5

Introduction:

I used to use the same password for everything (it was at least a really random password with fake words). Then I found out that I should have different passwords for different sites cause some developers have no clue about security and store things in plaintext or just let themselves get hacked (jk). So I came up with a solution that is easy to remember yet (I think) has high enough entropy. Let me explain.

Explanation:

I take a made up series of characters (in my case it's something I can say like a word but it's fake) and numbers (optionally punctuation if the site requires it, although lately I just put it in because it's hard to remember which site requires it) and use that as the basis for all my passwords. Sounds insecure? Well, I then add a 'salt' of sorts. I add the name of the site to my password. I won't say where but it could be at the start, middle, or end. I use camel case (e.g. camelCase) so I can satisfy the upper case requirement. Finally, if I know the site expires passwords monthly, I add the month in some format. Usually these sites need high security so the extra characters help with password strength.

Overall, the average entropy is very high. 2e23 is roughly the number of possibilities (upper/lower + number + 1 special char). That's assuming average of 5 characters per site. Here's why I think this is the best balance between rememberability and strength.

Rememberability:

  1. You still only have to remember one password for all your sites. Except it's more of a password pattern
  2. If you use all the character types, you can always remember your password because of this pattern (there's some exceptions I'll get into below*)
  3. You see the name of the site when you log in, which is a part of your password
  4. You know the month you're in (hopefully)
  5. You type the pattern so often that it's muscle memory basically. For me, I just think about the site's name and it comes out and enter, I'm in!

Security:

  1. Length. Average length is very long by nature of combining two 'words': the site's name and your special password
  2. To add to the length point, if you take your regular 8 character password you've been using (e.g. Horses1!), join it with the site's name, you have now a very strong password; i.e. you're beefing up your existing password strength without much effort
  3. You have all character classes. Usually we chose the most obvious places for the special character classes (e.g. Horses1!), defeating the purpose of having them in the first place. Basically it doesn't raise entropy much because the rules are obvious. But the site's name throws this off. Because the rules don't work, they're back to good ol' brute force (until they get wind of this pattern)
  4. You get to choose a fake word that isn't in most dictionaries that password crackers use, even if they use the extended cut. That basically means they're back to brute force again.

Conclusion: https://xkcd.com/936/. We all remember XKCD's comic on password strength. He contrasts the hard to remember "troubador" with the easy to remember "correct horse battery staple". But what if you can have the best of both worlds? Passwords that computers can't beat but easy enough to remember so that humans will actually use it. If we can't remember it, it doesn't matter what entropy it is. And because of this problem, humans have always chosen a password that can be beat. Choosing and remembering a very complex password is good but all it takes is one site to have lousy security, e.g. not salting or even encrypting their passwords! Basically, we're salting it for them, by adding their site's name.

Thoughts? Do you think I'm full of shit and I've missed something? I'd love to hear it. This is years and years of thought that went into this final creation. Some people at my work have started using it. I know we have password managers but try logging in to your mobile device or TV.

Exceptions:

*This is why it pisses me off to no degree when sites REFUSE to let you set a password greater than 8 characters. Why? Are you still running Windows 92? As in the year 92? If someone can explain why that is a security requirement. It throws a huge wrench in my password scheme. I've even just completely boycotted the company's products because I can't sign up with them. Or other stupid rules like no two identical characters in a row.

EDIT: I'll add some more parameters here because we'll then be saying nothing is secure unless you have CIA-level security or something. How secure is this for regular people who cares about their security? Also, password managers are not sufficient because they are not always supported on mobile. Randomly generated passwords have the same flaw because typing them into mobile (or another computer that didn't save that password) is frustrating and people will just end up using smaller, easier to remember passwords. Also, don't assume these people are have the patience to do that. We're just talking about regular people here having to do with security issues.

