer made up of 1,760 PlayStation 3 consoles that can run 500 trillion floating-point operations per second. (500 teraFLOPS)" I know that's not the same as guesses, but I would think guessing isn't all that hard for the computer.
posted by OmieWise at 8:44 AM on December 15, 2015


Yeah, contrary to Hollywood, most security breaches don't involve guessing passwords. It's far more likely that an attacker will get their hands on a database containing thousands of hashed passwords, and will then try to crack the hashes. Depending on how well the system was designed, this can be trivial, or mathematically next-to-impossible. But low-entropy passwords (which includes anything containing English words, and any password that a human invents themselves) will always be more amenable to this kind of attack.
posted by escape from the potato planet at 8:50 AM on December 15, 2015 [3 favorites]


(And many systems are not well designed, from a security perspective.)
posted by escape from the potato planet at 8:52 AM on December 15, 2015


OK, here's a question I've never dared to ask:
Why are systems that you need a password to log on able to handle 1 billion (or whatever) login requests per second in the first place? Isn't that just extremely poor system design that just invites brute force attacks? Wouldn't an elegant solution to the problem be that there's a mandatory wait after each failed login attempt?

Even if the mandatory wait is only one second, that would still make bruteforce attackes 1 billion (or whatever) times more difficult. Or better yet: at every failed attempt, the mandatory wait time doubles...

Now, I realize that this may not be practical for many systems that need to react to a million (or whatever) logon requests per second. But most of the stuff that I log onto regularly are sites like Metafilter, that require me to give a username and a password. Why isn't it common to have the system to log into behave like this: "OK, sour cream tried to log in unsuccessfully just 5 microseconds ago... that looks suspiciously like a robot. We'll make him wait at least one second for every further attempt. And in addition, he has to identify this barely readable sequence of random letters and numbers."
posted by sour cream at 8:59 AM on December 15, 2015 [1 favorite]


Maybe I should have read the entire thread first before posting ...
It seems that CBrachyrhynchos sorta answered my question, although I have to admit that I don't quite understand the answer.
posted by sour cream at 9:04 AM on December 15, 2015


This discussion is very complex in tech ideas, so difficult for a granny like me. But with all the remote sensing available and then fitness monitors, microphones, location programs. Don't they know us by our farts by now? You walk into your home and doesn't the electrical system pick up your presence, and the TV, the phone you have been carrying, the watch you are wearing?

I had never looked at 4chan until the day of the San Bernardino piece. I wanted to see how a site like that puts out chatter regarding ongoing events. It was interesting but not interesting enough to ever return. But, even using a private browser (ha ha ha, yeah,) logging on to my bank account days later, entering the number 4, predictive text, I don't use, always offers up 4chan, I only see this at my bank. Come on. I have come to the conclusion it is a robbery, facilitated by seemingly random acts of violence. All that shit we pay for, to barely keep our made for TV enemies at bay, is to ultimately subdue us. Pardon me. Oh, and pardon my cynicism about thinking there is a way to outsmart something that was invented for mass surveillance first, then communications, second.
posted by Oyéah at 9:05 AM on December 15, 2015


"Password Strength Test" tells me that "11111111111111111111111111111111111111111111111111" is a "Strong" password, suitable for financial records. I prefer to draw my own conclusions.

As a federal employee I have to have many work-related passwords, all of which must be different, and all of which must meet esoteric security guidelines. Each is on a 60 to 90 day countdown to boot. I have come to harbor deep anger towards any site that tells me my secure passwords are not good enough. The worst "rules":
  • "Must contain a special character such as '! @ # $ & *'" - this always means "Must contain one of those 6 specific characters, and NO OTHERS, or it will be rejected as insecure".
  • "Password must be between 6-10 characters". Uh... really? You can't set up a database that handles password of 12 to 16 or more?
  • "Starting or ending with a specific type of character is not allowed..." yes, because "a$dfTyQe3" is secure, but "3a$dfTyQe" starts with a number and therefore is not.
Laziness on the part of the person setting up or error-checking passwords are the root problem for most of these things. If the person implementing the user interface can't recognize that more entropy = better password, I'm not sure how much I trust them to begin with. Especially when it's a government site. Good passwords are only as strong as the back end. Poor encryption, reliance on outdated or known-insecure technology, doesn't matter how good your password is; no sense locking the door when the windows are open. "Look at how good our security is! We require passwords! They must meet requirements! ... PS, did you get your letter from Office of Personnel Management yet explaining that the Chinese now have your entire federal service record? You can log in to retrieve it, but you have to change your password first."
posted by caution live frogs at 9:08 AM on December 15, 2015 [12 favorites]


My diceware password is: "one two three four five".

Sometimes I spice it up with punctuation: "One, two, three, four... five."
posted by qcubed at 9:20 AM on December 15, 2015


It seems that CBrachyrhynchos sorta answered my question, although I have to admit that I don't quite understand the answer.

