Yes. This is why I use a password hash function. The exact Hash function is in my head (and only my head), although it requires a lookup table for random bits. The lookup table is typically a poem, (when I was younger, I would use digits of pi, but I consider that insecure now), but can really be any sequence of words about 50+ that I can reproduce pretty much instantaneously.
The exact hash algorithm is my secret, but the input to the hash is the url of the website that I log into. So, we have
f (the hash function, which is secret).
url
poem (think of this as the "secret key").
so at each password login I compute f(url, poem), to get my unique password.
This is secure against prefix attacks and other guessing attacks, although not cryptographically so (unfortunately, I am unable to memorize a 128 bit pseudorandom string and the algorithm to SHA2, so this will have to do.)
But I'm still paranoid, so my google account uses a completely different password that has nothing to do with any of the above, because access to my google account is protected by 2-step verification and my android phone, and it is a very weak link. If you compromise my GMail account, you can pretty much use "I forgot my password" on every other account of mine. (While 1 of my banks requires email AND phone, since my google account relies on 2-step there is an unfortunate correlation in the failures there. So GMail really is account-vulnerability-complete for me.)
Or what if the company changes name? For example, I used to log into my bank on http://wamu.com and now they are bought by Chase so it's http://chase.com
I employ a similar tactic, and I can't recall ever one single site that I use changing its name. If it happened, I would then just change the password to reflect the name change, but it would be so infrequent that I'm not worried about it.
Yes! I've been using this method for years. But, similar to the article's premise, I actually have four different hash functions, of increasing complexity. Then, all I have to remember is what's the URL, what's its general level of data security, and what's the hash function for that level of security. The simplest hash is trivial to apply and can be done in real-time, but the most complex hash actually requires me to spend a minute or so to calculate.
Actually I like your idea of using a hash function.
While thinking about your solution, I remembered that pwgen on linux (I believe its also available for windows) allows you to create a recoverable password using a sha1 hash of any file and a seed.
e.g.:
pwgen -1 -H yourfile#url.tld
should allow you to create a unique password for each site, and it would be easily scriptable.
That's looks like a really good method. How quickly can you compute f(url, poem)? My hash function is f(url, one-of-3-master-passwords) and takes about 5 seconds to calulate.
I always feel like I missed out on being able to do proper hashing functions in my head. When my 8 month old son is old enough I'm planning on training him to be able to compute MD5 and SHA hashes.
So an example of this--if I understand correctly--would be setting the password for `secure.somewat.tld/login?r=dashboard` to, say the first few words with the same letter count as the words in the URL, but taken from a song that I know by heart; like "larger, chasing, 1, makes"?
Is there any reason for the often-repeated advise to change pws regularly?
If I have a unique password like vdknzB4XoAiJIpjlN3PGf for every account, what would changing it protect me against? Hardly keyloggers, because then changing it twice a year is probably too late.
Yes. Very often, administrators and victims do not know when their password is compromised. The policy of changing it is to cut present access off from those who already obtained it. It is just an additional safeguard over intrusion detection systems.
I always related it to the military practice of issuing new codebooks periodically. For one concrete example, the Japanese changed their codes right before the Battle of Midway, so the US was not able to under any of the messages sent during the battle. Unfortunately for the Japanese, the US already had enough information from cracking the former Japanese code that this really did not matter.
The only reason you would want to do this is if you use the same password for multiple things. You may have signed up with some website a year ago, used it once and then forgot all about it. If they get compromised you might not even know it.
If you change your passwords often then you don't need to worry about this as much.
I thought the second part of his conclusion was a bit hasty:
"... and change all your logins every six months at least."
Does he have any idea how impractical this is? If I could even remember every login I ever made, it would probably take more than 12 hours to do the manual labor of changing the password for them. No thank you!
Forced changing of passwords every x months is pretty common in the workplace, especially if the company is Windows based.
The problem is it's so easy to make your passwords be <root>+1, then <root>+2, etc. I've worked at places that detected that pattern and didn't allow it, so I would just hold down the shift key and iterate anyway, yielding <root>+!, then <root>+@, <root>+#, etc.
So even forcing your users to change their passwords will most likely cause them to find a way around it. IMO the problem is passwords are inherently a flawed concept. We need something better. Hopefully biometrics can truly solve this problem one day.
biometrics will still require a fallback for any general purpose system. For example, you can't require fingerprints because there's a chance you'll get users without fingers. You can't require retinal scans because there's a chance you'll get users without eyes. You could probably ask the user to spit and check their DNA, but there's a higher chance of spreading disease that way. Eventually you'll need a fallback of a password/key, and if I were an attacker, I'd always attack the fallback (it's often the least well thought out part of auth).
Also, fingerprints erode with certain professions and are susceptible to environmental things like sweat and dirt. Retinas change with disease and pregnancy. DNA is far too expensive to use daily, unless you restrict their accuracy to populations.