Geoff Lee
  • 149
  • 1
  • 1
  • 6
  • 8
    There's really, really, really no need to reinvent a wheel. Just use a password manager like LastPass, 1Password, KeePass, or numerous others. You will be able to use a truly random password for every site you use. Most of these products allow you autofill them in your browser (preventing phishing attacks) and to sync to your phone (so you can have your passwords backed up with you everywhere you go). – Stephen Touset Mar 24 '17 at 05:27
  • A similar discussion. https://security.stackexchange.com/q/35619/21234 – Shurmajee Mar 24 '17 at 05:53
  • 1
    "*the average entropy is very high. 2e23*" -- judging from the method description which you included, the entropy is close to 2e-23. Entropy is **not** the number of possibilities and XKCD was an attempt in explaining this. – techraf Mar 24 '17 at 07:04
  • "Also, password managers are not sufficient because they are not always supported on mobile." That's just flat-out false. Almost all password managers I'm aware of have some sort of mobile client. Where are you getting this idea from? – Ajedi32 Apr 24 '17 at 18:16
  • https://security.stackexchange.com/questions/63267/how-to-memorise-multiple-xkcd-style-passwords-for-particular-services/161005#161005 – SDsolar Jun 02 '17 at 02:38
  • CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN – SDsolar Jun 02 '17 at 02:43

4 Answers4

12

As far as brute forcing your password, you are right. The length and complexity of your passwords are good enough. But I think you fail to take into account the following problem.

You note the problem that sites save your password in plaintext. This means you must take into consideration the possibility of an attacker getting a plaintext password of yours.

If I were you, I would ask myself:

If someone got one or two of my passwords, how hard would it be to recognize the pattern?

In your case I feel like it would be pretty easy, given your process. If your were to dissect your rememberability section in the question, I think you'll find that the points you note are exactly to things that make your pattern easily replicated.

You still only have to remember one password for all your sites. Except it's more of a password pattern

This is exactly what will let an attacker use your pattern against you and log in as you to another site to which you are registered.

You see the name of the site when you log in, which is a part of your password

So does the attacker. He/She sees that you are using the name of the site in your password and then is able to use the name of whatever other site they try to log in as you.

You know the month you're in (hopefully)

Again, so does the attacker. And if this is an old password that the attacker has, he/she can still reduce the 'search space' to 12 (months).

It is a decision you get to make - what is more important to you - security or rememberability. But as Stephen Touset said, there is absolutely no need to invent the wheel, and the solutions currently available are much safer, and in my opinion easier to use.

MiaoHatola
  • 2,284
  • 1
  • 14
  • 22
  • 3
    Everything in this is exactly correct. Use a password manager. However, the only caveat is that in today's breach-heavy society, most of the captured/decrypted passwords are just being run as a dictionary attack against common services. Less skilled attackers are buying lists of passwords that they automate against Gmail/Facebook/etc. Unless someone specifically targeted you, this wouldn't be the worst thing. But that's not to say you should take the risk. Just use a password manager and make each site unique. – Andrew Mar 24 '17 at 13:11
  • To Andrew's point: Password manager sounds great in theory until it gets compromised. It only needs to be hacked once. And they also don't solve the problem with mobile and some apps not supporting it. – Geoff Lee Mar 26 '17 at 04:56
  • To MiaoHatola.. Yes, if someone got a hold of my password, they could figure it out pretty quickly on the first, definitely second. But we're on the assumption that I'm a nobody and no one is going to waste that much time on me. Password managers are not available on most mobile apps. The idea that they solve all these problems is not true currently. They only solve the web's password security. So you still have to remember passwords for now. To your concern that a hacker will spend hours figuring my passwords out, I'll leave that to when I get rich and have better security anyways – Geoff Lee Mar 26 '17 at 05:00
  • @GeoffLee Well, if you assume nobody will attack you because you are a nobody, you can go with 'Monkey123' and be done with it ;-) – MiaoHatola Mar 26 '17 at 05:16
  • 1
    "Password managers are not available on most mobile apps" I'm not sure where you get that impression, but yes. Yes they are. Plenty of password managers have autofill capability, and plenty more have custom keyboards that can search for the currently open app and offer up buttons to fill in username and password. And there is always the obvious fallback of copying username/password to the clipboard. – Ben Mar 27 '17 at 04:52
  • 2
    @GeoffLee "Password manager sounds great in theory until it gets compromised. It only needs to be hacked once." Same goes for your convoluted password generation scheme. Really the only thing you're adding is security by obscurity (i.e. hoping nobody targets you specifically) at the cost of more robust security (i.e. not sharing sensitive information between sites). Whether that's a worthwhile trade-off for you or not is for you to decide. – Ajedi32 Apr 24 '17 at 18:09
5

