How to crack passwords; how to set passwords
July 21, 2016 7:13 AM   Subscribe

Mike pound explains how to crack passwords to Computerphile. And, on the basis of this he suggests how to choose them. (yes he has read XKCD on the matter). Bonus file on how (not) to store passwords.
posted by rongorongo (108 comments total) 35 users marked this as a favorite
 
For others who are curious what this is about but don't have the time to sit through three videos, here's the description of one of these videos:
"Dr. Michael Pound, a computer science researcher and professor at the University of Nottingham, uses hashcat and 4 GPUs in parallel to go through 10 billion hashes a second in this Computerphile video. He calls his deep-learning server the 'Beast.' If you're new to cracking passwords, he does a great job breaking down the process of what's going on as hashcat does its magic."
It's some crazy brute-forcing, to be sure.

Not to sound like a meanie, but I am not seeing a ton of discussion about this on infosec sites. Is there something new in the videos?
posted by wenestvedt at 7:50 AM on July 21, 2016




Does Metafilter use MD5?
posted by Samuel Farrow at 7:58 AM on July 21, 2016


Hello? Mods?
posted by Samuel Farrow at 8:00 AM on July 21, 2016


discussion about this on infosec sites. Is there something new in the videos

No, this is something we do all the time in infosec. It's a good introduction to password cracking though, as usual from computerphile (big fan of the series, as well as the other sister channels).
posted by rpn at 8:02 AM on July 21, 2016 [5 favorites]


If your password is any variation of "password" or has any of the numbers 1 2 3 4 in order in it, you need to delete those passwords—maybe delete your account—out of shame.

I like his style.

A question for UK MeFites: what regional accent is that?
posted by Johnny Wallflower at 8:08 AM on July 21, 2016 [1 favorite]


Does Metafilter use MD5?

As far as I know, MeFi moved from plaintext to MD5 in 2006, to salted SHA-256 in 2007, and to bcrypt in 2015.
posted by zamboni at 8:16 AM on July 21, 2016 [13 favorites]


If your password is any variation of "password" or has any of the numbers 1 2 3 4 in order in it

If you know your password, you're probably doing it wrong.
posted by effbot at 8:18 AM on July 21, 2016 [24 favorites]


His accent is Estrine. But with a little received - I'd expect for the camera. He could talk like a Kingston Mockney for all he gives away.
posted by Samuel Farrow at 8:24 AM on July 21, 2016 [2 favorites]


I was hoping that people would scold me about passwords today again
posted by thelonius at 8:30 AM on July 21, 2016 [18 favorites]


Re listened - he has a received English accent - most likely went to public school. Could be from anywhere - my best guess is he is sitting in an office in Reading, Leatherhead or Watford.

Pronounces grass like mast - not ass. So learnt English with the second French influence.
posted by Samuel Farrow at 8:31 AM on July 21, 2016


Doesn't sound exactly estuarine (or French - what?) to me, though I have no ear for accents.
posted by Segundus at 8:45 AM on July 21, 2016


It sounds like he's switching θ for f, e.g., "thought" becomes "fought," which I associate with a London accent.

Anyway, </derail>
posted by Johnny Wallflower at 8:48 AM on July 21, 2016 [2 favorites]


I use the same password across all my various internet accounts and it hasn't negatively impacted me whatsoever, is what beerperson would probably say
posted by beerperson at 8:49 AM on July 21, 2016 [26 favorites]


I should start a web service where you can type in your passwords and I'll "check if they're secure".
posted by Galaxor Nebulon at 8:59 AM on July 21, 2016 [6 favorites]


Based on his thinking, I feel pretty confident that the 28 character password I used for my web hosting is OK. Plus it also has 2-factor enabled, so there's that.

(The password my wife uses for everything? Not so much)
posted by caution live frogs at 9:03 AM on July 21, 2016


I’d say London/Estuary as well, he has a glottal stop in words like ‘not’. He also pronounces his ‘r’s slightly oddly, but I think that’s just him rather than his accent.
posted by Bloxworth Snout at 9:12 AM on July 21, 2016


If your password is any variation of "password" or has any of the numbers 1 2 3 4 in order in it

Wrong! asswurdpAwontoo3fore is an awesome password! In your face!
posted by It's Raining Florence Henderson at 9:13 AM on July 21, 2016 [2 favorites]


I use the password reset feature of most websites as my password manager.
posted by AugustWest at 9:15 AM on July 21, 2016 [36 favorites]


That's the kind of thing an idiot would have on his luggage.
posted by borkencode at 9:16 AM on July 21, 2016 [5 favorites]


I'm most worried about the attack where someone persuades a cellphone provider to issue them a new SIM activated for your number, which deactivates your phone and lets them get text message two-factor auths and use lost-password procedures first to get access to your email, thus to everything.

I think my Gmail is safe against this, as its TFA is based on app-generated one time numbers, but most of ny financial online activities uses text auths. I should get a second mobile to use just for security and never reveal the number to anyone, which would be proof against this, but that's an extra ongoing expense and inconvenience.

Of course, the cell provider shouldn't give out that SIM without proper security checks, but they do. Your online security is in the hands of minimum-wage shop assistants.
posted by Devonian at 9:19 AM on July 21, 2016 [5 favorites]


I have to confess I have Pretty Good password security and have kind of fallen into the "you don't have to be faster than the bear, just the other guy" mentality where I figure my Pretty Good security will put me about six tranches below everyone who is using "Password" and "1234" as their password, and hackers will be so busy looting them that they'll never get to little old me.
posted by Shepherd at 9:23 AM on July 21, 2016 [3 favorites]


my best guess is he is sitting in an office in Reading, Leatherhead or Watford.

Based on having obsessively watched every episode of Computerphile (which is fucking awesome, heavily recommend Prof Brailsford's videos especially) I'm pretty sure based on specific statements he makes in other videos that he's in Nottingham. Definitely not a Notts accent, of course.
posted by Dysk at 9:24 AM on July 21, 2016 [2 favorites]


The credits on the videos say, "University of Nottingham."
posted by CBrachyrhynchos at 9:27 AM on July 21, 2016 [2 favorites]


To be fair, all Computerphile videos say that, and they're not all filmed at the university (or indeed in Nottingham).
posted by Dysk at 9:30 AM on July 21, 2016 [1 favorite]


I salt all my passwords with password1234. They're totes secure!
posted by blue_beetle at 9:35 AM on July 21, 2016 [1 favorite]


If you know your password, you're probably doing it wrong.