The gist of it (as I understand it based on CBrachyrhynchos's answer) is that the hackers aren't actually allowed to make 1 billion login requests in a second or anything close to it. But they may figure out a way to break into the system and get at sensitive data. They only have to download a database table once, and then they have a nice local copy (including the encrypted copy of your password) that they can slam at full-tilt boogie for days on end until they get in — and then they have that username/password pair, and they can try it on the original site and/or on other sites.
posted by Mothlight at 9:21 AM on December 15, 2015 [5 favorites]


I translate my diceware words into pig latin for a truly unbeatable passphrase.
posted by peeedro at 9:29 AM on December 15, 2015 [1 favorite]


My understanding is a typical form of attack involves:

1. Looking for unpatched vulnerabilities or insecure configurations. Web and database servers are complex bits of software with multiple points of failure.

2. Saying, "give me your usernames and password data" (in database query language). Hopefully the password data is hashed, so it's not immediately useful.

3. Using a password-recovery program such as hashcat on the downladed data. Once the user data is downloaded, an attacker can throw an entire server farm at the problem if they have one.
posted by CBrachyrhynchos at 9:42 AM on December 15, 2015


So I tend to use passages from poems, plays, folk songs, etc. as pass phrases. They are crazy-long (40+ characters) but they are also, you know, phrases from poems, plays, folk songs, etc. Any security people want to tell me if this is acceptable or if I really should go with, like, "16 litres of milk dancing a quadrille" or whatever.
posted by erlking at 9:44 AM on December 15, 2015


I wonder that too. It talks about cracking systems that use Wikipedia, digitized books, song lyrics, etc, but is that really an advantage? If you use a random incomplete fragment from a poem will that really give the cracking system an advantage? Is checking for every single possible string of words from every available source of strings quicker than a straightforward one-character-at-a-time brute force attack?
posted by Mr.Encyclopedia at 9:50 AM on December 15, 2015 [2 favorites]


I use LastPass. 1Password is up-and-coming, and looks pretty nice. There are others. Yes, LastPass remembers, generates, and autofills passwords. It's widely used by tech-savvy folks, and is considered pretty secure. It really is free, and there are no ads/nagware/upsells/crapware.

Unfortunately LastPass got bought by LogMeIn and a lot of people are unhappy.

Further reading.
posted by urbanwhaleshark at 9:57 AM on December 15, 2015 [2 favorites]


The worst "rules"

The very worst is when they don't tell you what the rules are and you have to randomly try adding things or reducing the number of characters.
posted by ChurchHatesTucker at 9:58 AM on December 15, 2015 [4 favorites]


The very worst is when they don't tell you what the rules are and you have to randomly try adding things or reducing the number of characters.

That's funny, the wiki I mentioned above does this. The only reason I know the criteria is because someone in Support took pity on me.

Historically, we also had a platform -- could have been Outlook/network--that would lock you out on mobile if your password didn't match after three attempts. So you'd go and follow instructions and do whatever contortions you had to do on the desktop, and because your phone was sitting there enthusiastically and obsessively trying to get your mail with the old password because you hadn't updated it yet, you'd lock yourself out of both your new password and your old one.

Good times.
posted by A Terrible Llama at 10:16 AM on December 15, 2015 [5 favorites]


The very worst is when they don't tell you what the rules are and you have to randomly try adding things or reducing the number of characters.

One major computer hardware vendor has a support site for their partners to use, to get support for engineering sample hardware, where the page with the rules is not the same page as the page to enter a new password. They also do their best to keep password managers from saving passwords on that site. If you attempt to use the back button to see the rules, you wind up having to log in again, which is obnoxious because you're inevitably on the "I lost my password", one-use-URL recovery page when you're picking a new password. The rules as stated are not quite the same rules that the final page enforces.

It is the most infuriating thing.
posted by atbash at 10:23 AM on December 15, 2015 [1 favorite]


There's a lot of confusion about this, so here's my attempt to clear it up:

Ordinary users know passwords as the sequence of characters that you type into login forms. And whenever Hollywood shows someone breaking into a computer system, they almost always show a cracker guessing a password.

So it's natural to assume that real-world crackers discover passwords by making multiple login attempts, using a randomly chosen password each time, until one of them works. Millions of times, if necessary.

However, that's rarely how it actually works. Many systems do, in fact, employ countermeasures against this sort of brute-force attack: they lock you out after a certain number of bad login attempts, or they're capable of detecting an unusual number of connections from the same IP address, or they pause for one second whenever they recieve a bad password (which, multiplied by the thousands of attempts needed to guess a password at random, is enough to defeat this attack).

So, how do people crack passwords? To understand that, you need to understand something about the way passwords are stored.

