Feature Request: Diceware Password Generator

1235

Comments

  • edited June 2015

    Thanks for the feature. Do you suppose that by some chance the Mac and mobile groups could borrow your talents for a few days?

    @benfdc Thank you for the kind words, but the other teams have super smart developers -- they really don't need me :)

  • +2 Diceware for Mac and iOS.

  • brentybrenty

    Team Member

    I don't think it would be fair for you to get two votes, but I appreciate you letting us know you want to see DiceWare added to the OS X and iOS apps too! ;)

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    For those who are interested, I've been exploring some of the advantages and disadvantages of Diceware and Pronounceable generators.

    The PDF of my slides for my Passwords15 Las Vegas talk are here:

    http://blog.agilebits.com/wp-content/uploads/2015/08/Unspeakable.pdf

    I should stress that what I talk about there is exploratory. I like going to PasswordsCon with open problems.

  • @jpgoldberg
    From slide 5:

    Master Passwords by typable

    what? ;)

    Other than that, some interesting info. Do you know if the talks will be on youtube after the event?

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    Thanks for posting the interesting presentation, Jeff. My comments and thoughts:

    1. I thought that Diceware™ dated from 1995, not 1998.
    2. Kudos for the snark (literally).
    3. Do you have data supporting the proposition that ease of entry on mobile favors pronounceable? I would tack a question mark on that one.
    4. [Beyond the scope of your presentation] A random word and phrase generator has other uses besides memorable passwords (e.g. random security question responses, which often have to be provided over the phone), so IMO 1Password ought to have a word list-based generator on all platforms regardless of whether there is also a pronounceable generator.
  • brentybrenty

    Team Member

    Do you have data supporting the proposition that ease of entry on mobile favors pronounceable? I would tack a question mark on that one.

    @benfdc: I'd be interested if there's data too, just out of sheer curiosity...but it seems pretty obvious since most people are not going to bother hitting 123 (much less #+=) to make a more secure password they will need to enter frequently on iOS for example. I have talked to way too many people who didn't even know how to do this. :dizzy:

    [Beyond the scope of your presentation] A random word and phrase generator has other uses besides memorable passwords (e.g. random security question responses, which often have to be provided over the phone), so IMO 1Password ought to have a word list-based generator on all platforms regardless of whether there is also a pronounceable generator.

    Wow. Brilliant, brilliant point — or at least it seems that way to me because I somehow didn't think of it myself. And I feel a little silly saying that, since I recently had to make several calls to a credit card company where the automated system required me to speak the answer to my security question. You can guess how that went.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Thanks for the notes about the typos. I had meant that the Master Password must be easy to type.

    I really am not the best of presenters (I much prefer question and answer). But, yes, the video is available. Start from https://blog.agilebits.com/2015/08/07/unspeakable-passwords-jeff-goldberg-talks-to-passwords15/ for links.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Thanks @benfdc!

    I thought that Diceware™ dated from 1995, not 1998.

    Oops. Typo

    Kudos for the snark (literally).

    Take care. It might be a boojum.

    Do you have data supporting the proposition that ease of entry on mobile favors pronounceable? I would tack a question mark on that one.

    Nope. Just a guess that typing thing that are familiar words will be faster than typing things that aren't. (Though given my spelling and ability to make typos, I seem to be better at the nonsense words.)

    [Beyond the scope of your presentation] A random word and phrase generator has other uses besides memorable passwords (e.g. random security question responses, which often have to be provided over the phone), so IMO 1Password ought to have a word list-based generator on all platforms regardless of whether there is also a pronounceable generator.

    Yeah. This gets really tricky. Off camera there were some extensive discussions of this. For words that are meant to be spoken (say over the telephone) you also want to maintain phonetic distance. You don't want pairs of words like "vicar" and "bicker" or "fail" and "sale". You certainly don't want "sail" and "sale". And, of course, if English words are to be spoken by non-native speakers, it would be cruel to leave in "rural".