Naw, not necessarily. Length matters more than going all jas;5j3k42w;45jfo2hj with it. As long as you follow his ideas for dealing with a dictionary attack by using uncommon-ish words.
posted by middleclasstool at 9:37 AM on July 21, 2016


Zen's Password Security Rule: The probability of my password ending-up on a Post-It note is directly proportional to the frequency with which IT makes me change it.
posted by ZenMasterThis at 9:39 AM on July 21, 2016 [14 favorites]


Shepherd: "I have to confess I have Pretty Good password security and have kind of fallen into the "you don't have to be faster than the bear, just the other guy" mentality where I figure my Pretty Good security will put me about six tranches below everyone who is using "Password" and "1234" as their password, and hackers will be so busy looting them that they'll never get to little old me."

I wonder if there are hackers that go after the people with barely breakable security on the theory that people who care are high value targets.
posted by Mitheral at 9:47 AM on July 21, 2016 [2 favorites]


I wonder if there are hackers that go after the people with barely breakable security on the theory that people who care are high value targets.

I'm not sure that theory really holds. I suspect that the demographic that uses password managers and/or good passwords with no reuse is likely to be geeks, computer people, and people with an interest in infosec. This probably doesn't correlate all that strongly with people who have lots of money in some way accessible via accounts linked to their email without two-factor authentication, and who won't detect a breach and shut accounts (notably debit and credit cards).
posted by Dysk at 9:57 AM on July 21, 2016 [1 favorite]


hunter2
posted by Johnny Wallflower at 10:02 AM on July 21, 2016 [1 favorite]


Did it work?
posted by Johnny Wallflower at 10:02 AM on July 21, 2016 [5 favorites]


I keep telling you guys, if you just use Enochian or Aklo for your passwords, the problem solveds itself -- the third wrong guess calls The Phishers from Outside. You can't get better security, really.
posted by GenjiandProust at 10:07 AM on July 21, 2016 [4 favorites]


I wonder if there are hackers that go after the people with barely breakable security on the theory that people who care are high value targets.

Honestly, there's enough high value targets that use terrible passwords and practices that 99% of the time, it's not worth going after those that use even moderately high levels of security. Nation state level actors might target some specific individuals with high levels of security, but even then they're going to try to work around the fact that the password is strong rather than to try to crack it.
posted by Candleman at 10:10 AM on July 21, 2016 [1 favorite]


my password strategy is to assume everything with an internet connection is already hacked, and act accordingly.
posted by Glibpaxman at 10:17 AM on July 21, 2016 [2 favorites]


> Pronounces grass like mast - not ass

They all rhyme perfectly to this English person ;)
posted by vbfg at 10:44 AM on July 21, 2016 [5 favorites]


I wonder if there are hackers that go after the people with barely breakable security on the theory that people who care are high value targets.

That would be a poor strategy because a strong password is also an indicator that the user is practicing good password hygiene. So that password probably isn't being reused on other services, and unless we're talking about a bank or some other very high value target, there's not much point in it.
posted by wotsac at 10:52 AM on July 21, 2016


I keep telling you guys, if you just use Enochian or Aklo for your passwords, the problem solveds itself -- the third wrong guess calls The Phishers from Outside. You can't get better security, really.

Too many sites still only shoddily encrypt some minimal ranges of ASCII, rather than hashing a relatively arbitrary set of bits.
posted by wotsac at 11:01 AM on July 21, 2016 [1 favorite]


I used to work in a security related field. We numbered communication levels like "Secret 1, 2," etc. And we had Top Secret which was the one senior execs used. That was the second lowest one as they refused to deal with the extra hassle
posted by doiheartwentyone at 11:07 AM on July 21, 2016


My guess: if "correct horse battery staple" style passwords become popular, they will fall prey to dictionary attack even if practitioners use unusual words because people will likely gravitate to the same subset of unusual words. In fact many people will just use four words from a favorite quote, slogan, motto, TV show, etc. "Well 'cromulent' ain't in the dictionary, so I'm safe!"

And you kind of wind up with this problem for any such scheme. The schemes are valuable largely because of their novelty, and if they cease to be novel, the password guessers will build systems to account for the new popular scheme and use our human nonrandomness against us.

I'm not happy about surveillance capitalism, but "sign in with Facebook" is really awfully sensible for a lot of people.
posted by Western Infidels at 11:22 AM on July 21, 2016 [4 favorites]


If "correct horse battery staple" users are picking the words themselves, instead of using a random number generator to pick them out of a dictionary, they're doing it wrong.
posted by baf at 11:53 AM on July 21, 2016 [5 favorites]


Candleman: Nation state level actors might target some specific individuals with high levels of security, but even then they're going to try to work around the fact that the password is strong rather than to try to crack it.

Nation-state level actors appear to work primarily through zero-day bugs and highly sophisticated malware. (As described by the DNC hack, the Kapersky hack, and of course Flame which likely involved both the CIA and NSA on some level.) At least the database captures we know about appear to be middle-grade hacking that takes advantage of published bugs. Canonical got hit last week but the attacker apparently didn't get password tables.

Western Infidels: My guess: if "correct horse battery staple" style passwords become popular, they will fall prey to dictionary attack even if practitioners use unusual words because people will likely gravitate to the same subset of unusual words. In fact many people will just use four words from a favorite quote, slogan, motto, TV show, etc. "Well 'cromulent' ain't in the dictionary, so I'm safe!"

Something that xkcd didn't really explore, and I didn't really hear in the computerphile video although I kinda listened in the background, is that for passphrases to work, they must be randomly selected via a method like diceware. It's not that hard to build a dictionary with the entire KJV, popular quote databases, and the lyrics from all songs that hit Bilboard lists in the last 30 years.

Now if you were to take the KJV, make a word list, and randomly select six words with independent selection, that would be difficult to crack. For example: I have a script that gives me "jeshanah" "riotous" "recompensest" "beast's" "keeper" "lacking" "joying" from the project gutenberg KJV text file with 13,375 unique words for ~ 7.7 * 1028 combinations which is better than a 12-character mixed case alphabetic at ~ 9.5 * 1020.
posted by CBrachyrhynchos at 11:59 AM on July 21, 2016


Any method that doesn't involve using password management software is doing it wrong.
posted by flabdablet at 12:00 PM on July 21, 2016 [4 favorites]


Any method that doesn't involve 4096 AES Public Key Encryption and at least two factor authentication...
posted by sammyo at 12:05 PM on July 21, 2016


Friendly reminder to users: turn on two-factor authentication for your accounts, where possible.

Friendly reminder to developers: don't build your own authentication system unless you really have to. Leave the password handling to well-known identity providers like Google, Yahoo, Facebook, Twitter, et al and accept logins from them.
posted by Triplanetary at 12:09 PM on July 21, 2016 [3 favorites]


Leave the password handling to well-known identity providers like Google, Yahoo, Facebook, Twitter, et al and accept logins from them.

