157

In this article on the BBC’s website they offer advice on how to develop a password. The steps are as follows.

Step 1: Choose an artist (a recording artist I presume)

Lets choose as an example case study the teen idol and all round bad boy Justin Bieber.*

Step 2: Choose a song. (The catcher the better)

Next, I need to choose a song from the Biebs vast repertoire of classics. My particular favourite of his, is his insightful look into the dark world of controlling relationships “Boyfriend”.

Step 3: Choose some lyrics

Now I need some lyrics from “Boyfriend”, I'll go with the slightly menacing chorus. “If I was your boyfriend, I'd never let you go

Step 4, 5 and 6: Passwordify the lyric

Now we need to take the Biebs prose and turn into a password. We do this by taking the first letter of each word in the lyric “If I was your boyfriend, I'd never let you go, I'd never let you go”

iiwybinlyg

Make it case sensitive:

iIwyBiNlYg

Turn it into 'leet speak' by changing it up with symbols and numbers:

1Iwy&1NlY9

My question isn't about the mathematical strength of passwords which obviously will depend on the lyric that is chosen and how one goes about passwordifying it, it is more about the the predictability of the total amount of possible passwords that are likely to pop up using this method.

As we are all aware, humans can be very predictable creatures, it wouldn't take a huge amount of effort to generate dictionaries based on certain demographics, music genres, or targeted attacks based on profiling individuals.

My initial thoughts on this was that this would be terrible advice to give out in a business as it would lead to many users using the same formula to develop their passwords, which would only be exacerbated by making the passwords more predictable. On a national scale this could be sound advice, which leads me to my question:

Is the BBC’s advice on how to choose a password sensible, given how predictable we humans are? If so, in what scenarios is this sensible advice?

*Justin Bieber used for humorous reasons only.

TheJulyPlot
  • 7,729
  • 6
  • 30
  • 44
  • 30
    Have you seen that your password contains 3 times the letter "i" (even if in different forms)? I could bet that, depending on the language, there are letters you will most likely find at the beginning of the words than other, thus greatly reducing your final password entropy. – WhiteWinterWolf Jan 20 '16 at 16:34
  • 6
    I think Bruce Schneier recommended using passphrases rather than passwords a while ago - that's pretty much what this is. – Philip Rowlands Jan 20 '16 at 16:37
  • 324
    First of all you didn't follow their advice - they specifically said a musical artist, of which Bieber is neither. – AviD Jan 20 '16 at 17:27
  • 3
    Also, this is pretty much a duplicate of several questions here. I will find one that is closest, then it will probably get closed as duplicated :-( – AviD Jan 20 '16 at 17:28
  • 23
    Bottom line and in short - very bad advice. – AviD Jan 20 '16 at 17:29
  • @AviD I had a search through smiler questions, but didn't see any that match 1:1 to this specific question. – TheJulyPlot Jan 20 '16 at 17:53
  • 2
    Given that only one answer is based on sound argumentation and there are still no attempts at maths (even at several orders of magnitudes of coarseness) in the answers, I am tempted to start a closing vote for "Opinion-based"... @TheJulyPlot is there anything you could do to describe exactly what you expect out of an answer and what level of evidence you require? – Steve Dodier-Lazaro Jan 20 '16 at 18:32
  • 3
    Someone once used a random sentence from a random book on their shelf as a Bitcoin brainwallet key, and it was guessed. – user253751 Jan 20 '16 at 19:10
  • 4
    You messed up your own password after step "make it case sensitive". So if you followed this advice, you'd never be able to login. Therefore it must be a bad idea! – TTT Jan 20 '16 at 20:09
  • 18
    It's good advice if it makes your password generating scheme more secure than it currently is. It's bad advice if it makes your password generating scheme less secure it currently is. I'm pretty sure using the Correct Horse Battery Staple method is more secure, easier to remember and there are already plenty of sites that will help you generate a random one. – aslum Jan 20 '16 at 21:39
  • 37
    It's worth remembering that the article is written in the context of people using passwords like 'password' and '123456' and 'qwerty'. For those who frequent security.stackexchange.com, sure, this method is far from great. If it reduces the number of people using '123456', though, I'm all for it. – Chris Jan 21 '16 at 08:59
  • 3
    The interesting take-home message for me is that although "fuckyou" is no longer number 1 or 2 (indeed doesn't even appear anywhere in the list), but after all these years "password" and "football" _still_ remain in the top ten, unchallenged, together exclusively with subsets of "123456789". Stunning. – Damon Jan 21 '16 at 10:33
  • 3
    If a major news source posts advice on how to create strong passwords, it's only a matter of time before someone makes an algorithm to break that kind of password. – Zibbobz Jan 21 '16 at 14:04
  • 7
    Steps 4, 5, 6 are the real killers. *Why* are you shrinking it to something harder to remember and easier to brute force? – deworde Jan 21 '16 at 14:21
  • How do you know whether a song is catchy if you've been deaf your whole life? – MonkeyZeus Jan 21 '16 at 16:49
  • 2
    The article will convince exactly zero people who use "123456" to switch to this scheme. People use "123456" because it matches the amount of effort they are willing to expend for the sake of security. – Fax Jan 21 '16 at 18:05
  • 8
    I wonder how many viewers have now chosen "Nggyu,Nglyd". Popular songs only reduce the possible passwords. – Casey Kuball Jan 21 '16 at 19:48
  • 2
    @Fax To comfort those people, I bet there exists some song somewhere containing the lyrics "one, two, three, four, five, six" which this advice might turn into 123456 :) – Hagen von Eitzen Jan 21 '16 at 22:04
  • 5
    @Darthfett New puzzle game: Given passowrd, find lyrics, song, and artist. "NgRa&dY" – Hagen von Eitzen Jan 21 '16 at 22:06
  • Huh. I actually do this for passwords I need to remember (i.e. ones that I have to type regularly — for most passwords, I put them in 1Password). I wonder if I read it the same place the BBC journalist did. – Paul D. Waite Jan 22 '16 at 10:10
  • 2
    For many years I used to tell people I based my passwords on words from songs I had written and not ever published. Which does add a layer of obscurity. But still suffers from low entropy unless you have a good long password. – Rory Alsop Jan 22 '16 at 16:16
  • @HagenvonEitzen Brilliant example, and thanks for the rickroll! – gbarry Jan 22 '16 at 20:48
  • 2
    If you can't memorize the result, then you may as well use a real password generator. – gbarry Jan 22 '16 at 20:49
  • YES! It's a great thing! That way, I can steal your passwords! Thank you, BBC! – noɥʇʎԀʎzɐɹƆ Jan 23 '16 at 17:34
  • @AviD apparently Bieber is actually a pretty good drummer. Granted, though, that is not the music or art that he is selling. – msouth Jan 23 '16 at 18:14
  • @msouth pffftt. – AviD Jan 23 '16 at 23:07
  • 1
    @Zibbobz But that's the point - a *good* password should not be able to be broken by an algorithm. That is why password strength is not at all about your creation algorithm, but ONLY about entropy. – AviD Jan 23 '16 at 23:08
  • 1
    Tempting to flag this question as offensive for making me think about Justin Bieber. – T.E.D. Jan 25 '16 at 16:53
  • A lot of the answers focus on song lyrics specifically; while that makes a certain kind of sense I'm curious about this technique with arbitrary sentences, which I have used before. – Casey Jan 26 '16 at 14:59