...and biometrics are not authentication, just simple access control. Many, many of us have the same biometrics - its a hash. Its hardly better than a garage door opener.
The problem with password managers is, when you're away from whatever machine you managed to get the thing set up on, you're locked out of all your accounts.
Also, if you share your 1password db on dropbox, you can later access it via a local web interface (always making sure that you trust the machine you're using).
This is why I always keep my encrypted keyfile on DropBox (usually a KeePass safe and a standalone installation of PasswordSafe USB mode).
This way, you can access your passwords from home, work, or your phone as long as you trust the machine you're logged into enough to log into DropBox and type your password safe password. If you can't tell if the machine is free of keyloggers, you probably shouldn't be logging into anything of personal value.
this. I use Dropbox with Keepass and Truecrypt. You can get these apps anytime from the web, put on USB keychain, or just remember Dropbox and run Keepass and Truecrypt from there. Just make sure to have a very long/secure Dropbox password, as that becomes the weakest link.
Firefox 4 and up have built-in password syncing (along with bookmarks, history etc). Everything's encrypted client-side, so you never have to worry about unauthorized access to them.
I put a copy of the database in cloud storage. There might be a little set-up to open it, but it's very rare that I need to get the contents on a new machine.
The nitpick with pw databases is they don't fully solve the problem; I still need to know the passwords for all my computers, cloud storage account, e-mail, the db master password.
The big advantage is how much more secure lesser used accounts are (and drop in frequency of password reset requests on those accounts).
This is not entirely true. You only need to really "know" two passwords... your cellphone screen lock and the password to the encrypted password database on your cellphone.
If your cellphone uses DropBox to store the database, then you can even lose your cellphone or simply access the database on desktops and laptops directly.
While this is true in theory, I don't maintain a copy of the database on my phone - when I converted to using a pw database I looked into it and didn't feel comfortable with the level of security on iPhone apps. I want to know exactly when and how information is being transported and when something is in memory.
The state of the art is probably more mature now, but this is information I'm not taking any chances with.
Isn't this vulnerable to someone guessing the prefix if the password is compromised? This assumes that you're up against identity theft, not automated spamming, but the algorithm you're using to hide the prefix isn't very robust. Does this matter to you?
I do something similar, however I take a portion of the site name an intersperse it throughout the stronger password in set positions. I could modify case of the site name snippet, however I do not currently.
While this is certainly relying on obscurity, it at least makes it much more difficult to figure out what is going on. I'd think you'd need access to two of my passwords in plain text in order to really figure it out.
My lastpass password is a 29 character password comprised of 3 parts, one of which is this pattern, the other two are 'secure' passwords i've used in the past but haven't been compromised to my knowledge.
Even with all of this - if one password was compromised in plain text I would likely abandon all of my passwords and try again with something new.
My bank is worse. They state alphanumeric, their form enforces alphabetic. 6-8 letters. Oh, and did I mention its case insensitive? The card number provides more security than the password.
I can only hope that the case insensitivity is because they're running it through the COBOL equivalent of .tolower() before hashing it, bit given the track record? It's more likely than not they're storing it in plaintext. Just as well I'd not reuse a weak password like that anywhere else.
Out of curiosity, what's keeping you from switching banks? If my bank did this, I'd switch immediately. Any bank that shows that level of concern for my finances doesn't deserve to be controlling them.
If you work in the US, you tend not to have that luxury with your 401k. Your employer picks the financial institution and you're stuck with it. See also health insurance.
I have a unique, random password for nearly every account I have (with a few throwaway exceptions). I store them all in a file, encrypted with a master password, and sync that file to all my machines using Dropbox. I open and modify the file with Password Gorilla on Mac and Linux and PasswordSafe on Windows.
Both programs read/write the same file format and allow you to create any internal hierarchy you want (eg Stores > Electronics > NewEgg, or News > HackerNews). Password Gorilla's UI is pretty bad, but workable. Both let me copy and paste a password without displaying it on screen.
Some systems don't require a complex password. I don't care if someone breaks into the game center thing on the iphone because my password is prettypony2 - what are they going to do, erase my high scores on Tetris? I'm sure as hell not copying and pasting a 16 character password between the LastPass app every time.
Given that the gamecenter password is the same as your iTunes / Apple account password, they could wipe out your account balance by buying / renting things. If you have any card details stored then they could go onto the Apple Store and order using those. They could see your billing address, and so intercept your mail, thus gaining more documents to eventually steal your identity.
Of course, if you only buy using the pre-paid cards you can buy in retail stores then all they can do is wipe out the balance.
I'm sure your response was partly flippant, but the implications because of Apples one universal account means that someone determined could do a lot of things.
what are they going to do, erase my high scores on Tetris?
Statistics show that most users use the same password everywhere, or at least at many different sites.
I don't know about you in particular, but for any given compromised set of emails and passwords a large number of them are going to work at gmail, facebook, their bank, etc.