But if all my websites rely on my Google password, how is that different than me using the same password on all my different accounts?
posted by msalt at 12:43 PM on July 21, 2016


baf: If "correct horse battery staple" users are picking the words themselves, instead of using a random number generator to pick them out of a dictionary, they're doing it wrong.
You're quite right, of course, but in practice I'm sure you wouldn't be surprised to find users choosing words with some personal meaning. A truly random passphrase of uncommon words (XKCD specifically suggested common words) is not necessarily so easy to remember, consider:
CBrachyrhynchos: For example: I have a script that gives me "jeshanah" "riotous" "recompensest" "beast's" "keeper" "lacking" "joying"...
Even if you can remember all that, how are you going to feel about plodding that out with your thumbs on a 4" touchscreen that isn't even showing you what you've typed so far?

How does an appropriately paranoid person choose words at random from a dictionary? If the answer involves dice, a paper dictionary, and a rulebook then 95% of the people who most need better passwords have tuned out right there. If the answer involves software you didn't write yourself, then what audit should one be prepared to perform to verify the software isn't recording or reporting your new password to someone?

I think the most important point Dr. Pound makes (and then does not, cannot really address) is: the password paradigm itself is not really appropriate for the service it has been pressed into.
posted by Western Infidels at 12:47 PM on July 21, 2016 [6 favorites]


But if all my websites rely on my Google password, how is that different than me using the same password on all my different accounts?

It's the same in one respect: if somebody gets that password, they can log into all your accounts.

It's different in that you're not handing that password to dozens of different sites with different levels of security, such that if the weakest of them gets hacked, your password gets out. It's also different in that if you need to change your password, you can just do it once, rather than having to remember every site that password was used on.
posted by Shmuel510 at 12:57 PM on July 21, 2016 [4 favorites]


But if all my websites rely on my Google password, how is that different than me using the same password on all my different accounts?

The main problem with using the same password everywhere is that you will eventually use that password on some fly-by-night poorly engineered service that stores your password insecurely, which leaves all your other accounts vulnerable when that service gets hacked.

Hopefully Google, Facebook, Twitter, and other identity providers are storing your passwords using best practices, which means that your password (presuming that it's good and random) won't be revealed even if their entire back-end database is compromised.

On the other hand, if you have a problem with these companies tracking your usage of the web, you might want to avoid using them to log in to other sites. I personally don't mind at all the sort of data aggregation used for targeted advertising that Google and Facebook engage in, so I always log in with Twitter or Google when it's an option.
posted by zixyer at 12:58 PM on July 21, 2016 [3 favorites]


Wouldn't "they could be using diceware, let me put all those words in my dictionary" be a problem?
posted by middleclasstool at 1:33 PM on July 21, 2016


My guess: if "correct horse battery staple" style passwords become popular, they will fall prey to dictionary attack even if practitioners use unusual words because people will likely gravitate to the same subset of unusual words.

Unless, perhaps, the practitioners are familiar with more than one language. Bonus points if any of your languages require transliteration.
posted by UbuRoivas at 2:16 PM on July 21, 2016


Western Infidels: Even if you can remember all that, how are you going to feel about plodding that out with your thumbs on a 4" touchscreen that isn't even showing you what you've typed so far?

Not very good, which is why I only use a handful of passphrases of that length, most importantly as the master passphrase for my password manager. Most of the rest are random strings. Although using a passphrase is easier to type on any keyboard than a shorter mixed-case password. Something needs to be done for authentication using mobile keyboards and game-console controllers.

middleclasstool: Wouldn't "they could be using diceware, let me put all those words in my dictionary" be a problem?

The problem of brute forcing any password increases exponentially the more tokens you string together. You can use numerals (10 tokens) as long as you string 25 to 30 random numerals together. (2025 combinations) For diceware, a six-word phrase has 77766 or 2.2 * 1023 combinations. And seven words jumps that to 1027.

Which is believed to be "strong enough" for now.
posted by CBrachyrhynchos at 2:30 PM on July 21, 2016 [2 favorites]


I can piss and moan about the world not adopting a standard that does not exist or I can spend ten minutes setting up Lastpass and five creating random paraphrases.
posted by CBrachyrhynchos at 2:47 PM on July 21, 2016 [1 favorite]


If "correct horse battery staple" users are picking the words themselves, instead of using a random number generator to pick them out of a dictionary, they're doing it wrong.

This just creates the exact same problems that users already have with passwords in terms of requiring memorization of multiple independent and incoherent strings of information and the resulting refusal of most people to do that. AlliedKhanTennisLakeCanton or whatever is only slightly more memorizable than a6K*t--L1c; assuming that you don't happen to have a strong association with those words or concepts. Instead of asking yourself "Is that an asterisk or a colon?" you're asking "Was it a lake or a pond? And was khan before or after tennis?", plus now you have 20+ characters to type into your phone.

Maybe dictionary attacks are so sophisticated (or will be in the near future) that picking four words that have even a slight connection to you or each other is truly not good enough. In that case, it only highlights how stupid passwords are and how urgently we need to replace them with a system of authentication that actually works for humans instead of continually increasing the complexity of the bad system we have ad infinitum.
posted by Copronymus at 2:49 PM on July 21, 2016 [1 favorite]


asswurdpAwontoo3fore is an awesome password!

Not anymore.
posted by Greg_Ace at 2:51 PM on July 21, 2016 [1 favorite]


And you kind of wind up with this problem for any such scheme. The schemes are valuable largely because of their novelty, and if they cease to be novel, the password guessers will build systems to account for the new popular scheme and use our human nonrandomness against us.


The value is in mnemonics. The idea is that due to the nature of memory "chunking" most people can remember seven words as easily as they can remember seven letters or numbers, and seven words drawn from a sufficiently large pool of possibilities gives a much, much greater search space than seven characters. The value of "novelty" in a password scheme is very little - for such a scheme truly to be any good it has to be good even when you assume the adversary knows the scheme. So you don't particularly need uncommon words either, just enough words. The average person recognizes something like 10,000 words. Diceware uses a list of 7,776 words. That's not too bad.

The bit that is a problem with this approach, as people a have pointed out in this thread, is that password generation becomes annoyingly labor-intensive. And you still can't expect people to remember dozens of different seven-word passwords for different logins. But at least you can use a strong password of this sort as the key to your password manager, and let it handle the rest.
posted by atoxyl at 3:06 PM on July 21, 2016 [1 favorite]


Because yeah - if it's not random it's not worth shit. And most people won't be inclined to bother with random. But that's another way of framing the upside of "phrase" passwords in principle - it's easier to recall a random string of pronounceable words than a random string of ASCII characters.
posted by atoxyl at 3:09 PM on July 21, 2016


Wouldn't "they could be using diceware, let me put all those words in my dictionary" be a problem?