17 Answers17

166

My question isn't about the mathematical strength of passwords which obviously will depend on the lyric that is chosen and how one goes about passwordifying it, it is more about the the predictability of the total amount of possible passwords that are likely to pop up using this method.

This is a good question, and I'm going to depart from the norm here, put on my tinfoil hat, and say "no, this is not a good idea." Why? Let's look at it in the context of the Snowden leaks.

Because the GCHQ spies on all traffic on the British internet, and according to the Snowden leaks, your internet traffic is shared with the five eyes. Even if you're using HTTPS, this is a bad idea.

"But Mark Buffalo, you're being a maniac tinfoil hattist again!" Think about it. The time to crack your password was suddenly and significantly reduced. How?

  1. GCHQ takes history of your online searches. They likely know when you signed up for a certain website thanks to XKeyscore.
  2. If they know when you signed up for that website, they'll see you went to Google.com around that time and did a search for song lyrics. Even if you're using HTTPS, the fact that you connected to google.com around that time, and then visited a website that hosts song lyrics, is all they need to begin breaking your password.

    • Even if they can't view the traffic, they can still see that you connected. Even if you're using HTTPS, this doesn't stop them from hosting lyric websites themselves. This also doesn't stop companies from logging your search results, and it doesn't stop the companies from providing these results to anyone. If they know what kind of songs you like, or don't like, it makes it even easier.
  3. Now they can write an algorithm to crack your passwords much, much easier than brute-forcing every possible combination. Or even better yet, use a ready-made password cracker with a provided dictionary of those results.


But Mark Buffalo, the government isn't monitoring me!

That's all fine and dandy. You generally don't need to worry about them unless you're a criminal. Or you're privacy-conscious. Or you're a security researcher.

There's another important aspect you need to consider, which I think is far worse than the government: advertisement companies, and hackers "But Mark Buffalo, I use NoScript (great) and Ghostery (Ghostery sells your info)!" Most people don't use those. And many people who do, also don't use those tools when they use their smartphone.

There are data trails everywhere, especially if you own a smartphone (android in particular), and there are plenty of evil marketing companies that will sell your data down the river the first chance they get. Or maybe they aren't evil companies, but they get breached by hackers.

Anyone with a "need" could buy that data, and those sophiscated enough could steal it. While this seems like frantic worrying for such a small thing for most people, it gets much worse when you delve into the realm of federal contracting. This is one of the ways security breaches start.

All of the steps listed previously could be done without XKeyscore. They can be done very easily with vast marketing databases.


Stop the tinfoil, Mark.

If I were wearing my tinfoil hat right now, I'd believe this article was made as part of a plan to intentionally weaken standards. I personally believe that weakening standards is a national security risk, especially when federal contractors adopt those weakened standards.