The most obvious way is to store the usernames and passwords in a plain text file, like this:
username    |password
------------+------------
ponyfan89   |PinkyPie4eva
jstevens    |ravens1997
potatoguy   |the!best!cat
But this is really insecure. Anyone who has access to your web server—either licitly (e.g., they're an employee or vendor doing work on your site) or illicitly (e.g., they've broken in) can download this file and see everyone's password without even trying.

A better way is to hash the passwords, and store only the hash value:
username    |pw_hash
------------+----------------------------------------
ponyfan89   |6f00a507980cbd06a2b29de91ee31ca91c9d20a9
jstevens    |bc85afd57245e6345974c0012438aae2c98abc27
potatoguy   |5011a58160a6da1c884dc137306d91aac46af05a
A hash function is simply a mathematical transformation that converts a value—say, a password—into a hash. You can think of a hash like a signature, or a thumbprint of the password. Hashing is not encryption, because it's a one-way process—that is, you can't take a hash and reconsitute the original value. It's like running a steak through a meat grinder: it's a non-reversible process.

This is why no secure system can tell you your password when you forget it—they don't know your password. They only know its hash value.

So how does the system check your password when you try to log in? Simple: it hashes the password you entered on the login form, looks up your username in the table shown above, and makes sure that the two hash values match.

Storing hashes instead of plaintext passwords is a big improvement, and any remotely competent system does it this way. But this design still has a significant flaw. Again, let's assume that our password file has fallen into villainous hands. This time, all the villain has is a list of hashes. And since hashing is a one-way process, they can't "decrypt" the hashes to discover the original passwords.

But! They can use rainbow tables. A rainbow table is simply a gigantic, precalculated list of strings and their hash values, like this:
password    |pw_hash
------------+----------------------------------------
aardvark    |ff49abca9701606b01b6245d587d26c31b63a433
aaron!rules |62ae036bf3860f50c60034eb605b1bf0f97ca681
abc666      |a2b1f782bbe78c96c138e64cb1c505dc314a8bf5
PinkyPie4eva|6f00a507980cbd06a2b29de91ee31ca91c9d20a9
...and so on, with millions of possible passwords. It's impractical to create a rainbow table that includes every possible password—there are just too many—but they can include a lot of the passwords that people are likely to actually use. (Crackers often use big lists of real-world passwords to generate rainbow tables.)

Armed with this rainbow table, the cracker can now go through each user in the stolen password file, and try to look up each hash in the rainbow table. For example, the first row in the stolen password file has the username "ponyfan89", and the hash "6f00a507980cbd06a2b29de91ee31ca91c9d20a9". We look in our rainbow table for the same hash value, and...voila! We now know that ponyfan89's password is "PinkyPie4eva".

Obviously, only passwords that appear in the rainbow table are vulnerable to this approach. But there are some pretty comprehensive rainbow tables out there. I once ran about 30,000 hashed passwords (from a system I administrated) through such a table, and was able to crack about 80% of them.

This is why a password like "I&na6$\50aJJ" is more secure than "PinkyPie4eva", or even "P!nkyP1343v@": a truly random string is unlikely to appear in a rainbow table. It would take centuries to compute a table that includes every possible sequence of 6-12 characters, and you would need an absolutely colossal hard drive to store it on.

So! Let's improve our system even further, to make it resistant to rainbow attacks. Instead of simply storing the password's hash value, we'll do this:

1. Generate a string consisting of several random characters—for example, "%v4}M". This string is known as the salt.

2. Prepend the user's password with the salt—so "PinkyPie4eva" becomes "%v4}MPinkyPie4eva". We call this "salting" the password.

3. Calculate the hash value of the salted password, and store that.

So our password file now looks like this:
username    |pw_salt |pw_hash
------------+--------+----------------------------------------
ponyfan89   |%v4}M   |bddc3a482ef7cb64dc38e520840feaa08d503a81
jstevens    |kR9(    |5933eb3d5489103a865e6dc5c65e5cb7687a2e7e
potatoguy   |.[>6    |3d1f7810b4ebed45e5d7e612f77a153fd7860678
Effectively, we've turned a weak password into a strong one. "%v4}MPinkyPie4eva" is very unlikely to be included in a rainbow table. And since each user's password is hashed with a different salt, the cracker would need to generate a separate rainbow table for every single user in order to crack these passwords. Rainbow attacks just aren't practical against this design.

Moral of the story: use truly random, machine-generated passwords (because those don't appear in rainbow tables—so even if a cracker steals the password file for a site you belong to, and even if that site doesn't salt their hashes, you'll be safe). Use a different password for every account (so crackers can't steal your password from low-security accounts, like the login to your favorite fanfic forums, and then use that same password to access high-security systems such as your bank account or email).