Nope. That kind of like asking "If I put all of the upper- and lower-case letters in my brute force cracker, can I then therefore crack all passwords made up of letters?"

Think of each word in the diceware word list as just really complex letters in a giant alphabet made up of 7776 (6^5) letters. Cracking a five word diceware password is WAY harder than say 5 random letters. In fact, it works out that you'd need 11 random uppercase, lowercase, and digits to beat a 5 word diceware.

It also turns out that "chef cain rookie sort usage" (just generated that by literally rolling five dice five times) is a hell of a lot easier to remember than "LrQLxHSZk2v".
posted by quite unimportant at 3:25 PM on July 21, 2016


I'm always a bit baffled by resistance to passphrases. My former college encouraged a migration to them over 20 years ago and I just got used to them.

I'll admit, I cheat using an emacs lisp function and Project Gutenberg so my wordlist comes from one of my favorite texts. (Yes, I'm aware of the issues with custom wordlists and trusting CRNGs.) Curiously, that wordlist even larger than what I got from the KJV and bigger than diceware. I'll also put the resulting passphrase in my pocket until muscle training takes over, although I rarely need that slip of paper more than a handful of times.

Since I use a swipe keyboard, phrases are generally easier to enter than ascii soup. Phrases are easier to type on a QWERTY keyboard than ascii soup, for me at least.

That's just for the handful of passwords I must enter by hand. If it's in a browser, I'll let Lastpass do the work of creating and remembering the password. I think my Mefi password is 30-odd characters of ascii soup for example. A bonus is that it provides an easy way to take a vacation from certain sites. I just log out and delete the entry in my password manager.
posted by CBrachyrhynchos at 3:53 PM on July 21, 2016




if it's not random it's not worth shit.

Not quite. Following grammatical rules might reduce the strength to a certain degree but it's possible to have a non-random sentence that's still effectively uncrackable with today's technology.

"My fourth grade teacher had%a stuffed Triceratops named Steve."

It's not as strong as an equal length random passphrase would be but all but the most dedicated attackers would give up before breaking that, particularly if it were hashed properly.
posted by Candleman at 4:18 PM on July 21, 2016 [1 favorite]


Yeah what I really mean is just that the theoretical entropy of (N words from a pool of M) isn't there if the words aren't randomly chosen - but what I find concerning about that is the fact that it then becomes very difficult to get a handle on how strong your password actually is (or is not).
posted by atoxyl at 4:43 PM on July 21, 2016


Think of each word in the diceware word list as just really complex letters in a giant alphabet made up of 7776 (6^5) letters.

Ah, that's a good way of putting it. For some reason my brain was stuck on "there are fewer than 8,000 words in that list" and didn't get all the way to "think of how many five-word possible permutations there are out of ~8,000 words"
posted by middleclasstool at 5:10 PM on July 21, 2016


"Let's be honest. If you are storing your passwords this way (plain text in your database), you probably have other security holes too" may be my favorite understatement of the month.
posted by hilaryjade at 5:32 PM on July 21, 2016 [1 favorite]


use Enochian or Aklo for your passwords

WEAK




C͕̜̬͉̈́͋Ǫ̼̓̊̇̏̓R̸̨͚̼̎̎̋̎̀Ṛ̶͖̣͔̻͎ͭ̀ͬͭͭͣ̆̉͜͠E̸̢̞͓͈͍ͬͤ̎ͭͮ̒ͮ͡ͅC̵̛̦͎̳͇͉̳̞̟̆ͬ̄͗T̵̨̧̰̺̂̄̌̎̑̀̍̈́ͅ ̥̙͓̌̓̈̓ͭͨ̓ͯ͗͝͞H̡̝̱̺̃͌O̧͙̯͒͊͛ͦ͐͒ͨ̈́͘ͅR̘͍̭̙̹ͤ̇ͮS̨̰̖̩̻̗̻ͧ̋̅ͩ̔̂̂̍̌È͉̘̤̟́̂́̇̕ ̧̤̘ͧ̓ͥͧ̂̓͂͝͝B̸̷̢̩̞͔̟̟̹̤̊̐͑̔ͧ̾̂̅ͬA̅҉̳͚̦̝̪̩̟T͈̘̙͉̆̎̊̀T̻̳͕̬̪͙͚ͧ͋̑̽̆͢Eͣ͆̽̏̍̆҉̝̩͚R͉̠͕̱͈͔̝̂̓͛ͭͮ̉́Y͙̩͚̻̔̓͛̿̀̆ͫ̍ͩ͝ ̯̻͍̹̎̍̒̽ͪ̇ͪ̋̄͘Ş̸̆̐͏̻̟̙̖̙̫T̴ͥ̓͌͏̮͇A̼̦͈͎̪̙ͪ̂ͦͮ̊͌ͦ̿ͅͅP͊̋̄ͬ̋҉͈̪̼͖̼̣͈̹͟L̵̻̹̝͖̼̦̯̹̔͗͋̒͌͊̌̋Eͥ҉͚̮̫͙͟
posted by Johnny Wallflower at 8:12 PM on July 21, 2016 [6 favorites]


I should start a web service where you can type in your passwords and I'll "check if they're secure".

Done.

Read the main zxcvbn page first.

Note that the test page linked above contains strength-estimation code that runs entirely inside your browser; passwords you type into it never leave your computer. If unconvinced, unplug your network cable before running any tests and close your browser afterwards.
posted by flabdablet at 8:58 PM on July 21, 2016 [6 favorites]


I can piss and moan about the world not adopting a standard that does not exist or I can spend ten minutes setting up Lastpass and five creating random paraphrases.

I prefer the KeePass + Dropbox combination to Lastpass, because I don't like the idea of having ongoing access to all my passwords depend on the ability of some cloud provider not to go belly-up.
posted by flabdablet at 9:01 PM on July 21, 2016 [3 favorites]


Any method that doesn't involve 4096 AES Public Key Encryption and at least two factor authentication...

Well, I use a DoD CAC smart card a lot, which I believe is 2048 bit public key. It's actually pretty handy, all our keyboards at work have the slot built-in, and I got a 12-dollar USB reader for home. One physical card, one PIN to remember, lots of (work-related) sites, even public internet ones, work. It would be nice if I could use that for some kind of OpenID Connect-like thing for all my general internet sites like google/amazon.
posted by ctmf at 10:23 PM on July 21, 2016 [1 favorite]


If "correct horse battery staple" users are picking the words themselves, instead of using a random number generator to pick them out of a dictionary, they're doing it wrong.

As someone who's apparently doing it wrong... aren't I really just exposing myself to one risk over another?

On one hand, there's the risk that I'm much more predictable than I think, or that I'll expose my schema by talking about some specifics I might think make it difficult and offbeat on an internet discussion forum while being told I'm doing it wrong.

