Password Strength Question

I am coordinating efforts for the information security policy at my office, and I am currently working on password policies. I have a question I wanted to pose to the forum. I'd like to use some form of randomly generated words, rather than randomly generated characters. This isn't so we can remember our passwords (there's only one or two that we each need to know). Rather, it's so they are easy to browse/communicate. In other words, if I am using a computer that doesn't have 1password installed, I want it to be relatively easy to pull up a password on my mobile device and type it into the computer manually. This is way easier if the password is mostly word-based, rather than a series of numbers and characters.

I've read a number of articles on systems to create strong passwords, and I have a question about the relative strength of different password systems. This article makes it clear that a 9-character password of mixed-case characters chosen at random has the same level of entropy as a 4-word password created with diceware. So these passwords would have the same approx. level of entropy, despite the diceware password being significantly longer (26 char):

isILLisei
gender-latency-lot-spanish

I'm guessing this is because the first password has 9 discrete characters which must be guessed from a dictionary of 72 possibilities (uppercase and lowercase alphabet), whereas the second password has 4 discrete words that must be guessed from a dictionary of 7776 or so entries, plus 10 or so different options for separator characters.

But what if I followed a system where I generated a diceware password, and then made random substitutions within the words? E.g.

ge5der-lat_ncy-loT-sPanish

This password is still relatively easy to type between devices (much easier than a random series of letters), but it introduces randomness into the diceware algorithm, meaning the list of dictionary words is no longer useful for trying to crack the password.

My ultimate question is: I'd like to create passwords with the high level of entropy that 4-word diceware passwords, have, but have them only be 3 words long, since that makes them much easier to manage for my team. I believe that a 3-word diceware password with random characters introduced within words would have a higher level of entropy than a 4-word diceware password. Am I wrong?

higher entropy: ge5der-lat_ncy-loT
lower-entropy: gender-latency-lot-spanish


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • musicwallaby
    musicwallaby
    Community Member

    ge5der-lat_ncy-loT-sPanish

    Remember that typing that on a mobile device is probably not going to be fun at all

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited September 2017

    @musicwallaby: That's a fair point. But with Touch ID or Nexus Imprint, I could deal with entering that occasionally. Ultimately though it depends on the person, and a longer, randomly-generated, word-based password might be a better fit for some, for both entry, communication, and memorization.

    @rfobri: But if your use cause is mainly reading the password off a mobile device, I think you should be okay. If you're not familiar with it already, try the Large Type option for passwords in 1Password for iOS. When you tap the obscured password field, that's the third option along with Reveal and Copy.

    But since you mentioned both Diceware and entropy, I can't help myself from going on a bit of a tangent there. ;)

    There are two things to keep in mind in this vein:

    1Password uses our own Wordlist, which is a much larger set than Diceware; and therefore you get more entropy per word. So you're right on in the context of that blog post, but I did want to mention this as well since it's relevant today.

    In that spirit, I'd also argue for sticking with 4-word word-based passwords for three reasons: they'll be completely random, easier to work with, and 4 words is sufficient for the foreseeable future with regard to brute force attacks. 3 isn't bad, but it isn't quite good enough. And we prefer to err on the side of future-proofing, so we round up to 4 as a sort of "minimum viable password".

    I hope this helps. Be sure to let me know if you have any questions at all! :)

  • They are easier to read to people over the phone at 2 am when you get that emergency phone call, I'll give them that...

  • AGAlumB
    AGAlumB
    1Password Alumni

    Knock on wood, but yeah as long as it's strong enough I prefer words-only for cases like that.

  • pogrob
    pogrob
    Community Member

    In all the discussion that I read about password management I do not find any mention about the fact that generally servers storing important data do not allow to make more than a few attempts at a time; afterwards you have to wait a long.
    This could block almost everyone who does not know really you.
    I would like to have your opinion about this point.