Me in particular uses different passwords for different accounts, but you're right - most people probably use "bob123" for everything from their bank account to their email.
I'm the person who wrote the comment on Troy's blog about the common 3 password approach, which I suppose inspired the title. What PC Magazine did not write was that I describe how hackers easily exploit it, here:
While I'm sure the typical Hacker News community member practices far-above-average password security, the vast majority of people don't see any reason why they should - or if they do, they get overwhelmed by too many complicated rules. From feedback I get, the above referenced guide works for the "average Joe."
I ran a cracking forum for a few months and found similar stats. Even in a community whose members should know better. I modded the vBulletin software to store passwords in plaintext. Roughly fifty percent of members registered with an e-mail address that was also registered with Paypal. Of those who had, roughly 75% of them had matching passwords for both the forum and Paypal.
1) My email password, which is randomly generated but memorized, and reused nowhere.
2,3,4) A handful of passwords, call them grade A, B and C, which are used in conjunction with SuperGenPass to generate passwords specific to a website. Only the top level domain is used; for rare cases where the URL changes but the password doesn't (like amazon.co.uk vs amazon.com) I have chosen one TLD as the canonical one. The ratios of usage of A, B and C are approximately 1:2:50. No website I log in to ever shares its literal password with any other.
5) Computer account login password, this is changed every 3 months.
6) Encryption keys passphrase. Should I have anything that I want to keep private and not leak anywhere, or signing keys etc., I use a combination of letters, numbers and symbols, over 40 characters long.
Bank passwords (actually more usually numbers) and the like I have written down, unlabelled, in secure locations and memorized from frequent use.
So many sites require passwords that shouldn't. I feel jerked around - Jump thru this hoop! Make up a better password! Bark like a dog!
I say, screw you. I use a lame password for all that, and a lame username too. It makes me feel better.
For real security, I can use a better password. But somebody explain how constraining passwords improves security? IF the hacker Knows it contains special characters or whatever, doesn't that Simplify the password space? Sure, simple combinatorics says there are more passwords if you use a larger alphabet. But you simultaneously Remove the space of all possible passwords that didn't happen to have 'special' characters.
I'm a bit different. I have approximately 10 important passwords that are only in my dead and are between 20-40 characters long. They are completely nonsense phrases with numbers. I noticed that if I make them nonsense I tend to memorize them better. For the rest of non-important stuff I use a password manager.
Funny note*
Once I decided to change my passwords for 2 encrypted drives and a couple of days later I forgot them, so I lost all the information. I recovered some of it cause I also stored it on some non-encrypted drives but still, I learned my lesson. The brain has its shortcoming too. :)
I started using pwgen for passwords. These are long passwords containing symbols, letters, and numbers and nothing resembling a word.
What I find interesting is that I don't know what any of the passwords actually are. Instead, I simply have the muscle memory to type them. This is a problem if I have to remember that same password for the website's new app on my phone. In that case, I have to sit next to an actual keyboard to recall the password and type it into my phone.
Good grief, no. I have dozens of passwords. The 10 or so that I use regularly are committed to memory, the rest may require me to consult a legal pad or KeepassX, the latter being protected by an extremely long and complex password unique to it. I do of course reuse some of the passwords, given that there are only a couple dozen of them and probably 100 or more accounts which use one of them.
I don't want to store my passwords anywhere, so I write a password maker for myself, Every time I need a new password or forgot an old password, run the tool input master key and some other hints then I get what I want.
I have 165 personal passwords, and around 50 related to corporate stuff. Stored in KeePass in a TrueCrypt container on Dropbox, that way I'm able to access all of them across my linux/win/osx machines.
I used to keep a list of individual passwords in a GPG-encrypted container. Then I would copy-pasta them around, as needed. I realized this is just a huge security hole, particularly since I use ClipX (multi-clipboard tool, shows a clipboard history on Ctrl+Shift+V). Also, GPG would mysteriously eat the file on one machine every now and then.
Now I mostly use pwdhash.com and three or so tiers of passwords. Works well. I still have the GPG file, but I use it mostly for keeping track of my gibberish answers to dumb security questions ("who was your senior prom date/where did you meet your wife").
The exact hash algorithm is my secret, but the input to the hash is the url of the website that I log into. So, we have
so at each password login I compute f(url, poem), to get my unique password.This is secure against prefix attacks and other guessing attacks, although not cryptographically so (unfortunately, I am unable to memorize a 128 bit pseudorandom string and the algorithm to SHA2, so this will have to do.)
But I'm still paranoid, so my google account uses a completely different password that has nothing to do with any of the above, because access to my google account is protected by 2-step verification and my android phone, and it is a very weak link. If you compromise my GMail account, you can pretty much use "I forgot my password" on every other account of mine. (While 1 of my banks requires email AND phone, since my google account relies on 2-step there is an unfortunate correlation in the failures there. So GMail really is account-vulnerability-complete for me.)