Personally, I would worry more about evil marketing companies and hackers than I would the government. Especially when deliberately-weakened standards are what help potentially-hostile countries gain unauthorized access to critical infrastructure and intellectual property.


But seriously, this makes your password weaker

Now let's talk about numbers, and social engineering.

With a normal brute force of this password, you'd likely need the following characters based on this password policy:

  abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=

That's 76 possible characters. With this password method, assuming most people will use 6-7 words to generate the password, and perhaps add 1 symbol - !@#$%^&*() being the most common - plus a number, you'll need to test - for an 8-character password - 1,127,875,251,287,708 combinations to exhaust the password space. This could take an impossibly long time depending on the hashing algorithm and hardware.

Let's use md5 as an example (it's terrible, but it's computationally cheap. Please don't use md5; I am only using it as an example). To exhaust the character space of an 8 character password, it would take 4 years to crack with a cheap workstation. About 4 years 25 days 7 hours 46 minutes 54 seconds. If you were to up the password length to 9, it would take over 309 years. Keep in mind that processing power is growing rapidly.

Learning extra parameters about the user's password allows you to simplify this. Let's assume that you choose the following song: baby hit me one more time. This is your favorite song, and I know this because I socially-engineered you into telling me. Let's choose a predictable lyric phrase to create a password with: Hit me baby one more time. This becomes HmBomT. Now let's add some leet with a number. Now we have H@BomT3. Now that we know your favorite song, and your favorite phrase, this is what your password alphabet space becomes:

hHmMbBoOmMtT1234567890!@#$%^&*()-_+=

As you can see, this alphabet space is significantly reduced. It's much, much faster if you know what character the password starts with, but let's assume you don't. Let's further assume it's been randomized. Now you've reduced the time needed to exhaust the password space to 2,901,713,047,668 combinations, it takes 3 days to crack the password with a cheap workstation. Let's upgrade it to 9 characters. Now it takes 137 days 15 hours 47 minutes.

You can calculate this yourself (charset: custom). Also, all of this assumes you don't have a dedicated GPU cluster.

EDIT:

It's come to my attention that there is now evidence of custom hardware solutions dedicated to cracking bcrypt, one of which is a lot less expensive than a 25-GPU array, uses less power, and is vastly superior in every regard. Please read this amazing article if you want to learn more.


But shouldn't we simply increase password length?

Yeah, you could. Truthfully, it greatly increases entropy when you increase the password length.

However, then it becomes annoying to enter - especially for corporate environments that require you to log out every time you leave the computer. On top of that, it's very hard to remember this password.

You might eventually forget it after entering different passwords and being forced to change every few months. Even worse, you could forget it immediately, and be forced to visit the IT help desk to reset your password. This results in costs to the business, and lost productivity.

In fact, a better method would be a xkcd's correct horse battery staple. You could use an upper case somewhere, and a number somewhere else, or you could make it even easier while increasing entropy: something like correct horse battery staple gasoline. It's very easy to remember, very easy to type, and it's very hard for computers to break. Also remember that this should be randomly-generated from a 2048 word list.

For websites, I would recommend a password manager such as KeePass. I would not use LastPass, as it's vulnerable to phishing attacks. Websites can know you have LastPass enabled, because your browser is sending this information to the website if requested! This is part of how browser-fingerprinting works.

For corporate and other logins which you aren't able to use a password manager with, I would recommend a variant of correct horse battery staple with an extra word. Maybe correct horse battery staple gasoline? Much easier to remember.