    Just a few days ago, I was driving and I'd left the auxiliary input to the car stereo on with no actual input and there was a slight buzz of static. My daughter asked me if I was going to turn off the "ox". I had no idea of what she was talking about. I thought she was trying to make some obscure joke. This went on for a bit, and was particularly annoying because I was in a difficult traffic situation. Anyway, she, of course, was saying "aux". This is what happens when you raise a kid west of the Mississippi.

    In constructing my list, I made a deliberate decision to ignore phonetic distance. I didn't want to shorten the word list any more than I had to. I also chose to ignore prefixing. That is, the list might have "white", "blue", "cap" and "whitecap". If you don't use a separator, there will be two ways to generate "whitecap" but only one way to generate "bluecap". That is, I'm thinking of a generator in which a separator is not optional.

    This illustrates a couple of things about these sorts of decisions. Sure, we could have loads of different options with lists tuned to different purposes, but if we are going to suggest Master Passwords to people setting up 1Password, we should tune for that purpose. And this again illustrates something that I have been preaching. The hard decisions are the ones that involve security/security tradeoffs.

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    @brenty—

    it seems pretty obvious since most people are not going to bother hitting 123 (much less #+=) to make a more secure password they will need to enter frequently on iOS for example.

    Hah! If I read you correctly, you are assuming that a word list-based password is more likely to contain digits than a pronounceable password. Not in my world—I have always used digits as separators in my pronounceable passwords to get the extra entropy. Thank you for the kick in the head; I now see how counterproductive this is for passwords that have to be typed in on my phone with any frequency.

    This also reminds me of how mobile-unfriendly the random generator still is. I can limit the number of digits and symbols with sliders, but there is no slider to limit caps. Gotta go in and convert most of them to lower case manually.

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    @jpgoldberg—

    I understand your point that a word list tuned for security question responses will be different from one tuned for memorable passphrases (phonetic distance is important in the former but not the latter). I just don't think that it is important. When creating a security question response I might toss 75% of the random words that a generator offers me. So what? I think that I am still getting enough entropy for the purpose. In other words, I'll happily tune that word list myself.

    On the other point, we all agree that it is easier to type words on a computer keyboard than it is to type nonsense syllables. My question is why you seem confident that the opposite would be the case on a mobile keyboard. That only makes sense to me if you are making the same assumption that I think @brenty is making—that word lists are more likely to contain digits than are pronounceable passwords.

  • brentybrenty

    Team Member

    I now see how counterproductive this is for passwords that have to be typed in on my phone with any frequency.

    @benfdc: It's a bit of a pain to be sure, but for my purposes it is less of a pain than the sheer terror of someone I don't trust accessing my data. Your mileage may vary. :lol:

    This also reminds me of how mobile-unfriendly the random generator still is. I can limit the number of digits and symbols with sliders, but there is no slider to limit caps.

    Oddly, I don't mind caps so much since I don't have to switch keyboard modes to get to them.

    My question is why you seem confident that the opposite would be the case on a mobile keyboard. That only makes sense to me if you are making the same assumption that I think @brenty is making—that word lists are more likely to contain digits than are pronounceable passwords.

    Hmm. I think you may have misunderstood what I was saying, which, in turn, may have been due to a misunderstanding on my part. What I meant was that pronounceable words are more favourable from a user perspective due to sheer ease of memorization and entry (and that's why I mentioned my encounters with people who can't even figure out how to make capital letters on a mobile device, much less access numbers and symbols). Diceware contains relatively few "words" that include numbers (primarily 65434 through 66631), so I think I may have inadvertently started a chain-reaction of misapprehension. :dizzy:

  • benfdcbenfdc Perspective Giving Member

    @brenty — Let me be clear about what I am saying.

    There is a table in Jeff's PasswordCon handout which posits that passphrases of the sort presently generated by 1P/Win are easier to type on a computer keyboard than "pronounceable passwords" of the sort presently generated by 1P/Mac, but that the situation is reversed on mobile devices, where Jeff posits that the 1P/Mac-style pronounceable passwords are easier to type. My question is whether there is data to support the second half of that proposition.