Those two principles, taken together, mean that you pretty much have to use some kind of password manager. Because no one can remember six hundred random, machine-generated passwords.
posted by escape from the potato planet at 10:26 AM on December 15, 2015 [70 favorites]


So I tend to use passages from poems, plays, folk songs, etc. as pass phrases. They are crazy-long (40+ characters) but they are also, you know, phrases from poems, plays, folk songs, etc. Any security people want to tell me if this is acceptable or if I really should go with, like, "16 litres of milk dancing a quadrille" or whatever.

The article linked specifically says that phrases from poems etc are not secure. That those are already part of the corpus of known passphrases that are used to break a passphrase.

It's the randomness of words not fitting together in a known way that is secure. Even choosing words yourself is not particularly secure because people follow too many internal rules that destroy randomness.
posted by OmieWise at 10:36 AM on December 15, 2015 [4 favorites]


Ars: Yiannis Chrysanthou, a security researcher who recently completed his MSc thesis on modern password cracking, was able to crack the password "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1." That's the fictional occult phrase from the H.P. Lovecraft short story The Call of Cthulhu. It would have been impossible to use a brute-force attack or even a combined dictionary to crack a phrase of that length. But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysannthou to crack the phrase in a matter of minutes.
The capacity of modern hard drives to store plain text is astounding. If short on space, crackers can always depend on Zipf's law to help cull their dictionary. Probably a million more people use lyrics from Taylor Swift as a passphrase compared to lyrics from Johnny Socko.
posted by CBrachyrhynchos at 10:38 AM on December 15, 2015 [1 favorite]


OmieWise, yeah, 1 trillion guesses is low. I like to think about it in terms of money -- Bitcoin mining is essentially the same as password guessing, so you can convert password guesses to Bitcoins to dollars. It takes about 30 quadrillion hashes (about 2^55) to mine $1 worth of Bitcoins, so a trillion guesses per second would cost about $3 a day in electricity and hardware costs.

A five-word Diceware password currently takes about $1000 to break, and a six-word Diceware password takes several million dollars. In contrast, you could guess every string up to 20 letters in all of Wikipedia for a nickel.

The main way to fix this is to use a different hash function. Bitcoin uses SHA256, which was designed to be fast and easy to calculate, so you can calculate hundreds or thousands at a time on a graphics card. For storing passwords, it's better to use a function like bcrypt or scrypt which is designed to take a longer time to compute and be hard to run on a graphics card.
posted by ectabo at 10:39 AM on December 15, 2015 [3 favorites]


Oops, I mixed up my metric prefixes --- Wikipedia is about 50 billion characters, so you can guess every string up to 20 letters in all of Wikipedia for $.00003, three thousandths of a penny.
posted by ectabo at 10:50 AM on December 15, 2015 [1 favorite]


When I worked somewhere that made me change my password every 90 days (to clock in at a day-care center, wtf) I started using ship names from fandoms I'm no longer active in. Things like 'Mulderheartsscully4life' feel acceptably hard to guess, but I stand a chance of remembering them.
posted by nonasuch at 11:11 AM on December 15, 2015


escape from the potato planet, thank you for posting that! I now understand something I didn't before.
posted by selfnoise at 11:13 AM on December 15, 2015 [2 favorites]


PotatoPlanet, thanks a million times for that explanation. Every time I've come across password encryption stories and people say "add salt" it just didn't make sense. That last table gave me the "Aha!" moment of "Oh, they mean 'add per-user salt, and store the salt along with the hash for each user'"! You'd be amazed at the number of different nonsensical interpretations for "add salt" I had come up with.

I guess if I had ever had to implement something like that I could have dug a little deeper and found out those details, but I just never had. This is like a long term itch finally getting scratched.
posted by benito.strauss at 11:29 AM on December 15, 2015 [2 favorites]


Having read that, it's pretty infuriating that someone with credit cards or other user data wouldn't do that (salt them). It doesn't seem like rocket science!

Actually, I didn't mention this in my post upthread, but the other thing that I do is I avoid storing a CC number on a site I think is high risk. Steam is one example. I don't know how much this helps, since you never know how they are disposing of the "temporary" number you give them at checkout, but it makes me feel better.
posted by selfnoise at 11:34 AM on December 15, 2015


Relevant to asinine password requirements: http://password-shaming.tumblr.com/
posted by valrus at 11:38 AM on December 15, 2015


escape from the potato planet's post is indeed great but it leaves out an important detail mentioned in this MeTa comment and which prompted the MetaFilter staff to change their own practices: no one uses rainbow tables for attacking password databases since most passwords are weak and brute-forcing is so cheap, instead a slow hash function should be used for password storage.
posted by Bangaioh at 11:42 AM on December 15, 2015 [6 favorites]


Thanks, Bangaioh. I was vaguely aware that slow hashing was a thing, but it's been a while since I've looked into this stuff in-depth. (Fortunately, it's rarely necessary to build authentication systems from scratch these days.)
posted by escape from the potato planet at 11:55 AM on December 15, 2015


Having read that, it's pretty infuriating that someone with credit cards or other user data wouldn't do that (salt them). It doesn't seem like rocket science!