Mark Buffalo
  • 22,508
  • 8
  • 74
  • 91
  • 1
    Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/34667/discussion-on-answer-by-mark-buffalo-is-the-bbcs-advice-on-choosing-a-password). – Rory Alsop Jan 21 '16 at 16:38
  • 15
    Whether or not this makes your password weaker depends entirely on who is reading the article. If you are the type of person who would read this advice and then pick the chorus of your favorite song as the password, you are the type of person whose password without this advice is either "password" or their birthday. In which case, hmbomt is far far stronger. – Shane Jan 21 '16 at 16:46
  • 1
    +1 all around. Another modification of the xkcd method is to put in a short sentence. "I love Stack Exchange!" is a fairly long password that also satisfies Windows (at least) complexity requirements and is easy to remember and type. If one is picking song lyrics in the first place, no need to "passwordify" them. Just type them in! "Hey Jude, don't make it bad." Is a pretty solid password also. Sorry I just ruined that password for the world. :-) – Todd Wilcox Jan 21 '16 at 17:58
  • 6
    @Shane - I have to disagree with this statement. Worse than no security measures are insufficient security measures that you trust. – Mike Vonn Jan 21 '16 at 18:03
  • 5
    @Mauser No security vs weak yet trusted security is not the dichotomy at play here. Do you think people are using passwords that they KNOW are bad? No. If they are using their birthday as a password, they trust it as a good password. The dichotomy at play here is extremely weak trusted security vs weak trusted security. – Shane Jan 21 '16 at 18:13
  • As a plug, I made a little Python/Flask app for generating your own [correct horse battery staple](https://github.com/waynew/correcthorsebatterystaple) style passphrases – Wayne Werner Jan 21 '16 at 19:45
  • "correcthorsebatterystaple" is my WiFi password. – Insane Jan 22 '16 at 03:38
  • 28
    @ToddWilcox, if you think "I love Stack Exchange!" is an example of the XKCD method, then you don't understand the XCKD method at all. It's supposed to be 4 or more *randomly chosen* words. – Ben Jan 22 '16 at 04:57
  • 1
    @Ben One thing Randall Munroe gets wrong is how easy it is to memorize four randomly chosen words. The point of the xkcd method is that length and ease of memorization are more important than complexity. I see "randomness" as an aspect of complexity and antithetical to memorization. When working with non-technical users, picking a sentence works much better than trying to use four random words if you don't want to be resetting your user's passwords every Monday after a long weekend. It's also hard to get naive users to understand Windows complexity requirements. A sentence takes care of that. – Todd Wilcox Jan 22 '16 at 06:36
  • 1
    Despite the upvotes (which I assume because Snowden was mentioned), this doesn't really answer the question. – Justine Krejcha Jan 22 '16 at 06:51
  • 2
    @Justin Krejcha - How didn't it? Seemed to me to be a pretty concise answer to the question. Tldr:- q. is this method sensible? a. "seriously, this makes your password weaker" – Michal Paszkiewicz Jan 22 '16 at 11:30
  • 4
    @Shane: Your assumption is wrong. People use passwords they know are bad because they do not care. In the unlikely event they have an epiphany and start caring, you don't want the first search result to be junk like the article in question. – Fax Jan 22 '16 at 11:41
  • 10
    @Fax on the other hand, if somebody doesn't care because "making a secure password is too difficult", stumbles upon this article while checking the news and thinks "OK, I can do that" then a few passwords get a tiny bit better. `jb4uiwhd4eva` is much better than `123456`, even if it's not as good as `C9Tds=mTrB&VL$SbRwW2gd!FKhW7q!JpMkCQ`. **"Don't let perfect be the enemy of good"**. – Dan Blows Jan 22 '16 at 14:18
  • 1
    Unfortunately, there are stupid devices such as Dell's iDrac out-of-band management, that silently truncate your password to 20 characters when you edit user account, and to add insult to injury, they compare it to the full input when you try to login afterwards (but that also fortunately warned us about the truncation). So you actually have to get some decent entropy at the start of your password if you are unsure about how many characters of the password are actually checked. – Edheldil Jan 22 '16 at 17:23
  • @Shane Yes, people are using passwords that they know are bad, because the ones that they think are good are not worth the pain (in their mind) – Mike Vonn Jan 22 '16 at 21:11
  • 1
    @Todd The difference between the xkcd method and yours is, that yours is orders of magnitudes easier to crack. Sentences have a clear grammatical structure that vastly limits the options. [Password crackers have been exploiting this for a while by now](http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/). So don't do it, but if you have to, at least introduce bad grammar (but at that point why not just stick with 4 random words?) – Voo Jan 23 '16 at 13:23
  • @Voo I wouldn't be surprised if the most popular password on our network isn't "Password", so a grammatical sentence would be a big improvement. – Todd Wilcox Jan 23 '16 at 17:42
  • @Todd certainly true, it was just about the comparison between the two specific methods. Still vastly better than the average password I'm sure. – Voo Jan 23 '16 at 20:36
  • 2
    Great thing about this answer is that it emphasizes one vital point: don't dilute your password strength with facts about yourself that someone can find out. – TNW Jan 24 '16 at 16:57
  • I developed my own password manager rather than trusting keepass or lastpass, I recommend doing the same if you know about encryption. – ave Jan 25 '16 at 11:28
  • @Blowski I suspect that the act of remembering the password is what by far takes the most effort; mashing random keys on a keyboard isn't exactly difficult. The BBC article should have ended after step 4. As it is, any can-doers will try this method once, fail to remember that it was "3" instead of "e", and then go back to "123456" after the tedious password reset. – Fax Jan 26 '16 at 11:28
  • 1
    @Ben And who's to say those words haven't been chosen [randomly](https://xkcd.com/221/)? – biziclop Jan 26 '16 at 14:33
  • This answer is terrible. Please use MFA. But if you can't, please choose a stronger password. Oh, and use a good password manager. – Mark Buffalo May 11 '18 at 18:10
90

It's horrible :) To provide some numbers to back claims by other answers:

This provides some numbers of how many songs are popular per year. For the last decade it was as low as 300-400 Top40 hits per year! Average word count for a song is 300-600, depending on the style, and they do 7-10 words per sentence (And I imagine that's the comfortable length of a password nowadays).

All this tallied up - the corpus of password bases for people who listen to popular music will be about 40,000 per year, not including repetitions (And we all know popular songs don't have a single repeating line!).

As such, just picking a random common, everyday word and adding your favorite digit to the end is just as secure a password base (assuming your favorite song is less than a year old - very true for so many people!). Which, if you ask any IT or security personel, is not secure at all. In fact, it's strictly worse than XKCD's famous tr0ub4dor&3, due to a smaller corpus and smaller average word length, and that was discussed en-masse.