    For me, for now, 1P/Mac-style pronounceable passwords are definitely harder to type because I use digit separators. I now recognize the obvious fact that I could make things easier on myself by using the "None" separator option for passwords that have to be typed on my iPhone (such as an Apple ID password). However, even if I were to make that change, it still is not obvious to me that the 1P/Mac-style pronounceable nonsense passwords are easier to type than 1P/Win-style word list passwords.

    I recognize that I could run the 1P/Win generator on my Mac via Wine, Crossover, or the like. However, it's something of a pain, and it would also force me to upgrade my old 1P/Win family license, which I am somewhat loath to do because neither my wife nor I runs Windows these days.

  • brentybrenty

    Team Member

    Jeff posits that the 1P/Mac-style pronounceable passwords are easier to type. My question is whether there is data to support the second half of that proposition.

    @benfdc: Ahaaa! Clear as day. Thanks for the clarification!

    Indeed, I'd be curious too. Ultimately this will probably vary from person to person (for example, perhaps touch typists will fare better entering Diceware passwords on a computer keyboard).

    I recognize that I could run the 1P/Win generator on my Mac via Wine, Crossover, or the like. However, it's something of a pain, and it would also force me to upgrade my old 1P/Win family license, which I am somewhat loath to do because neither my wife nor I runs Windows these days.

    Agreed. It's a pain. And while I can't say if or when we might be able to add Diceware (or something similar) across the rest of the 1Password line, I do feel confident saying that it's more a matter of 'when' at least. For you and me, this can't happen soon enough, but unfortunately we do have other things that demand more immediate attention. :(

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    For you and me, this can't happen soon enough, but unfortunately we do have other things that demand more immediate attention. :(

    Yeah. What demands more immediate attention, in my opinion, is somehow offering users entropy when a vault is being created. There is no password more important than a vault password, because the master password protects all of the others. That, after all, is the motivation for Jeff's PasswordCon presentation. As he states at the beginning: “In a well-designed password manager, the users’ [sic] master password is going to be the weak point.” Yet this is the one time where 1Password abandons the user to his or her own devices.

    We can debate word list versus pronounceable till the cows come home—as Jeff says, it’s an open question—but right now your users get zilch when they need it most. The perfect, as they say, is the enemy of the good, and on this issue y’all have been mired in the not-good for years.

    That's my opinion, which as you well know I have voiced many times before, but I still think that it bears repeating.

  • I agree with @benfdc

  • brentybrenty

    Team Member

    @benfdc: Understood. And I agree. It absolutely does bear repeating!

    I only wish I had better news for you, but we don't have anything new to share at this time. We continue to have discussions about this internally (as well as other related issues). I've personally banged that drum and continue to do so, but ultimately it's up to others more skilled at coding and more adept at design to implement something usable.

    You really don't want to see my 'mockups'. :lol:

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    [U]ltimately it's up to others more skilled at coding and more adept at design to implement something usable.

    Coding isn’t the issue. @svondutch assured me personally in this very thread back in June that you have great developers, and I will take him at his word. Get off the dime and crowdsource the design problem. Tell your developers to give it their best shot because something is going out in the next beta. And then put it out there and start getting feedback. Your beta testers signed up to be guinea pigs. Use us. Because this is one of those “other things that demand more immediate attention.”

    An aside about an aside: I had originally written “get off the stick,” but it’s an odd phrase so I decided to look it up. Turns out that the correct expression is probably “get on the stick,” which has the same meaning as “get off the dime.” Fusing these two colloquialisms, which it seems is rather common, yields something even more difficult to parse than either of the originals. But that’s not the interesting part. The interesting part is that I found solid word sleuth-type essays on both “get on the stick” and “get off the dime,” and each one begins with the author apologizing for taking years to respond to the inquiry. How meta is that??