Salting (or even plain hashing) won't work for credit card numbers, or any other data that needs to be decryptable. For example, if you sign up for an automatic, recurring subscription payment, the vendor (e.g., Steam) has to present your full card number to the bank each time they process a payment. And to do that, they have to know your card number. Since hashing is non-reversible, storing a hash of the card number (rather than that card number itself) is a no-go.

You would encrypt (not hash) a card number for storage.
posted by escape from the potato planet at 11:59 AM on December 15, 2015 [1 favorite]


No, sorry, I meant if you have people's CCs, salt their password hashes.
posted by selfnoise at 12:11 PM on December 15, 2015


OMG, sites that disable copy & paste, which prevents password managers from working ARE THE WORST. It's an interesting philosophical question: How it is that so many people who know so little about security are making decisions about security?
posted by jjwiseman at 12:31 PM on December 15, 2015 [3 favorites]


They move fast and break things? I understand it's all the rage.
posted by benito.strauss at 1:24 PM on December 15, 2015


Passphrases are great when used as the master password for a password generator, but they do have one disadvantage if you type them directly into a website:
If an attacker does ever manage to decrypt something like "correct-horse-battery-staple" it is easy to spot that that result is very probably a valid password.
posted by Lanark at 1:33 PM on December 15, 2015


Another true life password adventure:

When I opened another bank account recently I had to fill out eleventy seventween forms and when I was sitting across the desk from the account rep setting up the online account the woman asked if I wanted to go online and enter a password or just tell it to her and I swear to God, I just made up a password and gave it to her, and she apologetically said "I'm sorry, you need at least one number and one special character" and so I threw an asterisk and a 1 at the end.

Somewhere out there a woman named Janet knows my checking account password.

And I don't even *care.*

Security fatigue. If I walked across the office I could undoubtedly find Post-Its with passwords at six different workstations, stuck securely beneath the keyboard as we did in 1998, as was the fashion of the times.

I was talking to a sys admin recently who told me one of his best developers became antagonized by having to deal with some new enterprise-level password manager and instead wrote down a twenty digit password on a Post-It and walked it over to the sys admin and stuck it on his desk.
posted by A Terrible Llama at 1:43 PM on December 15, 2015 [3 favorites]


Sage, if inadvertent, advice on this topic from the late, great George Carlin. NSFW.
posted by zardoz at 1:51 PM on December 15, 2015


If an attacker does ever manage to decrypt something like "correct-horse-battery-staple" it is easy to spot that that result is very probably a valid password.

Well, first of all, passwords should never be encrypted, they should be hashed via a one-way function.

Secondly, the algorithm used to authenticate users and to crack passwords doesn't care about letter frequencies. f(x) = y where x is a set of bytes entered by the user, and y is the set of bytes stored in the table. If f(x) = y, then x is the correct password (or a collision, which should be impossible except on cosmic scales).

A password recovery program such as hashcat doesn't care if the password "looks right." It only cares if the password meets the mathematical test f(x) = y, and will happily throw random bytes or a dictionary at the problem until it finds a match or hits a time limit.
posted by CBrachyrhynchos at 2:12 PM on December 15, 2015 [2 favorites]


Relevant link from an older MeFi project. But man do I get enraged when a site tells me my password is too long.
posted by solotoro at 2:19 PM on December 15, 2015 [2 favorites]


almost 100k words as opposed to 8k for Diceware, so you'll only need like 5 words instead of 7

The nice thing about the Diceware list is the words are short. Compare "pagan amiss fence meyer yucca venial abash" to xkcdpass' "kikuyu proration remaining phantasy filariae".

FWIW the Diceware generator I linked says 6 words would require 3500 years of 1T guesses/second to crack. That's enough for me. 5 words isn't quite enough though, half a year by that estimate.
posted by Nelson at 2:32 PM on December 15, 2015 [1 favorite]


Relevant link from an older MeFi project

Nice! I was tinkering with a python script that did pretty much exactly what that page does, but that's a better implementation.
posted by ChurchHatesTucker at 2:58 PM on December 15, 2015


Related article just published today on the popular Web Design Blog, Smashing Magazine: Why Passphrases Are More User-Friendly Than Passwords.
posted by p3t3 at 3:10 PM on December 15, 2015 [1 favorite]


If you're looking for a basic password manager, I recommend Password Safe. The UI is pretty barebones, but it is free. And it was designed by Bruce Schneier.
posted by Sibrax at 3:44 PM on December 15, 2015 [1 favorite]


This is why no secure system can tell you your password when you forget it—they don't know your password. They only know its hash value.