To add insult to injury - none of the steps in the advice is any good really.

  • Most people tend to listen to the same music. Just go to a concert of a boy-band and look at the sheer size of the crowd (vs the number of words the singer is going to mutter).

  • I sincerely doubt most people will take the fiddly middle of a verse. I find it much more plausible that it's the catchy chorus that will be chosen (After all, you have to remember the line word-for-word, not just the general meaning or tempo!)

  • Taking the first letter of words is horrible. 7 letters cover 65% of the language that way. Of course this didn't analyze lyrics specifically, but I doubt it's better there1.

  • Case-sensitive is OK, but only if you make the uppercase positions truly random. Which you won't. It's too easy if the first one is capital. And you don't lump them together, nonono. And there has to be a decent number, but not too much, right?

  • l33t-ing a password is mostly meaningless. Of the most-common letters, only a couple can be replaced, and the replacement is known beforehand. And you won't properly randomize which characters get replaced and which - not.


1 Trying to make an argument, I actually calculated the Shannon entropy from the article above. Turned out it's ~4.075, vs 4.7 for a random letter distribution. This is not as bad as I expected, although it does mean that a 10-character password is 70 times easier to guess if it's made by first-lettering, rather than having random letters

Ordous
  • 931
  • 5
  • 5
  • 5
    Rats, you basically beat me to my answer, with better sourced numbers. :-) I would also point out that this is not just a theoretical attack, but is actually being done, by pulling phrases from "news websites, multilingual forums, public IRC logs, Wikipedia, Pastebin, e-books, movie scripts, and song lyrics": http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/. It doesn't specifically mention taking the first letter of each word, but I'm sure that's one of the mangling rules they'll try soon if they aren't already. – Ben Jan 21 '16 at 04:22
  • And what if I use obscure, unpopular songs? – Zenadix Jan 21 '16 at 14:46
  • 1
    @Zenadix This was an assessment of the advice for the general public. Popular music wouldn't be "popular" if it weren't popular. Hence this is applicable for a large proportion of people. If you use obscure songs that only you and your friends know, then bullet point (1) is not applicable, all the other ones are however. But at that point, does it matter that it's from a song? – Ordous Jan 21 '16 at 15:55
  • My edit was rejected, so here it is as a comment: even for obscure songs, the corpus is too small. [Billboard estimates about 75000 songs released in a year](http://www.billboard.com/biz/articles/news/1179201/business-matters-75000-albums-released-in-us-in-2010-down-22-from-2009) for 2010. So the total corpus of song lyric starting points, over 60 years, for ALL songs, would be about 2 billion. This is still well within range of modern cracking methods (which can try hundreds of billions of passwords per *second*). – Ben Jan 21 '16 at 16:57
  • @Zenadix how sure are you that lyric has never come up somewhere else? Diceware is good at this problem. Songwriting is not. – djechlin Jan 22 '16 at 00:53
  • It may be horrible from a purist point of view, but consider the audience the article was written for. Those people are more likely to have a password like lastName-DoB than `ansASdhsad398ds=a`. In that case the new song-based password is not so bad. – David says Reinstate Monica Jan 23 '16 at 16:41
  • Sounds like I just need to listen to more obscure music and the problem is solved then. :) – Casey Jan 26 '16 at 14:57
  • 1
    @Casey Nope. The problem here is that it creates strong-looking passwords that aren't actually strong. If an attacker knows this to be a strategy (and yeah, it's now pretty wide-known), they can just scrape a lyrics website and try all of them. As Ben pointed out above, people used the entirety of Wikipedia for this purpose, it's not unimaginable that they use a lyrics database. I used popular music because it's easy to gauge and is applicable to most people (and gives horrifying results), but using obscure music will likely put you right on the boundary between "definitely bad" and "not sure" – Ordous Jan 26 '16 at 15:05
  • @Ordous While I wasn't being entirely serious, while, yes, they could do that, if they are going to scrape every song lyric in every language and then come up with every password that could be created by this method from it it's practically a plain old brute force attack. – Casey Jan 26 '16 at 15:08
  • 2
    @Casey You're overestimating the natural language corpus. All of wikipedias in all languages contain ~23 billion words. Hence there are less sentences. Even if you pump that up *significantly* and say that rather there would be 23 billion *distinct* sentences, (i.e. ~2.3e+10), you can easily see the difference with a random 10-character password search space (70^10 ~2.8e+18). That's 100 million times less and is closer to a 5-6 char password. And that's a severe underestimation. Usually decreasing the entropy by a factor of 2 is called "critical security flaw", not "susceptible to brute-force" – Ordous Jan 26 '16 at 15:17
  • `Taking the first letter of words is horrible. 7 letters cover 65% of the language that way. ` Where you say *"language"*, I think you mean *"english"*. It even says so in the linked article. It doesn't debunk your point as a whole, of course, but I think it's a correction worth adding. – xDaizu May 22 '18 at 11:20
27

It is more secure than what most people are doing, which is to use one dictionary words. The BBC's method starts with one or two sentence, instead of just a word. However, it is less secure than what it could have been.