On the other hand, by using someone else's passphrase generation tool, I'm basically letting them define a limited word-alphabet that is likely enough to become another data space that cracking tools explore, particularly once it's popular enough to have come to my attention let alone when it endures and picks up broad use.
posted by wildblueyonder at 10:43 PM on July 21, 2016


You definitely are more predictable than you think, unless you think you're pretty predictable. This paper estimates 18 to 30 bits of entropy in a human-chosen 8-character password, while a truly random 8-character password has about 52 bits of entropy.

The problem of diceware being just another limited alphabet has been addressed a couple of times upthread already. TL;DR: the diceware wordlist is much larger than the list of characters you could type on a keyboard.
posted by hades at 11:16 PM on July 21, 2016


by using someone else's passphrase generation tool, I'm basically letting them define a limited word-alphabet that is likely enough to become another data space that cracking tools explore

The point of password management software is that once you're committed to using it, having a ridiculously strong unique password for each service becomes as convenient as not doing that. Limits on alphabets simply cease to matter once your passwords are all long and randomly generated.

My preferred scheme for password generation (handily supported by KeePass's templating feature) makes passwords like kyemh.boxnv.rywdj.ylaiz.nuadk. Even though the alphabet size here is only 26 (assuming that the adversary is familiar with the template format) the password is long enough that cracking it is simply never going to be feasible.

This way, on those extremely rare occasions when I find myself needing to enter a password on a device that won't run some variant of KeePass, I still have passwords that, though compliant with the rule that no password designed for human memorability is strong enough for general use, can be accurately transcribed reasonably quickly even on those idiotic touchscreen soft keyboards.

The only real irritant remaining are services that attempt to impose password "strength" requirements that have nothing to do with actual password strength. Apple, for example, rejects passwords in my preferred format for use with an Apple ID, yet accepts App1e123. And don't get me started on security questions... grrr.
posted by flabdablet at 11:38 PM on July 21, 2016 [2 favorites]


I came around to this back when Assange was talking about his opsec — he used "Four score and seven years ago," and recommended similar patterns. I figure, you know, of anyone who has had to live by opsec, him and Snowden probably have some of the most practical advice about passwords.

I will say that I differ on one point, and it may be a bad habit, but for sites that I don't want to have contact with — for example, if I want to troll Free Republic — I don't bother to secure them at all at the password level and reuse some of the same super-simple regular dictionary words all the time. But the rule I have for myself there is 1) don't reuse usernames, and 2) use throw-away emails that exist only for the account confirmation check. So while I know that they could be broken by a bored teenager in an afternoon, they're not going to compromise any other accounts because they're just going to look like chaff from any other rando. In order to put them together, a hacker would need to be able to associate them with my IP or Mac address, or based on my writing habits or something else, at which point, I've been compromised anyway.

Done.

Read the main zxcvbn page first.

Note that the test page linked above contains strength-estimation code that runs entirely inside your browser; passwords you type into it never leave your computer. If unconvinced, unplug your network cable before running any tests and close your browser afterwards.
"

That's a neat tool. I used to have to admin a CMS that required a new password every 30 days, and so I used a lot of passwords — it's fun to check against. That particular system was always frustrating because the rules it required (8-12 letters, including one number and one of !&$%*, but no reuse of more than four characters in a row from a previous password) felt more like theater than actually making for a safe system.
posted by klangklangston at 12:24 AM on July 22, 2016 [1 favorite]


the rules it required (8-12 letters, including one number and one of !&$%*, but no reuse of more than four characters in a row from a previous password) felt more like theater than actually making for a safe system.

Since the only feasible method for enforcing that re-use rule is to store passwords reversibly encrypted (or, worse, as plain text) rather than as salted hashes, there's no "felt" about it. That rule is clear evidence that whoever designed the associated authentication systems really is all about theater and either doesn't understand or doesn't care about actual password security.
posted by flabdablet at 12:33 AM on July 22, 2016 [3 favorites]


As is the one about maximum length, another fairly convincing sign that the passwords are not being stored securely. A salted hash occupies the same amount of space in a database table regardless of input length; any system that imposes a maximum length less than the 56 bytes allowed for by bcrypt is doing it wrong.
posted by flabdablet at 12:47 AM on July 22, 2016


Another strategy: make up a simple algorithm for generating a password based on where it's used; most of the password can be your standard password, but the algorithm adds just enough unpredictability that if one site leaks, the mafiya and/or *chan griefers can't pwn all your other accounts. For example, if the core of your password is “banana59”, you could add the first letter of the site name, making your MeFi password “banana59m”, your Google account “banana59g” and so on.

Of course, this is a simple and insecure version of this; in reality, you'd make your core password somewhat more opaque, and make the algorithm for combining the two something a bit less easy to pick apart than “append the first letter to the end”. You can change a number of things: how you derive the site-specific components from the name/details of the site, how you combine it with the core of the password, and whether you do any post-processing to it to mix things up. The key is that the algorithm is easy to remember, doable in your head (so no SHA1 hashing unless you're a savant of some sort) and unambiguous enough that you don't end up scratching your head and thinking “hang on; was my Facebook password 'yg7fba22n' or 'hg3fa9b22'?”

You can even have tiers; throwaway accounts at sites that don't have payment info or links to your real name could be “siteBLAHname” or something, whereas your Google login could be a 12-letter password involving a three-stage process.
posted by acb at 3:31 AM on July 22, 2016 [1 favorite]



*******
posted by Johnny Wallflower at 1:02 PM on July 21 [+] [!] [quote]


Did it work?
posted by Johnny Wallflower at 1:02 PM on July 21 [3 favorites +] [!] [quote]


Yeah looks good.

Another good bash quote about passwords.

I am so fucking pissed with you right now for kicking me back down the bash.org rabbit hole you have no idea.
posted by phearlez at 1:09 PM on July 22, 2016 [1 favorite]


Tiers rule. if someone manages to hack my account on the local paper to post inane comments, I can live with that. My bank password? Not so much.
posted by msalt at 1:43 PM on July 22, 2016 [1 favorite]


You definitely are more predictable than you think, unless you think you're pretty predictable. This paper estimates 18 to 30 bits of entropy in a human-chosen 8-character password, while a truly random 8-character password has about 52 bits of entropy...

I totally believe this for my dozen-ish character passwords that I choose for some situations. And it seems reasonable to say that diceware passwords are better than that. Or any random password generator is better than that.

But I'm responding to the idea that if users are picking passphrase words themselves they're doing it wrong. And this is where I'm not sure about the value of diceware (or similar tools) vs the value of human generated random four word phrases. I'd speculate that most language-capable people are possessed of much more sophisticated random phrase machinery in their head than random character machinery.

