KeePass - Easy to use, extensible password database. Just make sure you back your password database up in a secure fashion (I suggest SpiderOak, which has the convenient ability to also sync your database to your other devices)
LastPass - Like KeePass, but in the cloud. Has added risk because it's cloudified, but does offer 2-factor authentication which is nice.
1Password - Similar to LastPass, not personally familiar with it, but I know many people swear by it.
If you don't really really REALLY HAVE to be able to log into an account from memory (and let's be honest, most people don't need to for 99% of the sites they have accounts at), then you should be using one of the above to generate very long, completely random passwords. Just make sure you use a solid, secure password to secure your database. Also, 2-factor.
Last time I looked into using a password keeper, it didn't look any easier or more intuitive than just keeping a password-protected spreadsheet o' passwords. Have they come along since then?
0
Straight_ManGeeky, in my own wayNaples, FLIcrontian
edited April 2014
Keepass gens passwords, so if a site lets you, you can copy-paste gened random and long complex passwords in to a password changer form on site.
McAfee sent me an email aboout Heartbleed, and they said to change passwords often.
The problem I have with non-memorizable passwords (the kind that Lastpass generates that look like Z3jf0fgk89SDjm3m, etc.) is that I feel like not having ultimate control over important passwords is unsettling... I NEED to be able to memorize my passwords for my own peace of mind. Ultimately, I want the keys to the kingdom to be in my head, not saved in some encrypted database that I may lose access to one day.
You can choose to use the "make pronounceable" option in LastPass (under advanced options when generating a password), but good luck memorizing unique passwords for every site.
@Annes the only trouble with that XKCD comic is the use of dictionaries and brute force crackers - if someone manages to steal a hashed password list, they'll use a list of well-known words (and substitutions!) to try and match the hash.
To stop dictionaries, add a symbol or two. And put it in a weird spot... ie Ba*tery is better than B@ttery, because some dictionaries will have additional words in 1337speak... and nobody substitutes a * for a t in 1337speak.
You can, but there is the issue of the password security policy allowing that (length, spaces, non-numbers, etc) and you still need lots of different combos. I'm bad at remembering them, so I just trust the strong one for LastPass and let it fill in everything else.
@primesuspect said:
The problem I have with non-memorizable passwords (the kind that Lastpass generates that look like Z3jf0fgk89SDjm3m, etc.) is that I feel like not having ultimate control over important passwords is unsettling... I NEED to be able to memorize my passwords for my own peace of mind. Ultimately, I want the keys to the kingdom to be in my head, not saved in some encrypted database that I may lose access to one day.
I struggled with the same feelings... then I realized if I just memorized solid, unique passwords for a couple of key services, I could always just password reset everything else in the event of a complete database loss (also, solid backup practices makes the likelihood of even having that happen almost nil)
Benefit to Keepass as well: if something catastrophic like heartbleed occurs, I have a discrete list of all the sites I have passwords on, and it's easy to go down the list and update them all. If I had to do it from memory, I might forget one of my credit card companies, or something along those lines. Yes, you won't forget the highest-volume stuff you use all the time, but those aren't the only ones that lose data, either.
Overall, I only remember two passwords now: the one to my Dropbox account, and the one to my keepass archive. (The archive is in Dropbox, so I can sync it to all my devices; that's the only reason I have to remember that one, too.) It's a little inconvenient, but at the same time, a lot more convenient and feels safer.
I'll throw my hat in with 1Password. It does some REALLY cool stuff, like registering sites or even offline normal applications so that you can just click to automatically fill in user/pass (no copy/paste required!). Additionally, you can keep the whole thing off the cloud if you want, using a flash drive or something to share between computers, or keep it shared through dropbox/google drive.
@Annes said:
Can't we all just use easy-to-remember passphrases? Is this XKCD wrong? (not sarcasm, legitimate question.)