First, if you're using a well known chorus, you're increasing the chance of other people having similar passwords to you.

Second, personally I think it's easier to type whole words than disconnected letters, even if it increases the number of keys that you need to press. Using just the first letters from a sentence throws away entropy.

My advice if you need a password that's intended to be remembered (i.e. can't be saved in a password manager) is to randomly generate a phrase using something like diceware.

Another alternative is to start by generating a random n-letters password. But then try to find a mnemonic for it. This difference in the order is crucial; if you start with the mnemonic and then passwordify the mnenomic, you're likely to be less random than if you generated the password first.

Lie Ryan
  • 31,279
  • 6
  • 69
  • 93
  • 2
    +1 for random first and learn to memorise, it's much easier to figure out the entropy, and not so hard really. Probably less hard, and less risky, than picking some other scheme and (over-)analysing it. – Neil Slater Jan 20 '16 at 23:00
  • 5
    Its worse than "less secure than it could have been" its "instantly a worse idea upon publication by the bbc as will be part of standard cracker dictionaries immediately" – simbo1905 Jan 22 '16 at 08:07
11

yes its not bad advice though it depends how strongly people follow it, unlike your self I wouldnt slam my favourite artist out there (we all know you like JB..)

following this advice would most likely make many pick their FAVOURITE artist and their FAVOURITE song and most likely the chorus or very well known line (the ones you sing along to and do not mumble) making it very easy to work out the average persons password, but, as it stands following this method would make it alot harder to guess but also alot harder to remember. creating good passwords and remembering them is a gift some people do not hold.

my counter advice would be randomly generate all of your passwords and store them in a keychain keeping only your primary email password and password to your keychain stored in your head.

but once again just so i do not seem so negative, this is a better option than ilovejb2016... its not bad advice for non-tech people.

I wanted to speak about this again, update my answer.

Im not saying its good for someone like us on this site who know security and are security conscious to follow this advice, this would most likely weaken our passwords following this method. BUT BUT BUT this advice would help people like my parents, my nan, kids. those who passwords might and most likely are terrible words following the standard one capitol letter at as their first character lower case and a number (most likely their age, birth year, 1, 11, 123, 321) and the password its self is a normal word relating to their everyday life. e.g. the name of their pet hippo.. Chubby123 for example!

THIS IS GOOD ADVICE FOR THOSE PEOPLE. but not us, you have to remember people, people are not very good with computers or being secure I could hack all of your grandmothers by writing common words.

TheHidden
  • 4,315
  • 3
  • 22
  • 40
  • 6
    -1 for saying its not bad advice, but +1 for pointing out the resulting commonalities from a limited set of likely favorites, and preferring a password manager... – AviD Jan 20 '16 at 17:30
  • 4
    I am in agreement with @AviD. Sorry, but I disagree. I believe this is bad advice because it makes it much easier to crack passwords. – Mark Buffalo Jan 20 '16 at 17:51
  • 3
    I would agree with the point that people very, very frequently use worse strategies than this to select passwords. But I would disagree that that makes this strategy a "good" one. – mostlyinformed Jan 20 '16 at 18:28
  • 6
    I'm going to go against the consensus and disagree that it makes cracking passwords easier. "easier" is a relative term that implies that currently users are choosing good passwords and if they follow this scheme they'll be worse. That's objcectively not true, most users choose passwords which are much more predictable than the ones generated by this scheme. This scheme doesn't provide "good" passwords, but it may provide "better" passwords than the majority of users currently choose... – Rory McCune Jan 21 '16 at 09:10
  • 1
    my point guys is not that its good advice but its better advice than the advice people already have. is better than putting down an obvious password .... this is easier to guess than l33tsp34k... if you get what I mean, it is not bad advice, though not good advice. – TheHidden Jan 21 '16 at 09:25
  • @RоryMcCune Good point and perspective. – Mark Buffalo Jan 21 '16 at 15:37
  • @silverpenguin Now that I understand your point, I've retracted my downvote. Could you perhaps edit this to say it's much better than what most people currently have? – Mark Buffalo Jan 21 '16 at 15:38
  • 1
    Even if it's much better than most people currently use...why replace bad methods with a different *slightly* less bad method? If you're already offering advice, why not offer *good* advice? – Ben Jan 21 '16 at 17:04
  • @Ben, I have an algorithm I use for almost all my passwords. Is my algorithm sensible? That's the question at hand. Let's say I told you my passwords are at least 12 but no more than 25 characters. Let's say I told you they aren't dictionary words. Let's say I told you it uses uppers, lowers, numbers and symbols. How much easier are my passwords to break than ones you consider "good"? – Tracy Cramer Jan 21 '16 at 18:23
  • That depends completely on the pattern used to generate the password. If your algorithm is "type the website name backwards twice and append '123!'" then I'd say it's trivial to crack. If it's "use 20 fair dice rolls to choose random letters and numbers" then it's actually fairly strong. The key is, is there ANY pattern an attacker can use to make their job easier? If so, how many variables must the attacker account for? I.e. how many possible passwords could your method produce? "Billions" of possibilities *isn't enough*. – Ben Jan 21 '16 at 18:46
  • @TracyCramer as long as it does not use simple words and common patterns and you keep that algorithm to your self, it should take atleast 8 years to crack your passwords (ish...8 years ish...) – TheHidden Jan 22 '16 at 09:18
9

Like most things in security, it depends on what you're trying to protect, and who you're trying to protect it from.