This is why if you ever click a "forgot password" link and instead of getting a link to reset password in your email you get your actual password mailed to you.... run. That is a ridiculously bad sign.

(I use 2-factor auth on my email account and don't store that password anywhere. All my other passwords are stored on LastPass. So I need to remember 2 passwords: LP and email. This is not perfect, but is something I can actually do and maintain easily across 5 computers, multiple phones/tablets, etc. As someone upthread noted, your primary email account is special in that it is a single point of failure like LastPass. If someone has access to that, they simply send reset password links from all your accounts and now they have everything).
posted by thefoxgod at 4:08 PM on December 15, 2015 [2 favorites]


Somewhere out there a woman named Janet knows my checking account password.

Actually, if anyone is considering building a password management service, and it seems like there's lots of opportunity, if you're looking for a company name I will suggest 'Janet'.

Janet will take care of this shit.
posted by A Terrible Llama at 4:36 PM on December 15, 2015


Also, for phishing fun, your "security questions" are typically not sanity checked... so feel free to put things like "85 turtles red crapitude" for "When was your first child born" and "portable 9000 running" for "what you would buy for a million dollars" and "barked eat oranges" for "How long have you been beating your wife?"

You can make your answers questions of their own, which should be entertaining when you need to read them to someone on the phone. Try, "can you repeat that?"
posted by ctmf at 10:21 PM on December 15, 2015 [2 favorites]


Those two principles, taken together, mean that you pretty much have to use some kind of password manager.

Thanks a lot. I'm convinced that I should use a password manager. Now, have we agreed on which free password managers we should use and which we should avoid?

Someone recommended LastPass, someone warned that LastPass is for losers, someone warned against letting perfect be the enemy of good, but then someone said some ungood company had acquired LastPass. (And someone recommended 1Password.) So... what was the final score on LastPass and 1Password and password managers in general?
posted by pracowity at 11:53 PM on December 15, 2015


Serious question:

What horrors befall you if you forget your password manager password? Do you have to cut off your hand and mail it to someone?
posted by A Terrible Llama at 3:38 AM on December 16, 2015


IIRC, when I signed up for LastPass, they basically said "Look, don't forget your master password. Just don't."

Your entire password vault is encrypted, using your master password as the encryption key. If you lose the key, LastPass is no better equipped to break the encryption than a cracker would be.

This is a feature, not a bug. But, heed that warning: don't forget your master password.
posted by escape from the potato planet at 4:56 AM on December 16, 2015


pracowity, the answer to that question depends partly on your needs: whether you want a password manager for personal use or enterprise use (to share company accounts with multiple people); how technically savvy the user(s) are; etc.

It sounds like there are valid concerns about LastPass' new owners. Honestly, I may end up switching myself. (LastPass isn't the prettiest or easiest-to-use application anyway; competitors seem to be beating it out in that area. The new ownership might be the nudge I need.)
posted by escape from the potato planet at 5:03 AM on December 16, 2015 [1 favorite]


What horrors befall you if you forget your password manager password?

If you forget your master password you're locked out of your vault forever, that's why you write it down in a piece of paper and store it safely.


I'm convinced that I should use a password manager. Now, have we agreed on which free password managers we should use and which we should avoid?

None of them are perfect, but you should definitely use one because it's still much, much better than not.

I personally recommend KeePassX because if fits my personal requirements: it's free software, multiplatform and doesn't require any online service.
posted by Bangaioh at 5:27 AM on December 16, 2015 [3 favorites]


There is no way to recover the contents of an properly encrypted file, disk, etc. after you lose the key, well that's the whole point. If you wish to store the key elsewhere, then that's called key escrow, and it requires that you trust where you store it. It's necessary that businesses and governments do that for business and legal reasons, but individuals only need key escrow for financial information.

Imho, you should roughly classify your online accounts according to what they cost you if they get compromised.
- Crap - If the site has no business knowing your personal details, like you'd forget about them anyways, then avoid giving them a password at all by using BugMeNot, etc.
- Pseudonym - If the account is trivial to replace and knows nothing about you, like say a typical mefi, reddit, etc. account, then yes password managers help, but really who cares.
- Career - If the site has some career value, like say a twitter account with many followers, or your linkedin account if you're a recruiter, or if it knows personal information, like your date of birth, then it warrants a unique password that lives in a password manager.
- Financial - If the account has financial access, like a bank account or paypal, then it should be unique and live in a password managers. Any financial passwords should be key escrowed for your next of kin, like writing information for obtaining your password manager key into a will. It's only money, losing it sucks, but your bank isn't so secure anyways, and in large part you collect it to benefit the people you love, so make sure it stays around.
- Personal - Any key material used for real personal communication, like say your passwords for encryption Signal, Pond, GnuPG, etc. should be secured as or more highly than your financial accounts. It'd suck if a malicious DA decides he doesn't like you, so he browses through your private communications trying to find something for which to prosecute you. Freedom is more valuable than money. It's not catastrophic to lose old mails due to forgetting a password. And your family won't benefit much from them after your dead anyways.