Unfortunately, this idea started to take root a bit (not sure if anyone remembers amazon offering this as a password option), but hackers soon started making dictionary attacks a part of their arsenal, drastically reducing the strength of this idea, which made the extra database space required not really worth it (a 15 character password is roughly the same strength as a 5 word passphrase).
@Soda said:
Unfortunately, this idea started to take root a bit (not sure if anyone remembers amazon offering this as a password option), but hackers soon started making dictionary attacks a part of their arsenal, drastically reducing the strength of this idea, which made the extra database space required not really worth it (a 15 character password is roughly the same strength as a 5 word passphrase).
There really isn't any extra database space required for a longer password, at least if the site is storing their passwords correctly. This is because sites do not store your password in a retrievable format, except in very rare cases where they need to or if they're storing passwords improperly. Most sites out there store passwords in a cryptographically hashed format. The layman's overview of what this means is that the site takes your password, scrambles it all up in a reproducable, but not reversable, way which yields a string of data that is always the same size. They then store this hashed string. When you try and log in, they run the password you type in through the same hash function again and compare the result to the string in their database. If it matches, you input the right password and they let you in. This has the added benefit of making the size of the password field in a database a known quantity, no matter how long the users password is. "But @ardichoke," you may be saying "doesn't that mean that my super long password is meaningless?" Not really. The likelihood of getting a hash collision (where two different passwords yield the same cryptographic hash) with modern algorithms is extremely low. In most cases, an attacker is more likely to guess your correct password than find another one that yields the same hash. The benefit of storing passwords this way is that should the database be leaked, the passwords are not directly retrievable. The attacker basically has to start computing hashes for random passwords until they find one that matches a hash in the database, at which point they have the password for that particular user. This buys users time to change their passwords after a security breach.
As for the concerns about a dictionary attack, lets look at some math. The number of possible passwords from a set of data can be easily calculated. In the case of an old style password made of upper and lowercase letters and numbers, you end up with 62 options per character in the password. If you have a 12 character password, this means there are roughly 3.22x10^21 possible passwords you could have. (62^12, as there are 62 options for each of the characters in the password, so the number of permutations is 62x62x62... 12 times.)
Now then, consider a password based off of random words. The Oxford English Dictionary contains entries for 171,476 words currently in use today. Lets assume that about 3/4 of them are unsuitable for use in a password (too long, words you won't remember, etc.). That leaves is with 42,869 words remaining. Assuming that you chose 5 words from this set for your password, there are roughly 1.44x10^23 combinations (note, this is 100 times more options than the above example). This is assuming that you use the bare words, make no substitutions and don't capitalize anything. Once you start substituting numbers (or symbols) for letters, and capitalizing letters in words, the complexity EVEN IF AN ATTACKER IS WORKING FROM A DICTIONARY increases dramatically. Furthermore, your password is now much easier for you to remember, because you only have to remember 5 words as opposed to 12 random letters and numbers.
Of course, this is just one example using rough math, but I believe it adequately demonstrates how using random word based passwords makes it much harder for a machine to guess your password while making it easier for a human to remember it. Well, adequately for an Internet forum anyway, obviously it would require more rigor to demonstrate it to a panel of CS professors.
I typically see people say "BUT DICTIONARY ATTACK" on sentence-based passwords, but even a casual observer can see how absurdly complicated it would be for a computer to try every word in every combination for an unknown length.
oh LOL, forgot about hashing somehow, derp, which for any remotely secure hashing size makes the collision chance irrelevantly small. I DID realized that I was thinking about it COMPLETELY wrong though, since I was considering only dictionary words in the phrase, but considering any combination of letters for the single word. While it is definitely easier to remember lots of random character changes when it's just one word as opposed to several, that's not enough to get remotely close to the numbers I came up with, so you're definitely right.
@Thrax said:
I typically see people say "BUT DICTIONARY ATTACK" on sentence-based passwords, but even a casual observer can see how absurdly complicated it would be for a computer to try every word in every combination for an unknown length.
