After reading through most of that, it seems that the big problem with the XKCD scheme is that it's often impractical. Too many sites restrict password length and so you are forced to use the Schneier modification to get more entropy per character.
If you make a password from an alphabet of 64 characters (upper and lower case, digits, and some special characters), there are 6 bits per character of entropy so a ten character random password could have 60 bits of entropy.
If you are choosing words from a list 4000 words long, there are 11 bits of entropy per word and so you would need to string together five random words to get a password of equal strength. The big problem then is having enough space to type that many characters.
Yep, unfortunately for passphrases the maximum acceptable password length on web sites tends to be the #1 factor limiting their use. I created sample passphrases and tried them on a handful of different sites to measure the problem. See starting slide 31 in this presentation (PDF): http://www.passwordresearch.com/files/How%20Secure%20Are%20M...
Do you know why sites would set a low limit? I can understand limiting to, say, a couple hundred characters, but 16 is ridiculous. These days, all anybody is going to store is a salted hash so the passphrase length should be mostly irrelevant.
Edit: that's a pretty nice slide deck. Thanks for the pointer.
> These days, all anybody is going to store is a salted hash so the passphrase length should be mostly irrelevant.
Since I still run into services where the "forgot password" mechanism emails your current password in the clear, this is unfortunately not as true as one would hope.
Yes. They didn't need to know his strong password to log on, they just needed access to his mobile phone SMS in order to complete the account recovery process and change his account password to a value they chose.
It is complete idiocy to use passwords across services. Utter insanity. It is the worst possible practice imaginable, and is never, ever excusable.
It's one thing to argue for improving people's password practices, but please don't pretend that there's no reason for their behavior. The vast majority of people who share passwords between sites experience no repercussions from their choice. And choosing not to create a new password for every site saves them time and potential frustration.
That's the human nature part, to assess the risk of behavior and change it only if future experiences show that the costs associated with that behavior are too high. Since most people don't experience the disadvantages and do experience the benefits this behavior continues.
We can encourage more people to avoid this behavior by explaining the potential impacts and providing accurate estimates of the risk they're taking. We can offer alternatives to password reuse, like using a password manager. But ultimately they are still going to weigh their perception of the risk and benefits to make their own decision.
I'm a software developer, but I'm done trying to remember passwords for every single site.
What do I do?
I just don't use the sites.
I've restricted, and continue to pare down, the sites that I use on the internet.
It's the truth.
I do keep my amazon.com account, so I can order paper and cardboard books the local bookstores don't carry, and read them on the sofa at my house, next to my floor lamp.
there is a few solutions. use a password manager like lastpass or keepass or something like that. it generates passes for you and you don't have to remember them.(bonus: it logs you in automatically if you go to the vault and click login)
use throwaway passwords for one off services and just use the password reset feature when you want to use it.
The vast majority of people who share passwords between sites experience no repercussions from their choice.
More accurately, they have no awareness of the reprecussions from their choice. Yet endlessly on HN we hear stories of mysterious iTunes access, Steam takeovers, even Amazon AWS account compromises. It is no big mystery when this happens given this common, grossly insecure behavior.
But ultimately they are still going to weigh their perception of the risk and benefits to make their own decision.
I absolutely agree, absolutely and completely, but think that the risk portion is hugely underestimated. Among people who should know better there is a tendency to under-estimate what is an enormous, worst-possible-exploit problem. No one ever talks about education. No one wastes time trying to help users enjoy better behavior.
Instead we argue about whether some site operated by an unknown number of people of unknown trustworthiness, on a platform that might have been exploited and owned by hacker groups for years, properly hashed our password after we passed the keys to all services through plaintext. It is insanity.
"Dan suggested that, in the interest of helping me get up to speed with password cracking, I start with one particular easy-to-use forum and that I begin with "unsalted" MD5-hashed passwords, which are straightforward to crack. And then he left me to my own devices. I picked a 15,000-password file called MD5.txt, downloaded it, and moved on to picking a password cracker."
My guess is that the forum he mentions was the insidepro.com web site, since it is a popular password hash sharing site. A quick search there found several attached files named MD5.txt, but none seemed to be the right size or have the right hashes. However, a search for hashes mentioned in the article found this file (http://forum.insidepro.com/download.php?id=12783&sid=160...), which contains 16,880 (instead of the 16,449 hashes listed in the Ars article) and at least 3 of the MD5 hashes specifically mentioned in the article.
There's a good chance this is the same file or close to it, but you'd have to try matching it with more of the hashes from the article to know for sure.
Telling people to use passphrases is a great recommendation, but you still have to spend some time teaching them how to use passphrases effectively. In the article they list several passphrases that were cracked, such as "sleepingwithsirens", "gonewiththewind1", and "momof3g8kids". So if a user chooses "ijustbluemyself" thinking that it's a great choice they are likely to be disappointed if a skilled cracker gets access to their password hash.
My basic suggestions are to choose 4+ words that are not a common phrase, song name, quote, etc. And make sure you still use both lowercase and uppercase letters, plus throw in some symbols in non obvious places (e.g., don't convert your a's into @ signs). It doesn't need to be as random as a shorter password, but it still shouldn't look like a normal sentence.
There actually has been research on how to split passwords across multiple servers (one example http://www.passwordresearch.com/papers/paper270.html), and RSA is currently marketing a commercial product that does this. While I agree that most people probably aren't concerned enough about password exposure to do this, there are effective solutions to accommodate those that are.
