Apr 22, 2013

How to Create a Secure Master Password

One of the greatest benefits of using LastPass is that it remembers all of your passwords for you, so you can generate strong, unique passwords without the hassle of recalling or typing them. Because you are storing all of your sensitive data in LastPass, though, creating a master password that is rock-solid while still being memorable is even more important.

We recommend a simple strategy for creating a long, non-dictionary-based, difficult-to-crack master password: use passphrases.

What is a passphrase?

A passphrase is typically a sequence of words or text strung together to create a password for logging in to an account. The difference between a passphrase and a password is that a passphrase is typically longer and uses whole words or variations of whole words to create nonsensical sentences or phrases that are easy for you to remember, but hard for someone else to guess or crack. 

How to create your strong passphrase:

The key to creating a strong passphrase is to pick a string of words that's easy for you to remember but is not just a famous movie or literary quote, song lyric, piece of personal information, or a single word straight from the dictionary. The best passphrases will also include a mix of capitalization, punctuation, and numbers.

Given those parameters, let's look at an example, choosing words at random that don't really have a relation to each other but that hold meaning for you:

volkswagensummeryellowtulip

That's a 27-character nonsensical phrase that will still be easy to remember. Now if we really want to increase the strength of the phrase, we can then add a better mix of character types:

V0lk$wagenSummerYellow!Tulip

So now, we have a 28-character master password, with lowercase, uppercase, a number, and some symbols.

Of course the longer and more complicated you make the passphrase the more carefully you'll need to type, and the harder you may have to work at memorizing the master password at first. Even using "volkswagensummeryellowtulip" is far better than using "password" or one of the other common passwords or single dictionary words.

XKCD's now famous comic about password entropy drives the point home:
Ready to update your master password with your new passphrase? You can do so by opening your LastPass Vault and clicking the "settings" menu option on the left, then submitting your changes.

What are your strategies for creating a strong master password?

41 comments:

  1. love XKCD. always right on the money.

    ReplyDelete
  2. Volkswagen is spelled with "en" :P. Seeing it spelled wrong is annoying to use VW fanboys!

    ReplyDelete
    Replies
    1. Apologies, it's fixed :) thanks!

      Delete
    2. I guess no one is immune to spelling errors.

      Delete
    3. Sorry, but I have to comment. Chris, you spelled "us" wrong. :)

      Delete
  3. But spelling it "on" makes it more secure. :)

    ReplyDelete
  4. That's all very well until dictionary attacks are a thing. 4 dictionary words with trivial substitutions, capitalisation and a punctuation or two?

    This is a terrible approach to passphrase generation.

    ReplyDelete
    Replies
    1. Thanks for the feedback, Karl, we'd love to hear any additional suggestions on passphrase generation!

      Delete
    2. The point here is that there are so many common dictionary words that concatenating four of them together makes it very hard for a computer to guess. 4 dictionary words WITHOUT any substitutions or capitalization or punctuation would be damnably hard to crack, even if you already had the hash. The rainbow table that would include those passwords would be about 2 terabytes, if my math is correct.

      If not bruteforced and computed in the way you recommend here, the keyspace is 2.21e16 entries. For reference, the keyspace for mixed-case alphanumeric 9-character passwords is 1.3e16, so about half as large.

      Delete
    3. Having done the maths (just now) I have to agree.
      There are ~240K words in the unix words file. A 4 word passphrase with no substitutions therefore has a keyspace of 240000^4 = 3.3e21, which is pretty big.
      I'm not sure where you got 2.21e16 from though - 4 words from a ~12K dictionary?

      Delete
    4. Add 3-4 easy-to-remember random numbers on the end. Done. No need to substitute, even.

      Delete
  5. The only critique I have of this comic is that it assumes people will be bruteforcing the password/phrase.

    More sophisticated password crackers use dictionaries and word lists, and have presets to try common techniques for passwords (ie: try all words in the dictionary, max 5 words, with a space between each).

    So even though this is a good idea, with a few simple tweaks (changing a single letter in each word to uppercase, and adding a number and/or symbol rather than a space, will make it far harder for a preset word list to be used).

    ReplyDelete
    Replies
    1. Thank you for the thoughtful feedback!

      Delete
    2. This is definitely true, but it's certainly arguable that with a keyspace of 2.21e16, about twice that of an alphanumeric mixed-case 9-character password and a 2 TB rainbow table, this is likely to be good enough for now.

      Your improvements do catapult that already-huge keyspace well out of the realm of even remotely plausible cracking, though, so it is absolutely a good idea if you can manage to remember it.