That'd probably take some study to figure out over a population, but I can probably test how well I do vs diceware. So, running a dozen samples me-generated passphrases (some I've used in the past, some I made up right now) vs passphrases generated by diceware through the "zxcvbn" checker linked upthread... I find the four word passphrases I came up with score comparably or better on all the metrics. Here's a few I tried:

* fireman snuggles black seaweed
* someone else's passphrase generation
* with perfidy unmatched by
* nickel burns fly sassy
* any kind conversation steered
* more twenty bears yawn

And I probably wouldn't use any of these without some additional variation that I'm happy to keep obscure.

I'd like to understand what specifically I'd likely be doing wrong in picking such passphrases out of my head, particularly when compared to diceware.
posted by wildblueyonder at 4:53 PM on July 22, 2016


Linguists know how people pick words. It's called Zipfs Law. And the bad news about Zipf's Law is that it allows an attacker to use a much smaller dictionary to get a majority of words. The point of using an RNG is to avoid falling into Zipfs Law in picking words. Now if you go deeper into the dictionary for more obscure words, that's better, at least until someone else with the same tastes in obscure vocabulary gets cracked.
posted by CBrachyrhynchos at 5:49 PM on July 22, 2016


zxcvbn seems absurdly sensitive to inter-word spacing. It ranks "moretwentybearsyaw" as much weaker than "moretwentybearsyawn" because "yawn" isn't in one of their dictionaries. "someoneelse'spassphrasegeneration" gets a pass because it doesn't recognize the possessive form. If it can find four words in the dictionary, time to crack drops to a few minutes.
posted by CBrachyrhynchos at 5:57 PM on July 22, 2016


I can piss and moan about the world not adopting a standard that does not exist ...

... or I can learn to not drink and not wear scanty clothing! Yes, we'd all like to walk outside, but maybe we ought to be aware of our surroundings, shouldn't we?

... or I can inspect my appliances to make sure they don't catch my house on fire!

... or I can get out of my wheelchair and learn to walk like a normal human, goddamn it. What are you idiots doing, whining about curb cuts and elevators?

I don't think people realize how perverse this kind of discussion is. If this were a thread about financial advice, people would be screaming about the sorts of stupid by-your-bootstraps advice everyone throws around on these sorts of threads. Hell, if this were a thread about nutritious cooking, I'm willing to bet someone would be calling the cook on their privilege. Saying you just don't have to be a "high value target with terrible password protection" is literally being willing to throw your neighbors to the wolves rather than look at the system from the outside. That's an attitude I'd expect to read on Reddit, not here.

Yes, I can install a password manager. Yes, I can use two-source validation. Yes, I can do ten thousand stupid things -- but I think I can also point out that this a problem that exists entirely due to the stupidity of the tech world, and it's something that needs to be addressed by the people who got us into this mess. And I'm willing to bet that some of the people who could start solving this mess -- by requiring password managers be installed everywhere and that schools train students in decent password etiquette, by making multi-source verification methods default, by doing any of ten thousand things with the stuff we have today -- are reading this right now.
posted by steady-state strawberry at 8:10 PM on July 22, 2016


start solving this mess -- by requiring password managers be installed everywhere and that schools train students in decent password etiquette

You'll be pleased to hear, then, that as a primary-school netadmin recently charged with the task of creating 380 new student accounts for our new instance of Google Apps for Education, I chose to publish the credentials for those accounts not by handing lists of usernames and passwords to the class teachers, but by automating the creation of 380 personalized KeePass database files in the kids' own folders on the school server, then making a PowerPoint presentation with annotated step-by-step screenshots to take them through the process of using KeePass to log on.

So far, such feedback as I've had about this has been overwhelmingly positive.

I really do enjoy the degree of autonomy granted me by this particular employer.
posted by flabdablet at 5:50 AM on July 23, 2016 [2 favorites]


this a problem that exists entirely due to the stupidity of the tech world

That's a little unfair. Proving unambiguously that you are who you claim to be, over a communication medium allowing as many possibilities for error and impersonation as anything like an Internet pretty much has to, turns out to be a hard problem which using some form of shared secret is actually a reasonable and effective way to solve.

The sheer scale of the technical power that's now available for breaking those secrets is mind-boggling, and I don't think a failure to grasp it amounts to stupidity. Naivete at worst.

Competent password management software has been readily available for well over ten years. The difficulty is in persuading people to give up managing their passwords using tools less well suited to the purpose, such as exercise books or Word documents or Post-It notes or human brains.

Again, I can't see how that amounts to stupidity either in the "tech world" or the wider community. There's always a tradeoff between security and convenience, and it takes being burnt by erring for too long on the side of convenience to motivate taking security seriously.

There are hundreds of millions of people alive today who will never suffer any negative consequence at all from using 123456 or hunter2 as passwords on every single service they use, or leaving their houses and cars unlocked at all times, or never backing up their tax records and photo albums. That's not stupidity, it's sheer luck. Fabulous when it works, but not reliable.

That said: I can think of no excuse at all for anybody with any kind of IT expertise to offer any advice on password management apart from USE PASSWORD MANAGEMENT SOFTWARE. If you're going to improve your security practices, you're better off using the right tools; after overcoming the usual learning hump, they make your online life both safer and easier.
posted by flabdablet at 6:21 AM on July 23, 2016


The difficulty is in persuading people to give up managing their passwords ...

... from using the techniques that they were taught by IT people for decades. Ten years ago, my bank's recommendation for remembering a password was to come up with something like "I like ice cream -- it's great!" and use "Ilicig8!" (That is almost a literal example.)

Password management is difficult, but it's difficult in no small part because the ways that people were taught to come up with and manage passwords turns out to be both a massive cognitive load for them and a horrific method for cybersecurity. That's on the tech sector, not on the people who have better things to do with their time than to keep up to date on the latest techniques for password management. (Again: What would you say if this were advice about how to diet? What would you say if this were a drug company?)

I apologize if I come off as hostile, but the difference in tone and attitude in password threads vs. any other kind of discussion at all gives me whiplash. In every other aspect of life -- from prescription management to disabilities to making sure your car's airbags work -- the answer has been to install failsafes, often due to legislation, not to pat yourself on the back for good practice and give out advice on You Tube. Johnson & Johnson redesigned their drug packaging in response to less than a dozen deaths. If passwords are intrinsically flawed, the solution is for the bright minds of the tech industry to think about ways to eliminate them entirely, not for people to snobbishly dismiss the idiots who can't bring themselves to do things in a different manner from the way they've been instructed to all their lives.
posted by steady-state strawberry at 7:44 AM on July 23, 2016


flabdablet: "Since the only feasible method for enforcing that re-use rule is to store passwords reversibly encrypted (or, worse, as plain text) rather than as salted hashes, there's no "felt" about it."