Here's how to evaluate how secure a password generation method is:

  1. decide how much entropy you want from your password, generally I consider 2**75 is as sufficient for the average people. People who don't really need much security can probably do less than that, while people who works on high security requirements would want to increase that
  2. Calculate how much entropy is involved in the generation of the password. Note than password entropy is calculated based on the generation method, not the apparent complexity of the resultant password.
  3. Subtract any entropy losses due to the password policy and ahh theoretical rejected passwords
  4. This entropy calculation should be higher than the entropy you decide in step 1

Note that those calculations have to be made based on an attacker that knows the exact password pattern you're using. Further reading: What security considerations are there when developing a random password generator?.

I take a made up series of characters (in my case it's something I can say like a word but it's fake) and numbers (optionally punctuation if the site requires it, although lately I just put it in because it's hard to remember which site requires it) and use that as the basis for all my passwords. Sounds insecure?

It can be secure, or not. It depends on how you generate those series of characters. If you use a fair random number generator like your computer's properly configured CSPRNG, then take full entropy based on number of permitted character set multiple by the length.

If you manually generate random looking strings, perhaps by typing down random strings, then do realize that human is a very poor randomness generator. It's very unlikely for a human to be able to generate a uniformly distributed randomness.

Well, I then add a 'salt' of sorts. I add the name of the site to my password. I won't say where but it could be at the start, middle, or end.

This adds very little entropy, it adds just 2-bits of entropy at most. I would just discount it.

I use camel case (e.g. camelCase) so I can satisfy the upper case requirement.

This also adds minimal entropy, probably just around 3-bits top.

Finally, if I know the site expires passwords monthly, I add the month in some format.

Likewise, this adds less than 4-bits of entropy.

Usually these sites need high security so the extra characters help with password strength.

No, the additional stuffs like adding site name and month have very little entropy. It might fool the site into believing that it is a high entropy password, but in reality, it's not that high.

Overall, the average entropy is very high. 2e23 is roughly the number of possibilities (upper/lower + number + 1 special char). That's assuming average of 5 characters per site. Here's why I think this is the best balance between rememberability and strength.

No, your password might appear complex but the entropy involved in the generation is very low. 2**23 is just slightly above 8 millions possible passwords, even a weak attacker with an old machine against a very strong salted password hashing method, where the attacker can only calculate one password hash per second, your password will only take 3 months to brute force. Modern average password cracking rig can calculate billions of hashes per second, a password with only 2**23 entropy can be brute forced in less than a second in modern machines.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
  • 1
    Using Shannon entropy as a password strength metric is also insufficient because it does not capture the *psychology* of passwords. "itsmypartyandillcryifiwantto" has 111 bits of Shannon entropy, but is an extremely poor password. Suggesting that adding a month to the password adds 4 bits of entropy is technically true, but misleading, as it does not add much *real world* entropy. Password crackers know that people do this, and it's trivial to add months in many forms ("Sep", "september", "09", "9", "Septiembre", "rebmetpes", etc) to a bruteforce attack. – Royce Williams Mar 24 '17 at 17:19
  • 1
    @Royce Williams: in my answers above "adds x-bit" are maximum entropy that could've been add by the respective scheme, yes, I'm being overly generous with my calculations. As you correctly pointed out, the real world entropy of those suffixes are generally less than my calculations seems to imply as real attackers don't just use pure brute force. – Lie Ryan Mar 24 '17 at 17:46
4

Your method is not secure - because your password is not being randomly generated.

If the attacker, by learning your exact method, makes your password weaker, then there is room for improvement.

No matter how complex the method is, as soon as a determined attacker learns that method (because one of your web sites happens to be storing passwords poorly), then password methods like these are a liability, just as MiaoHatola said.