      Delete
    3. A table comprised of (only!) each of the 2284 words of the General Service List, with five of them separated by spaces will take up (average sentence length is 37.75 bytes);

      2284^5 * 37.75 bytes = 55 petabytes of space.

      Oh, and even if you could test 500 million passwords a second, it would take you on average two years to solve. Two years. For 500 million tests a second!

      And this is even if the word list is known, and the length is known (ie, your attacker knows it's five words exactly and not four, three or six).

      Delete
  6. I make limerick rhymes that don't make sense, with intentional misspellings. I use spaces, numbers, and special characters also.

    My passwords are usually about 25+ chars, and use words that I made up.

    ReplyDelete
    Replies
    1. In fact what you just wrote is your password.

      Delete
  7. I've found the Diceware techniques a good way to provide passphrase complexity and better randomness.

    ReplyDelete
  8. Someone told me a long time ago that a password with padding characters is also pretty secure. Example :

    ##########flowers100

    Is this true? How does it compare to passphrases?

    ReplyDelete
    Replies
    1. My opinion is that padding only makes a password barely more secure.
      Assume an attacker that uses a password cracker (e.g.: http://www.openwall.com/john/) in order to find your password.
      These password cracker usualy try diferent combinations of words, number, leet, and some other rules to try to guess your password.
      Even if there is no rule to try the passwords with padding characters, someone might add it, for example, after reading your post.
      In the end, adding the padding characters didn't add much more security.

      Another way to see this is that the only extra work that you gave the attacker was to find which is the padding character, and the pad length, and that's not enough (even if we assume 100 diferent padding characters and a padding length of up to 50, that only gives 5000 choices for the padding, or an entropy of about 12 bits, not even near the 80 bits recommended by NIST).

      Delete
    2. Your assumption that it's possible to figure out "which is the padding character" is totally inaccurate. We can safely assume, given that we're talking about brute force cracking, the stored passphrase is hashed. The design of a good hash results in truly random output; which, all of the standard crypto hashes produce. So, if add 1 character of padding it completely changes the hash value. Therefore, padding with any character increases the overall level of entropy the same as a random character.

      Delete
    3. >> padding with any character increases the overall level of entropy the same as a random character

      If this was true, then all passwords of length X would have the same entropy...

      Delete
    4. The point really was that (given proper password hashing on the server) the attacker doesn't know how close they are to properly guessing your password. So, there's know way for them to determine what your padding character is, how many of them there are, or where they occur in you password.

      Padding a password only helps when using enough entropy in the part of the password that's not padding.

      All passwords of length X with the same key space do have the same entropy from a brute-force perspective do have the same entropy.

      Check out this link
      http://www.grc.com/haystack.htm

      Delete
  9. So then why doesn't lastpass's built in password generator have the ability to generate this type of password yet?

    Also, if the phrase follows the rules of grammar it is much less secure than with 4 totally random words.

    ReplyDelete
  10. i have the simplest passwords in the world,but nobody try to hack be,why to hack me,dont be so stupid to make so hard passwords and so on....

    ReplyDelete
  11. I actually have a strategy that I have never heard of but I think it works very well.
    Since I have to memorize my password I can't pick a completely random and long password right off the bat, but since I have to type it many times, and on mobile too (where I'm slower to type), I definitely don't want a very long passphrase (which would be easier to remember).

    So, the way I do it is as follows:
    1) I pick a decent sized (10 to 16 chars) password that is easy enough to remember (pretty much anything works here, familiar names, dates, addresses, whatever works for you). This password doesn't have top security but is also not weak enough to be cracked in a day or two (or so I hope).
    2) I use this password until I remember it clearly (usually this takes about a couple days)
    3) Now I make a very simple modification to the password (replace a character for another, add a character, add a symbol, swap characters, whatever).
    4) Now back to step 2!

    This way, my password stays short, but gets stronger with each iteration, and I never forget it since the modifications are small!

    ReplyDelete
  12. I use the first letter of each word from a particular snippet of text (which could be a poem, a song verse, a personal slogan, a favourite passage from a book, movie or play, etc.), and I also include any punctuation marks from the text. I realize that these letters are by no means uniformly distributed, but the loss of entropy can be compensated for by using a longer source text (e.g. spanning multiple verses in the case of a poem or song). Since I only have to type it once or twice a day (whenever I activate my LastPass browser plug-in), I don't mind typing a longer string of characters---provided I have a simple mnemonic to remember them by, which the source text gives me.