You can store a hash of every set of five characters in the password and then compare the hash of every five characters in the new password to see if any match. Even a 12 character password would only need 7 duplicate checking hashes to be stored.

IE: if the password was 1234567890AB store the hashes for 12345, 23456, 34567, 45678, 56789, [...], 7890A, 890AB.
posted by Mitheral at 8:14 AM on July 23, 2016


Saying you just don't have to be a "high value target with terrible password protection" is literally being willing to throw your neighbors to the wolves rather than look at the system from the outside. That's an attitude I'd expect to read on Reddit, not here.

No, it's a statement that there is no systemic alternative, either currently or on the horizon. There are technical solutions for users that are cheap, easier to use than the cognitive load of remembering strong passwords, and highly effective in practice.

I don't see this as comparable to diet where there are no non-trivial and broadly effective solutions to weight loss.

Note that most of us can walk and chew gum. In other discussions, I strongly advocate for the adoption of stronger password storage to reduce the impact of database thefts. But since I read about a database theft on the order of once a week, (last week it was Canonical), it's a problem that needs an intervention now, as opposed to next week, next month, or next year.
posted by CBrachyrhynchos at 9:23 AM on July 23, 2016


And to explain my snippy comment, much of the conversation in this thread struck me as along the lines of, "how can I be expected to do safer sex when we should have a cure?" And well, while I'd love to see a cure, I'm still going to practice safer sex and demand the same from my partners.
posted by CBrachyrhynchos at 9:34 AM on July 23, 2016


You can store a hash of every set of five characters in the password and then compare the hash of every five characters in the new password to see if any match. Even a 12 character password would only need 7 duplicate checking hashes to be stored.

IE: if the password was 1234567890AB store the hashes for 12345, 23456, 34567, 45678, 56789, [...], 7890A, 890AB.


Congratulations! You've just reduced the problem space for cracking the password hashes entirely to five character passwords! Except that for each set, you only need to determine one additional character per hash once you've cracked the first one.

This does not strike me as a particularly good idea...
posted by Dysk at 10:42 AM on July 23, 2016


You can store a hash of every set of five characters

Well yeah, you could do it that way.

You and I both know perfectly well that that isn't what's actually being done :-)
posted by flabdablet at 10:46 AM on July 23, 2016 [1 favorite]


my bank's recommendation for remembering a password

Banks, brokers and share registries, as opposed to the entire "tech world", are an excellent target for outraged yelling on this topic. Many of them have completely abysmal password handling, including but not limited to idiotic length restrictions (I've seen one bank impose an 8-character maximum length limit) and idiotic password content rules ("must have at least one special character from the set !@$* only"). Some of them are still using antiquated mainframe backends that not only store all passwords in plaintext but convert them to uppercase before doing so. Many of them still rely on wish-it-was two-factor authentication.

Taking advice from your bank on how to construct a good password is too often a terrible idea. They're shamefully and to my way of thinking almost inexplicably clueless.
posted by flabdablet at 10:54 AM on July 23, 2016 [2 favorites]


taught by IT people for decades

and still, to my chagrin, being advocated upthread by people I would have thought knew better.
posted by flabdablet at 10:57 AM on July 23, 2016


If passwords are intrinsically flawed, the solution is for the bright minds of the tech industry to think about ways to eliminate them entirely, not for people to snobbishly dismiss the idiots who can't bring themselves to do things in a different manner from the way they've been instructed to all their lives.

Passwords per se, in the sense of secrets kept for the purpose of authenticating claims of identity, are not intrinsically flawed at all. It's become fashionable to say that they are, but they're not.

Remembering all your shared secrets in your head, sharing any given authentication secret with multiple parties, and choosing secrets likely to be chosen or guessed by others are intrinsically risky activities. Bright minds within the tech industry have been providing software (much of it free) capable of eliminating entirely any need to do any of those things, for well over ten years.

I note in passing that people who can't bring themselves to do things in a different manner from the way they've been previously taught pose a problem the tech industry cannot solve by means of new techniques and procedures. New procedures need to be adopted.

Security is an attitude. It's not a product or service that can be provided to people unprepared to think about it; that simply doesn't work and can't ever work.
posted by flabdablet at 11:24 AM on July 23, 2016


My bank does something I've never seen anywhere else:

As part of the account-creation process, in addition to creating the usual password, you're presented with a set of images to choose from. You pick one (say, a tree) then create a phrase relating to the image (say, "number one the larch"). Thereafter when logging in, on the first screen you type in your user name. On the next screen, you're shown the picture and response phrase, and you're supposed to make sure they're both the right ones before entering your password.

I have no idea how this is supposed to be more secure.
posted by Greg_Ace at 11:37 AM on July 23, 2016


Yeah, that's security theatre bullshit. All it does is make it fiddlier to set up access to the site using a password manager. I recently encountered the same pattern (along with the whole #$@%ing "security questions" fiasco) at a share registry site.

The theory is that anybody who sets up a phishing site that's supposed to look like the real one won't be able to make their password entry page look enough like your personalized one to fool you. It's a shit theory, because it's operating on the wrong side of the airtight hatchway.

The right way to open sites you need to log into is to have their login addresses stored in your password manager, and always start from there. Which means you're not ever going to be logging into a phishing site; you're going to be on the right side of the airtight hatchway at all times.
posted by flabdablet at 11:56 AM on July 23, 2016 [1 favorite]


Ah, so it's only about phishing, then. I wondered if maybe the image/phrase was somehow stored separately from the password, or something, making it overall more secure in some bizarre fashion. Thanks for clearing that up.
posted by Greg_Ace at 12:05 PM on July 23, 2016


All those image/phrase challenges are doing is attempting to solve a problem that HTTPS and EV security certificates already solved a long time ago: proving to the client that the server is who it says it is.

In fact HTTPS also has a whole bunch of certificate-based stuff in it for doing the other-way proof (client proves identity to server) that's more usually done by passwords; client certificates are a thing, and once properly set up they can allow your browser to connect securely to any server and have that server know who you are without involving the traditional username and password in any way.

Client certificates were the response of "bright minds of the tech industry" to the password-free client authentication problem. Browsers have supported them for as long as browsers have supported HTTPS. However, the general public has pretty much entirely ignored their existence. Telstra, Australia's biggest telco, is about the only organization I'm aware of that ever made any real attempt to persuade its customers to use them; most customers still don't.

The trouble with client certificates is that acquiring and managing them involves expertise and understanding that server administrators typically do have but most browser users just don't. And there will always be orders of magnitude more clients than servers, so client certificates run aground on the rocks of scale in a way that server certificates don't.