An easy approach would be to escrow your password manager key in a sealed will kept with a family member, but keep passwords for end-to-end encrypted applications, like Signal, Pond, etc. in only your head. And never discuss anything too strange, personal, etc. over unencrypted channels like facebook messenger, etc.
posted by jeffburdges at 5:41 AM on December 16, 2015 [1 favorite]


If you need key escrow for key material that goes beyond financial, like maybe if you're a journalist crossing the U.S. border, then you should know about secret sharing schemes.
posted by jeffburdges at 5:46 AM on December 16, 2015


It sounds like there are valid concerns about LastPass' new owners. ... (LastPass isn't the prettiest or easiest-to-use application anyway; ....)
posted by escape from the potato planet at 7:03 AM on December 16

What are the valid concerns about LastPass' new owners? And who is voicing said concerns?

I *love* me some LastPass, and I'm pretty much fluent in it, how to do with it what I need done. I love that it's not just passwords but that it's also got an area for encrypted notes, I love its Form Fill, I totally love that it'll gen bombproof passwords of any length I want, using any or all types of characters I choose.

I *love* that they've got versions of it for Firefox, for Opera, for Chrome -- I use all three of those browsers, for different reasons -- and they've got a version for my phone, too. (Now THAT is convenient -- gawd.) Plus all of those are set up with hooks for windows, for mac OS, for android, for Linux, on and on -- how cool is that? (Answer: very cool.) Probably they've got a version for internet explorer but I'll never know about it either way.

I went through a few weeks ago, cut out the entries for tons of sites I no longer use. I changed almost every password I've got "out there" to 20 characters, if the site I'm genning a password for will allow 20, otherwise as many characters as it will allow, and any/every character on the keyboard that the web site will allow.

And LastPass just takes care so well. Might just be that I've never used another, but to me LastPass is not at all a kludge-fest, seems to take simple and direct line to where I want to go. I've been paying for their premium for at least three years and I think more like five -- I know that free software is nice and all but I absolutely believe in rewarding people who create useful tools that I use daily and depend upon highly.

And on top of all THAT, I'd have to go through and set up new passwords for all of the sites I use, and I'd have the learning curve of a new piece of software. That is No Fun, generally speaking.

So anyways -- what's the low-down on LastPass concerns?
posted by dancestoblue at 5:55 AM on December 16, 2015


that's why you write it down in a piece of paper

All my roads lead to Rome.
posted by A Terrible Llama at 7:02 AM on December 16, 2015


urbanwhaleshark (diceware username?) linked to good summaries of the LastPass concerns. (tl;dr The company that bought them isn't liked very much.)
posted by ChurchHatesTucker at 7:13 AM on December 16, 2015 [1 favorite]


have we agreed on which free password managers we should use and which we should avoid

The two leading contenders are LastPass and 1Password. They are both good. I use LastPass (and pay $12/year for Premium). The main deciding factor for me is the usability of password filling; the browser plugin and mobile apps. LastPass is kind of ugly, honestly, but works well.

Someone up-thread posted concerns about LogMeIn having bought the company. I don't see any reason to worry about that myself. The linked articles are both some Register author who clearly has a problem with LogMeIn, but I don't see any evidence the new owner is going to screw it up. We'll see in a year.

What horrors befall you if you forget your password manager password? Do you have to cut off your hand and mail it to someone?

LastPass has several recovery options, all optional. The one I use isn't documented here, but they have an "export" option that will dump your whole password database to a plain text file. I print that out about once a year and put it somewhere secure.

If you use LastPass I strongly suggest setting up two factor authentication for your master password. You've put all your eggs in one basket, you need to protect the basket.
posted by Nelson at 7:15 AM on December 16, 2015 [2 favorites]


Any financial passwords should be key escrowed for your next of kin,

That sounds like a hassle when you need to change your password. Also, given that there are almost certainly other means of accessing your account other than online passwords, unnecessary...?


The two leading contenders are LastPass and 1Password. They are both good. I use LastPass (and pay $12/year for Premium). The main deciding factor for me is the usability of password filling; the browser plugin and mobile apps. LastPass is kind of ugly, honestly, but works well.

KeePass or KeePassX (depending on which branch you want -- both of them are fully cross-platform now anyway so it's moot) is another option. Aside from the fact that your password list is stored by YOU rather than them (so you have your choice of just a local drive/USB stick, Dropbox/Google Drive/whatever) it can do everything LastPass can do.