    Now that I think more about it, some simple approaches to increasing the security would be:
    1) Whenever the source text includes proper nouns or numeric words (or their homophones), apply the appropriate capitalizations and numeric substitutions.
    2) Instead of using the first letter from each word, use the third letter instead. (Use the final letter from any words that are shorter than three characters.)
    3) Start and end the source text at arbitrary positions mid-sentence. This necessitates an additional mnemonic to remember where to start and stop, however.
    4) Change the particular source text on a regular basis, say once a month.

    ReplyDelete
  13. I make up a sentence for passwords too except I make the sentence out of some obscure fact (to someone else) about me. So..."I bought my first jet fighter in 1993, and it had a Pratt and Whitney engine" would become "Ibmfjfi1993,&ihaP&We". Of course on top of that use two-factor identification.

    ReplyDelete
    Replies
    1. Rob, Typing the "seed" of your password instead of the password itself increases the entropy more than a hundred orders of magnitude from 3.62 x 10^39 to 2.05 x 10^150. This blog post is intended to illustrate that they're identically easy to remember (you're remembering the same phrase), but they're not identically secure.

      As you type it, it would take 7.023002971 e+9 years to crack, as I'd type it, 3.450454396103403 e+70 years

      Delete
  14. Go to http://www.grc.com/haystack.htm and try it out

    ReplyDelete
  15. It doesn't matter if you use dictionary words. All that matters is you use enough of them, and they're truly random. You could even publish the word list you select from, and it would still be secure.

    If you pick four words (at random!) from the General Service List (2284 words), you have 11 bits of entropy per word. 44 bits of entropy in total if you select four at random. This is true even if the word list is known in advance.

    It's also true that if you selected 27 random characters (the average length of a four word selection from the GSL) you would have 127 bits of entropy, making selecting four words MUCH MUCH worse than selecting 27 random characters, but the fact still remains that a dictionary cracker is going to have a comparatively tough time guessing your four words, while you'll have a really easy time remembering it.

    If 44 bits of entropy isn't enough for you, add an extra word for another 11 bits. Just don't use phrases or related words. Select the words randomly.

    ReplyDelete
  16. All this depends on how the password is stored. It works on Lastpass because Lastpass uses PBKDF2 with 1000 iterations (can be increased). A lot of systems just store passwords using MD5 or SHA1 or something similar. The offline guessing rate on even cheap hardware is going to be in the billions/sec and not 1000/sec. Under those conditions 44 bits of entropy isn't sufficient.

    Diceware, which uses a pool of 7776 short English words, recommends a minimum of 6 random words for anything worth securing (~77.5 bits of entropy). In practice 6 random words aren't that easy to remember, people won't want to type anything that long and most people will skip the random part. A 12+ character mnemonic is an easier way to go.

    ReplyDelete
  17. Lastpass has at least two different forms of two step authentication.

    Turn on.
    Stop worrying about your password.
    Profit.

    This will do more to protect you than all the rest of these "gimics" combined

    ReplyDelete
  18. Making a master password is tricky, but if you add some memorable words in there, along with a few numbers and symbols, it won't be so hard to remember or crack. I've found http://random.pw helps to create memorable and strong passwords.

    ReplyDelete
  19. I've used Passphra.se as a good source for random multi-word phrases in several languages.

    ReplyDelete
  20. Best Password of my Computer Is "incorrect".... Even When i Forget the Password it reminds me as

    "The Username and Password is Incorrect"

    Hence i can easily login & nobody can crack my password

    ReplyDelete
  21. Sigh. So after I spend a whole day using Last Pass random generator for all my stuff I read Last Pass blog telling me random passwords suck. Oh well, where's my dictionary.

    ReplyDelete
    Replies
    1. Random passwords are fine if they're (1) truly random, (2) long enough, and (3) not reused.

      Unfortunately, those passwords are hard to remember, so most people (1) use a pattern (as in the cartoon above) (2) keep the passwords short and (3) reuse them for multiple websites.

      The power of the dictionary-word approach is that it increases the number of possible passwords (there are thousands of common English words) while also making the password easy for humans to memorize.

      But a password made of randomly selected* words is still easier to guess, meaning less secure, than a password of the same length made of randomly selected characters.

      *The words have to be chosen at random, you can't just pick your favorites. Diceware is a good way to choose random words.

      Using LastPass or another password manager frees you from the usual constraints because it lets you use a long and random (and therefore secure) password for each site without needing to memorize them.

      Delete
    2. Yes, the 4-word pass phrase isn't better than the (truly) random passwords stored in your LastPass database. The article is giving one possible suggestion for how to make a good master password

      Delete
  22. I'm very pleased about lastpass, it's working for me and make my work to be easier. Thank you!
    ________________________________________________________________
    jocuri manichiura

    ReplyDelete