    About how to remember a complex password I would like to share this solution:
    Use the first character of each word in a sentence that you like including punctuation, example:
    "My favourite numbers are 4 and 6. My favourite colours are purple, green, & black"
    becomes "Mfna4a6.Mfcap,g,&b"
    It is easy to remember, as complex as you like and very difficult to decrypt.
    I found it in this site:
    https://video.video00.com/en/articles-list/450-tips-to-remember-passwords.html

  • rob
    rob
    edited February 2019

    I believe that a 3-word diceware password with random characters introduced within words would have a higher level of entropy than a 4-word diceware password. Am I wrong?

    higher entropy: ge5der-lat_ncy-loT
    lower-entropy: gender-latency-lot-spanish

    @rfobri This is a difficult question to answer because it depends on how you introduce random characters. That said, I'll try to shed some light on how you could arrive at an answer.

    First, we know that the strength of the four-word diceware passphrase is 4 * log2(7776) ≈ 51.7 bits. And the strength of the three-word passphrase without modifications is 3 * log2(7776) ≈ 38.8 bits.

    Now the only way to measure strength deterministically is to assume that the attacker knows how you created the password. In this case, for the shorter passphrase, you made three substitutions after generating it from diceware:

    1. Replace a randomly selected character in the first word with a randomly selected digit. That's 6 possible locations and 10 possible digits, so 60 potential outcomes, or 5.9 bits.
    2. Replace a randomly selected character in the second word with a randomly selected symbol. This depends on how many symbols you plan to draw from, but let's say you have 20 symbols. Then this substitution adds 7.1 bits.
    3. Finally, you capitalize a random letter in the third word. This only adds 1.6 bits because there are only three possible outcomes.

    So one might say that the total entropy for the shorter passphrase with its substitutions is 53.4 bits and thus is stronger than the four-word passphrase. However, there are some factors that may make this untrue:

    • The words in a passphrase are generally different lengths, and so you'll end up with different results for different passphrases. That means that the distribution of your final results is not uniform and there's no way to measure the strength of the system as a whole.
    • We assume in these cases that you are using a cryptographically secure random or pseudorandom number generator to pick both the location of the substitution and the character being substituted. If not, then the substitutions are probably worth less than estimated above.
    • You might not be using 20 symbols like I used in my calculation. If you're only substituting the underscore, for example, then that reduces the added entropy to the point that the password is weaker than the four-word version.
    • This also assumes you're using diceware, which isn't what our word list generator uses. Since our word list is larger, the substitutions make a smaller effect relative to the number of words in the password.

    As others have mentioned, if the purpose is ease of reading and typing, you may want to stick with plain words without substitutions. But hopefully this has helped you make an informed decision either way.

  • In all the discussion that I read about password management I do not find any mention about the fact that generally servers storing important data do not allow to make more than a few attempts at a time; afterwards you have to wait a long.
    This could block almost everyone who does not know really you.
    I would like to have your opinion about this point.

    @pogrob there are sometimes ways around this, such as using distributed systems to guess from different locations. And if your password is used for decryption rather than authentication (like your 1Password Master Password), then there is no server to limit the rate at which the password is guessed. Finally, if a server is breached, attackers can use the leaked data to guess your password much much faster. At that point, the question becomes whether or not you've reused that password on other sites. Once they have your username and password, they may try it on lots of other sites. They could even try simple variations of the password like adding a 1 or an exclamation point without hitting the rate limiter.

    So, yes, you don't need crazy strong passwords for most online accounts, but you do need them all to be completely different from each other so that if one gets leaked the others aren't compromised.

    About how to remember a complex password I would like to share this solution:
    Use the first character of each word in a sentence that you like including punctuation, example:
    "My favourite numbers are 4 and 6. My favourite colours are purple, green, & black"
    becomes "Mfna4a6.Mfcap,g,&b"
    It is easy to remember, as complex as you like and very difficult to decrypt.

    Yes, that is a common system for generating passwords that look random but actually aren't. It's definitely a better password than "number46", but it's not so good that an attacker couldn't guess it if the server were breached, so it's the kind of password that may be fine for one site, but never fine to reuse on multiple sites.

    I hope that helps!

This discussion has been closed.