Short answer is: For logging into most websites, it's likely secure for attackers trying to guess passwords by trying multiple logins.

For any scenario where an attacker can perform an offline attack this is unlikely to be a good method of preventing a determined attacker since offline attacks can perform millions, sometimes billions of attempts per second. This would be true for wifi passwords, encryption passphrases, or if an attacker obtains the hashes from a website.

Steve Sether
  • 21,530
  • 8
  • 50
  • 76
  • A hacker can make billions of guesses no matter what kind of password you pick... the question, to my mind, is whether they are more likely to succeed if you create your password with this method than with a different one. – Casey Jan 26 '16 at 15:00
  • @Casey The number of guesses per second in an offline attack depends on how difficult it is to hash the password. – Steve Sether Jan 26 '16 at 15:16
7

Passwords length is more important than complexity when it comes to security.

1Iw&iNLy3 so this password has 9 characters which is quite low and can be cracked in a matter of time.

So, when trying to increase the strength of your passwords/pass-phrases, my advice is to consider length as much or more than you consider complexity. Make your admin and root passwords/pass-phrase 18 or more characters long and forget about complexity at 18 characters-plus, they are all but uncrackable.

Please check yourself here the strength:

https://howsecureismypassword.net/

This password 1Iw&iNLy3 can be cracked in 275 days while this passphrase I_Like_Sausages_and_Eggs_For_Dinner will take 64 quattuordecillion years to crack.

So answering your question it is a very bad advice.

https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength

http://crambler.com/password-security-why-secure-passwords-need-length-over-complexity/ https://stormpath.com/blog/5-myths-password-security/

Michal Koczwara
  • 1,580
  • 3
  • 15
  • 27
  • 5
    "`which is quite low and can be cracked in a matter of time`." Everything is a matter of time. :P – Mark Buffalo Jan 20 '16 at 17:54
  • Of course but this one 1Iw&iNLy3 will be cracked much faster than this one I_Like_Sasagues_and_Eggs_For_Dinner – Michal Koczwara Jan 20 '16 at 17:56
  • I agree. I'm just being pedantic. :P – Mark Buffalo Jan 20 '16 at 18:09
  • 4
    Can you trust using a site like howsecureismypassword.net? Couldn't they just be collecting passwords? – Almo Jan 20 '16 at 18:18
  • 7
    "Passwords length is more important than complexity when it comes to security." Not necessarily. The password iwillnevergohungryagain is much, much more likely to fall than 6J;snQv8e!fKn2a is, despite the former string being much longer than the latter. Because any decent guesser or cracker is going to try every dictionary of words/phrases/quotes/etc. they can think of before they will resort to plain brute-force character guessing. (At least where the attacker knows there's some kind of minimum-length policy in place to prohibit the most idiotically short passwords, anyways.) – mostlyinformed Jan 20 '16 at 19:10
  • Yea, this assumes brute force. – PyRulez Jan 20 '16 at 19:49
  • 1
    @PyRulez You should edit your answer to specify that you are talking only about brute force then. – PwdRsch Jan 20 '16 at 21:24
  • @PwdRsch Uhm, this isn't my answer, nor my question. – PyRulez Jan 20 '16 at 21:57
  • 2
    @Almo But they say they don't. They wouldn't dare to lie on the Internets, would they? – Hagen von Eitzen Jan 21 '16 at 22:19
7

In a world where people very frequently disclose information on social media about their favorite musical artists, songs, genres, and even specific favorite lyrics, is this a good password strategy to use?

Umm... no.

Will it withstand a simple guessing attack using, say, 500 very frequently-used passwords? Sure. (Unless the dictionary creator was wise to this tactic and you picked a really, really, really commonly-chosen lyric, I guess.) But if you were interested in stopping an attacker who was willing to do even very basic targeting recon/info-gathering about you--or already knew you to some degree (for eg., a co-worker)--this would be a lousy password choosing-strategy.

mostlyinformed
  • 2,715
  • 16
  • 38
6

To play devil's advocate, this technique can be used if you end up with a long enough password (you may want to use two lines for this). And it is definitely an improvement if your old password is harry1990 or qwerty123. However, this technique is (a) overly complex, and (b) the resulting password is sub-optimal. I believe this famous XKCD comic best explains what's wrong with complex convoluted rules which define your password: enter image description here