The dictionary attack argument also ignores the fact that there are also dictionaries out there for commonly used traditional passwords (and their various permutations). Dictionary in the password cracking sense doesn't mean what people think it means.
Bandrik
Elkhart, IN Icrontian
Comments
Thanks, Bandrick! This security review type thing is a good idea to do every so often, routinely, these days.
Useful password tools:
KeePass - Easy to use, extensible password database. Just make sure you back your password database up in a secure fashion (I suggest SpiderOak, which has the convenient ability to also sync your database to your other devices)
LastPass - Like KeePass, but in the cloud. Has added risk because it's cloudified, but does offer 2-factor authentication which is nice.
1Password - Similar to LastPass, not personally familiar with it, but I know many people swear by it.
If you don't really really REALLY HAVE to be able to log into an account from memory (and let's be honest, most people don't need to for 99% of the sites they have accounts at), then you should be using one of the above to generate very long, completely random passwords. Just make sure you use a solid, secure password to secure your database. Also, 2-factor.
Last time I looked into using a password keeper, it didn't look any easier or more intuitive than just keeping a password-protected spreadsheet o' passwords. Have they come along since then?
Keepass gens passwords, so if a site lets you, you can copy-paste gened random and long complex passwords in to a password changer form on site.
McAfee sent me an email aboout Heartbleed, and they said to change passwords often.
EDIT: Keepass is pretty intuitive also.
+1 for keypass. I don't even know the passwords to my accounts. Doubleclick to copy and then paste the u/p and logged on I go.
The problem I have with non-memorizable passwords (the kind that Lastpass generates that look like Z3jf0fgk89SDjm3m, etc.) is that I feel like not having ultimate control over important passwords is unsettling... I NEED to be able to memorize my passwords for my own peace of mind. Ultimately, I want the keys to the kingdom to be in my head, not saved in some encrypted database that I may lose access to one day.
You can choose to use the "make pronounceable" option in LastPass (under advanced options when generating a password), but good luck memorizing unique passwords for every site.
@Annes the only trouble with that XKCD comic is the use of dictionaries and brute force crackers - if someone manages to steal a hashed password list, they'll use a list of well-known words (and substitutions!) to try and match the hash.
To stop dictionaries, add a symbol or two. And put it in a weird spot... ie Ba*tery is better than B@ttery, because some dictionaries will have additional words in 1337speak... and nobody substitutes a * for a t in 1337speak.
So far, I've been able to do it all these years.
Can't we all just use easy-to-remember passphrases? Is this XKCD wrong? (not sarcasm, legitimate question.)
You can, but there is the issue of the password security policy allowing that (length, spaces, non-numbers, etc) and you still need lots of different combos. I'm bad at remembering them, so I just trust the strong one for LastPass and let it fill in everything else.
I struggled with the same feelings... then I realized if I just memorized solid, unique passwords for a couple of key services, I could always just password reset everything else in the event of a complete database loss (also, solid backup practices makes the likelihood of even having that happen almost nil)
Benefit to Keepass as well: if something catastrophic like heartbleed occurs, I have a discrete list of all the sites I have passwords on, and it's easy to go down the list and update them all. If I had to do it from memory, I might forget one of my credit card companies, or something along those lines. Yes, you won't forget the highest-volume stuff you use all the time, but those aren't the only ones that lose data, either.
Overall, I only remember two passwords now: the one to my Dropbox account, and the one to my keepass archive. (The archive is in Dropbox, so I can sync it to all my devices; that's the only reason I have to remember that one, too.) It's a little inconvenient, but at the same time, a lot more convenient and feels safer.
I'll throw my hat in with 1Password. It does some REALLY cool stuff, like registering sites or even offline normal applications so that you can just click to automatically fill in user/pass (no copy/paste required!). Additionally, you can keep the whole thing off the cloud if you want, using a flash drive or something to share between computers, or keep it shared through dropbox/google drive.