For more information, see my answer here.

Royce Williams
  • 9,128
  • 1
  • 31
  • 55
  • I'll revise my answer because everyone's thinking that a hacker will spend hours trying to figure out my passwords. I'm just saying a general strategy for every day use. Most people will never have to get more complex than this. At the same time, password managers don't work on mobile very well – Geoff Lee Mar 26 '17 at 05:01
  • Hackers won't spend hours on your password. Instead, they will spend hours on *millions* of passwords simultaneously, at rates of billions of guesses per second, from the next big leak. Then, once your password pops up, they can sell it to someone who is buying them in bulk. Note also that random passphrases are better suited for mobile devices. They are longer to type, but they can be all lower case, which *really* streamlines data entry and reduces error rates. There are also some password managers that work nicely on mobile, including some of the KeePass clients. – Royce Williams Mar 26 '17 at 06:43
0

Entropy. Ah.

That's a total strawman. Actual brute-force attacks are a tiny fraction of how passwords are actually discovered in the real world. The variant of cracking hashes you obtained in a database leak is more common, but frankly speaking as long as your password isn't in the top 1000 or so, a lot of attackers won't even bother because by the time they come around to actually trying random combinations, they already broke so many accounts with weak passwords. It may even be more profitable to break into the next site and crack their password hashes using the top password combinations.

To answer the question of whether or not a password is secure we can't focus on only one threat. We need to look at all of them. So how well does your password protect against:

  • should surfing ? -- can you type it fast and flawless?
  • keyloggers -- length, complexity, nothing matters if the attacker gets a verbatim copy of your password. You could use a 2048 character random UTF8 password and it wouldn't matter.
  • phishing -- again, nothing matters if you give your password to the bad guys directly
  • side-channel attacks -- yes, that's a thing. A long passwords makes it more troublesome (i.e. more work), while complexity matters little. In reality too rare to justify worrying about it.
  • plaintext storage -- if the sites you use your passwords on are idiots and store the password in plaintext, then you are fuc... fast out of luck.

That's the password. Now for your scheme - having a different password for every site is a good choice. Using the site name as a seed is fine for a low threat level. The typical attackers don't look at the password manually. They do mass-attacks on masses of passwords and masses of sites and everything is scripted. If this method becomes even slightly common, they'll incorporate it into their scripts. Until then, you are fine. A high threat attacker will, of course, understand your scheme very fast and will be able to deduct your July password for Github easily from your March password for Stackoverflow. But that attacker probably has other attacks available to him anyways.

So in summary: Your password scheme is reasonably secure for websites and low-importance uses. I wouldn't recommend you use it for online banking and other high-importance cases.

Tom
  • 10,124
  • 18
  • 51
  • None of the points you mentioned in this list are relevant to the password creation scheme. They are relevant to password authentication as a whole. I would remove them from the answer. –  May 24 '19 at 12:01
  • How are the various threats not relevant when you want to evaluate the security of the password scheme? – Tom May 24 '19 at 12:05
  • 1
    Because a.) you usually don't have the option to change an authentication scheme as a user, and b.) OP asked "How secure is my password generation method?" and not "How secure are passwords in general?". I'm not saying that anything you said is wrong, just that it is not really in scope. –  May 24 '19 at 12:37
  • No, you can't change the auth scheme. But if you want to know how secure your scheme is, you need to understand against which threats it helps and against which it is useless - including because any other scheme would be useless as well. No point in wasting effort on a complicated effort that only applies in 1% of the cases. – Tom May 24 '19 at 12:45
  • And here is the important point: None of the points you mentioned are related to the scheme OP proposes. They are related to the underlying environment. It's as if OP asked "How safe is it to ride a bike with a flat tire?" and an answer explained that it's inherently unsafe, as he might die from a heart attack any moment, due to being human. While technically true, it's a risk associated with having a heart, not riding a bike with a flat tire. Likewise, the risks you stated are inherent to passwords, not inherent to OPs scheme. –  May 24 '19 at 12:48