There might not be an official KeePass Android client but I've been using KeePassDroid.
posted by Foosnark at 7:23 AM on December 16, 2015 [2 favorites]


How good is KeePass' browser integration? When I looked years ago it had none, you had to copy and paste the password over. But it looks like that's different now.

(It's marvelous with LastPass form filling; sometimes I'm hardly aware that a password is even needed on a site. It feels more like my browser is just authenticating itself to the website without my intervention.)
posted by Nelson at 7:29 AM on December 16, 2015


Metafilter: Don't they know us by our farts by now?
posted by sneebler at 7:42 AM on December 16, 2015 [1 favorite]


Lastpass has great browser integration on desktop but I found it annoying on Android.
KeePassDroid seems to run better on Android (or at least more consistently).
posted by CBrachyrhynchos at 7:44 AM on December 16, 2015 [2 favorites]


How good is KeePass' browser integration? When I looked years ago it had none, you had to copy and paste the password over. But it looks like that's different now.

There are a bunch of different plugins for it. I'm currently using WebAutoType, which is mostly decent but misses a few sites. I haven't tried any of the others, though now that I'm thking of it I'll do that now.
posted by Foosnark at 7:51 AM on December 16, 2015 [1 favorite]


KeePassHTTP and ChromeIPass seem like a pretty good combo.
posted by Foosnark at 8:07 AM on December 16, 2015 [2 favorites]


It sounds like there are valid concerns about LastPass' new owners. Honestly, I may end up switching myself. (LastPass isn't the prettiest or easiest-to-use application anyway; competitors seem to be beating it out in that area. The new ownership might be the nudge I need.)

I've got around 6 months left on my subscription so I'll gauge nearer the time what I'll do. But I'll most likely move to something else if the going looks risky/expensive.
posted by urbanwhaleshark at 8:16 AM on December 16, 2015


I use 1Password. Chose it over KeePass because that didn't properly support Mac when I was choosing and over LastPass because I prefer 1Password's UI and I decided I'd rather sync the vault over Dropbox than keep it on LastPass' servers.
posted by corvine at 9:04 AM on December 16, 2015 [1 favorite]


I sortof can't imagine dumping a piece of great software because "It's ugly." I guess I'm rather lucky I started with LastPass as my first password manager; more and more I appreciate its fine points, and I'm going to be loyal, rather than run off with some cheap, floozy software that's painted up with glitter and has lots of chrome and what-have-you.

In love, I went the other way, my first real love was my little ex-wife, and oh man, not only was she extremely functional and loaded up with fine points but she was also just glittered and chromed all over the damn place. Since she got smart and waved me goodbye, I've mostly been unable to be satisfied with a great woman who's maybe loaded up with every sort of fine, functional point there is, but maybe not so much sparkle, perhaps a bad-looking interface, if you will.

Had I started out with a LastPass sort of gal, I can't help but think how much better my life would be, in certain respects.

It's like that old Jimmy Soul song: If you wanna be happy except substitute the word LastPass in the appropriate places. I even sortof crafted alternate lyrics for the song. As follows:
If you wanna be happy for the rest of your life
Hold with LastPass, ignore all the haters strife
Sure, it's not but my personal point of view
But stick with LastPass so's ya don't get screwed

posted by dancestoblue at 9:46 AM on December 16, 2015 [1 favorite]


KeePass or KeePassX (depending on which branch you want -- both of them are fully cross-platform now anyway so it's moot)

KeePassX has recently released the first stable 2.0 version which uses the newer kdbx format of KeePass.

As for browser integration, I don't need it: KeePass is only ever used for generation and storage of new login credentials that are immediately added to the browser's own password manager (save for a few important sites I prefer to keep out of it), and for other non-web-related sensitive info.
posted by Bangaioh at 2:01 PM on December 16, 2015


EFPP suggested you need to remember something like 600 different passwords. But who has 600 bank accounts? My point is there are maybe two or three classes of necessary security. Banking and communications, social media & PII related services (which do not directly impact class 1) and then whatever--some site you have to give an email address to inorder to access content. Of course, this requires throw away email addresses too.

I say this because I'm astonished at the level of security for some sites. Require things like char, num, special and at least 8. All this for a forum site for some such programming language?!?

I must say this has been a very informative post.
posted by xtian at 4:05 PM on December 16, 2015


Fair enough—but if you want to use the same passwords for all of your (current and future) "low-security" accounts, now your problem is to come up with a password that satisfies the requirements of all of those systems.
posted by escape from the potato planet at 1:10 PM on December 21, 2015


Another bonus to passphrases is that they're easier to enter by phone.
posted by CBrachyrhynchos at 7:27 AM on December 22, 2015


« Older Moe desu   |   Animation vs. Minecraft Newer »


This thread has been archived and is closed to new comments