    Anyway, I can promise that you’ll get my feedback if—nay, when—you put something out in the vault-creation module of the next 1P/Mac beta. If the entropy is supposed to come from word lists or pronounceable units then run the same beta on Mac and Windows except with words on 1P/Win and pronounceable on 1P/Mac. I have no idea what you will learn, but you will learn a lot. And Jeff might be able to get some help with his open question.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    The coding of the actual generation is dead simple. Even I can do it (and in fact have for generating test samples).

    The part that takes some dedicated time is how this is presented to the user when creating or changing a Master Password. This requires the involvement of UI developers and design people. It also involves a number of tough decisions (Do we force a master password on people? Do have them pick from among several generated ones? How many additional steps to "simply getting started" are we willing to add to initial set up? How is all of this to be presented? Should this be part of an overhaul of everything we do for the Strong Password Generator or should we push this out separately?)

    Now none of that forces this thing to take four (or more) years. But it does mean that we need several people working on those sorts of things together at the same time.

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    Jeff, I was persuaded long ago—indeed, very long ago—that it's a hard, hard UI problem. But it is also the weakest link in the 1Password security chain (or at least the weakest known link). What is the downside of tossing something out there in the beta builds and seeing what comes back at you? In the worst case scenario you can just ditch it in the next beta and go back to the drawing board with the benefit of some feedback.

  • What is the downside of tossing something out there in the beta builds and seeing what comes back at you?

    One problem with this that I foresee is that few beta testers will be establishing new master passwords. Most will never see the changes to comment on.

  • benfdcbenfdc Perspective Giving Member
    edited August 2015

    @hawkmoth—

    I would agree with you if the change went unmentioned in the release notes. However, the change would be highlighted in the release notes, and that would encourage some number of interested beta testers to devote some time to kicking the tires by creating one or two new secondary vaults.

  • hawkmothhawkmoth
    edited August 2015

    @benfdc - I completely forgot about the option to create secondary vaults to use as a test. I take back what I said.

  • The part that takes some dedicated time is how this is presented to the user when creating or changing a Master Password. This requires the involvement of UI developers and design people. It also involves a number of tough decisions (Do we force a master password on people? Do have them pick from among several generated ones? How many additional steps to "simply getting started" are we willing to add to initial set up? How is all of this to be presented? Should this be part of an overhaul of everything we do for the Strong Password Generator or should we push this out separately?)

    @jpgoldberg the simple answer is just put a button for the current password generator form next to the master password input field. No change in the current logic or workflow, just the option to generate a password.

  • I agree - +1 for this. Sadly, the pronounceable password options aren't really pronounceable. Would do anything (paid upgrade, pro feature) to get Diceware passwords into iOS and the Mac version,

  • brentybrenty

    Team Member

    @tkreagan: Haha! Fair enough. They're 'pronounceable', but not in the linguistic sense. Thanks for letting us know that you want Diceware too! Personally, I feel the same way. ;)

  • Thanks for the quick feedback. What is the chance anything is done about this? It would be greatly appreciated!

  • brentybrenty

    Team Member

    @tkreagan: I'd say that chances are good. We have a lot of customers and AgileBits staff who would like to see Diceware integrated into 1Password across all platforms. But as far as timeframes, well...I cannot say. ;)

  • benfdcbenfdc Perspective Giving Member
    edited September 2015

    Thank you thank you thank you thank you thank you thank you thank you.

    Very much.

    What is the length of the word list used by the 1P6/iOS generator? The release notes don't say, and without that figure I cannot calculate the entropy per word.

    Speaking of those release notes, I learned from the slides for Jeff's most recent PasswordCon talk, and confirmed on Reinhold’s website, that Diceware™ is trademarked.

  • brentybrenty

    Team Member

    Finally. :lol:

    I believe @jpgoldberg curated the custom list himself, so perhaps he can be coaxed, cajoled, or otherwise coerced to divulge the details... ;)

This discussion has been closed.