Password management software is much easier to come to grips with than SSL/TLS client certificates, mainly because it doesn't involve learning anything really new; all it does is automate a set of processes that most people already understand how to do manually.
posted by flabdablet at 8:40 AM on July 24, 2016


Comcast is using client certificates for it's xfinity public wifi. They don't explain it very well at all, essentially telling me "just download this crappy proprietary mystery app so you can use wifi."

This is the wifi network that piggybacks on everyone's home cable modem, broadcasting a second SID so they don't have to deploy more access points. I'm not sure I trust Comcast enough to install their "app" - what else does it do? But I decided to give it a try as an experiment once. It still asks me for a password, so I have to wonder if they're doing it wrong. I never did get it to work, I don't think, and just gave up and uninstalled the app without trying that hard. No confidence.
posted by ctmf at 12:17 PM on July 24, 2016


If that works the same way as Telstra Air, the owner of the wireless access point needs to turn on a specific setting in their WAP to let other people get access to the carrier's VLAN via the carrier's SSID. Just installing the app into a client device isn't going to do squat unless that device can see a WAP that's been set up that way.

There are actually two levels of authentication required to make this work: the connecting client device must first authenticate itself to the WAP, to make sure that it's the carrier's app doing the connecting. Having thereby established basic network connectivity, the client device's owner then needs to authenticate to the carrier's accounting system so the carrier knows which customer account to bill for the traffic. That second bit is why the app would ask you for a password.

I would not be at all surprised to find that the device-to-WAP authentication is done using a client certificate installed in the device as part of the app installation process. This is a reasonable way to go about it, because eligible WAPs are to some degree centrally managed by the carrier and can be kept up to date with lists of eligible client device certificates, and the number of client certificates that need to be created scales with the number of versions of the connection app, not with the number of customers.

I would be very surprised to learn that the carrier provides personalized app installers that embed a client certificate identifying the individual customer account. Apart from being a complete security nightmare, it would be very difficult to make any such scheme play nice with existing app store infrastructure.
posted by flabdablet at 1:58 AM on July 25, 2016


Another baffling "security" feature:

There are a few schemes (Verified by Visa, Mastercard Securecode) that have the user type in not their whole password, but a few characters of their password ("Please enter the third, fifth, seventh and eighth character of your password"). This seems way less secure than requiring a user to enter their whole password - am I wrong?
posted by Gordafarin at 3:47 AM on July 25, 2016


It's an attempt to thwart other attacks, like keyloggers, man-in-the-middle attacks, and arguably phishing. If someone is watching what you type, they don't get your whole password.

How well it actually does this, and if it's worth the inherent trade-offs, well...
posted by Dysk at 3:55 AM on July 25, 2016


not their whole password, but a few characters of their password ("Please enter the third, fifth, seventh and eighth character of your password").

Better pray that the credentials databases from those outfits never get exfiltrated, because those passwords are stored in plaintext as sure as eggs is eggs.
posted by flabdablet at 8:39 AM on July 25, 2016 [2 favorites]


not their whole password, but a few characters of their password ("Please enter the third, fifth, seventh and eighth character of your password").

Better pray that the credentials databases from those outfits never get exfiltrated, because those passwords are stored in plaintext as sure as eggs is eggs.


I started to comment on methodologies a la Mithreal above, but yeah, you are unquestionably right. That is a methodology that screams the belief that the user is incompetent and not to be trusted and that they themselves are perfect and will never fuck up. Those are for sure people who will spend 100 hours on any outwards facing stuff and barely 15 minutes on backstopping their own internal operations.
posted by phearlez at 10:04 AM on July 25, 2016


I just wrote up an experience with an Australian share registry that has to count as some kind of case study in how to do everything wrong.
posted by flabdablet at 11:47 AM on July 26, 2016 [1 favorite]


There are a few schemes (Verified by Visa, Mastercard Securecode) that have the user type in not their whole password, but a few characters of their password ("Please enter the third, fifth, seventh and eighth character of your password"). This seems way less secure than requiring a user to enter their whole password - am I wrong?

I would like to believe that perhaps these people might store each character from the original password as a salted hash rather than in plain text. But given the coding horror of Verified by Visa's system; I'm not confident.

But this technique is also terrible from a human factors point of view because it depends on the user's working memory to be effective - and that has a limit of about 7 characters. If we are asked "Enter the 2nd, 5th and last characters of your password" (which is "Verity6") then we can just about do that in our head. However, try doing that when your password is "V3r1ty6!+9" - the only solution is to write down the password character by character, assign numbers to each letter and hope it works.

Finally, systems like Verified by Visa, break the concept of "Never enter your password on a website that you have been re-directed to" which we should teach as good security practice.

All in all - Ugh!
posted by rongorongo at 11:26 PM on July 26, 2016 [1 favorite]


systems like Verified by Visa, break the concept of "Never enter your password on a website that you have been re-directed to" which we should teach as good security practice

One that gets my goat is PayPal, which frequently emails me reminders to update my account details that could be used as textbook examples of phishing lures, complete with clickable links to sites that are not on subdomains of paypal.com.

I've taken to reporting every single one of them to phishing@paypal.com.
posted by flabdablet at 8:05 AM on July 28, 2016


There are actually two levels of authentication required to make this work:

I guess I'm just fundamentally incapable of wrapping my head around the certificate concept because every time I think I get it, it seems like I don't.

Why can't Comcast have some sort of corporate PKI that issues every customer a certificate? If the network can check my password in real-time, why can't it do the same thing with my certificate?
posted by ctmf at 1:46 PM on July 30, 2016


Why can't Comcast have some sort of corporate PKI that issues every customer a certificate?

Because there's very little benefit for them in setting that up; they don't have enough customers who care enough about security to make it worth their while. It's easier just to handball the problem of keeping your identifying secrets actually secret back to you.

Unless customer certificate PKI is going to replace the use of passwords for every purpose, implementing it just adds complexity. And the simple fact is that most people do not understand (or even want to understand) what it means to install a certificate on a device or into a browser; that means that client certs are never going to be a total replacement for passwords.

The fundamental strength of passwords is that as an idea they are easy to understand. Proving that you are who you claim to be by showing that you know a secret that nobody else could is something that just about everybody can wrap their head around.

Simple security is good security. The main trouble with PKI is that it's complicated and it propagates failures in unexpected ways. Exfiltrate a competently hashed credentials database and you get the ability to impersonate a bunch of people with weak passwords; exfiltrate a certificate authority's private key and you force everybody holding certs whose chain of trust depends on that CA to revoke them all and start over.
posted by flabdablet at 5:57 AM on July 31, 2016


How I made LastPass give me all your passwords
(tl;dr JavaScript because LastPass interacts with your browser)

Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us
posted by jeffburdges at 12:52 PM on July 31, 2016


« Older Remember it's your life. Live it any way you like.   |   The kappa may be adorable, but it has very few... Newer »


This thread has been archived and is closed to new comments