Unfortunately, this idea started to take root a bit (not sure if anyone remembers amazon offering this as a password option), but hackers soon started making dictionary attacks a part of their arsenal, drastically reducing the strength of this idea, which made the extra database space required not really worth it (a 15 character password is roughly the same strength as a 5 word passphrase).
There really isn't any extra database space required for a longer password, at least if the site is storing their passwords correctly. This is because sites do not store your password in a retrievable format, except in very rare cases where they need to or if they're storing passwords improperly. Most sites out there store passwords in a cryptographically hashed format. The layman's overview of what this means is that the site takes your password, scrambles it all up in a reproducable, but not reversable, way which yields a string of data that is always the same size. They then store this hashed string. When you try and log in, they run the password you type in through the same hash function again and compare the result to the string in their database. If it matches, you input the right password and they let you in. This has the added benefit of making the size of the password field in a database a known quantity, no matter how long the users password is. "But @ardichoke," you may be saying "doesn't that mean that my super long password is meaningless?" Not really. The likelihood of getting a hash collision (where two different passwords yield the same cryptographic hash) with modern algorithms is extremely low. In most cases, an attacker is more likely to guess your correct password than find another one that yields the same hash. The benefit of storing passwords this way is that should the database be leaked, the passwords are not directly retrievable. The attacker basically has to start computing hashes for random passwords until they find one that matches a hash in the database, at which point they have the password for that particular user. This buys users time to change their passwords after a security breach.
As for the concerns about a dictionary attack, lets look at some math. The number of possible passwords from a set of data can be easily calculated. In the case of an old style password made of upper and lowercase letters and numbers, you end up with 62 options per character in the password. If you have a 12 character password, this means there are roughly 3.22x10^21 possible passwords you could have. (62^12, as there are 62 options for each of the characters in the password, so the number of permutations is 62x62x62... 12 times.)
Now then, consider a password based off of random words. The Oxford English Dictionary contains entries for 171,476 words currently in use today. Lets assume that about 3/4 of them are unsuitable for use in a password (too long, words you won't remember, etc.). That leaves is with 42,869 words remaining. Assuming that you chose 5 words from this set for your password, there are roughly 1.44x10^23 combinations (note, this is 100 times more options than the above example). This is assuming that you use the bare words, make no substitutions and don't capitalize anything. Once you start substituting numbers (or symbols) for letters, and capitalizing letters in words, the complexity EVEN IF AN ATTACKER IS WORKING FROM A DICTIONARY increases dramatically. Furthermore, your password is now much easier for you to remember, because you only have to remember 5 words as opposed to 12 random letters and numbers.
Of course, this is just one example using rough math, but I believe it adequately demonstrates how using random word based passwords makes it much harder for a machine to guess your password while making it easier for a human to remember it. Well, adequately for an Internet forum anyway, obviously it would require more rigor to demonstrate it to a panel of CS professors.
I typically see people say "BUT DICTIONARY ATTACK" on sentence-based passwords, but even a casual observer can see how absurdly complicated it would be for a computer to try every word in every combination for an unknown length.
oh LOL, forgot about hashing somehow, derp, which for any remotely secure hashing size makes the collision chance irrelevantly small. I DID realized that I was thinking about it COMPLETELY wrong though, since I was considering only dictionary words in the phrase, but considering any combination of letters for the single word. While it is definitely easier to remember lots of random character changes when it's just one word as opposed to several, that's not enough to get remotely close to the numbers I came up with, so you're definitely right.
The dictionary attack argument also ignores the fact that there are also dictionaries out there for commonly used traditional passwords (and their various permutations). Dictionary in the password cracking sense doesn't mean what people think it means.
YeOldeFatWomanHorse
Gonna make this my new password
HonorificabilitudinitaAntidisestablishmentarianismFloccinaucinihilipipificationPraetertranssubstantiationalistically
Most secure password ever (until right now)