Dmitry Grigoryev
  • 10,122
  • 1
  • 26
  • 56
  • 1
    This technique is just about as naive as the BBC one, unfortunately. It's only really 44 bits of entropy if your attacker is trying every possible combination of characters, and in the real world, they're using dictionary attacks. http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/ – user2752467 Jan 22 '16 at 23:28
  • 5
    @JustinLardinois The 44 bits figure is right. See [Diceware](http://www.diceware.com/) for one calculation. See the [long argument at the xkcd forum](http://forums.xkcd.com/viewtopic.php?f=7&t=73384) for more. In the xkcd case, he assumed a dictionary of about 2000 common words, so it is a four digit number in base 2048, or 44 total bits. – RBerteig Jan 23 '16 at 01:37
  • 1
    Never mind then. That's what I get for not checking the math first. – user2752467 Jan 23 '16 at 01:38
  • 2
    I'm kind of tired of seeing this comic, but I do like that every password leak you see scores of people using the exact password `correct horse battery staple`. – Casey Jan 26 '16 at 15:01
4

Considering most people would likely pick a popular song's chorus (especially since you want 'the catchier the better') and only change letters like E and A to 3 and 4 respectively, it wouldn't be beyond the bounds of reason to generate a wordlist from popular songs in this manner with relative success.

4

Humans are indeed very predictable, a lot more so than we usually think we already are, see e.g. here. So, you should never choose your passwords using a scheme that involves meaningful information to you.

Count Iblis
  • 228
  • 1
  • 5
3

The short answer is "no". This article by Jeff Atwood makes are fairly good case for any password of less than 12 characters being insecure.

Summary: the above is fine for the someone-trying-passwords scenario (~1000 guesses per second), but so would just using the phrase "If I was your boyfriend, I'd never let you go" as your password. Most people have so many passwords, at some point some some service they use will have all their password hashes dumped. This is the "offline" checking of hashes scenario. If the service uses an insecure hash, then your password doesn't matter. If they use a secure one, but someone thinks there's money in cracking the passwords, time on "cloud" machines with GPUs for fast hash calculations is cheap. This page puts the time to brute-force your example password at under 2 hours in such a scenario.

morganwahl
  • 141
  • 3
3

No. It isn't good advice on creating a password. I can't really see any specific advantage to the password method at all.

It's easier to guess because it likely uses a common phrase (remember, as criminals we're trying to crack as many passwords in the database as possible, not one specific one. Yes you might use an obscure phrase, but I'll bet the majority of people will use a chorus lyric from a popular song).

It's not secure to brute force attacks either. The length of password it produces is short, so you can brute force it relatively quickly. Maybe it would hold out against a brute force a bit longer than an equal length password without characters, as the criminals would likely run a brute force on just alphanumeric characters first.

It's also less secure because it's difficult to remember. If you can easily remember your password, you don't write it down on the post-it note under your desk or in the passwords.txt file on your desktop.

The only advantage this method has is resistance to dictionary attacks, as it contains no dictionary words.

As others have mentioned, the Correct Horse Battery Staple method is the best method for creating a memorable password that is resistant to pretty much every attack. There are currently 1,025,109 English words to choose from. 4 words gives 1.1^24 possibilities and 7 words gives you more combinations than the number of possible MD5 hashes. If you choose even a 4 word password and replace a random character with a random ascii character/symbol, you have essentially made dictionary attacks impossible and only brute force applicable. Assuming an average word length of 5 characters, the total number of combinations would be ~20^254, which is too big to compute even by Google's calculator.

However, if you can remember 4 words and a substitution, the password is incredibly easy for you to remember.

So basically, BBC's method is less secure than randomly generating a password. Don't use it.

JamEngulfer
  • 233
  • 1
  • 4
3

Use a password manager.

A very popular password manager among the technocrati is KeePass.

My IT manager says "LastPass for the babies" (implying that its easiest).


edits: link removed due to objections to article's credibility. Direct answer added by request.

As for the question, I'll say it's good (but not great) advice. There's definitely worse passwords out there than 1Iw&iNLy3, and its more of a guideline than an algorithm: while you're using Justin Beiber, I could use quotes from the I Ching, Yogi Barra or Rocky IV, and my 'passwordification' can be more or less complex than yours. So their advice is a perfectly good starting point for folks who decline the use of a password manager.

woodvi
  • 159
  • 3
  • 3
    That article comes to the correct conclusion (use non-password authentication, or use a password manager and random passwords) but it gets *everything else* wrong. First of all, passwords created by the XKCD method *ARE NOT CHOSEN BY THE USER*. They are random. Why does *everyone* always think the comic is saying "pick 4 words off the top of your head"? It's recommending diceware. Secondly, bcrypt, scrypt, etc. are popularized primarily because they slow down dictionary attacks just as much as brute-force attacks, so that method also becomes untenable for good passwords. – Ben Jan 21 '16 at 16:21
  • 2
    Finally, big companies (Linkedin, Ashley Madison, patreon, Walgreens/CVS/etc., LastPass (ironically)) lose their password hashes frequently enough that I don't think it's fair to hand-wave away the threat of leaked password hashes. Especially for people who re-use passwords, that's at LEAST as much of a threat as online attacks. Although probably less of a threat than phishing. – Ben Jan 21 '16 at 16:23
  • @Ben Good points. However, regarding "`First of all, passwords created by the XKCD method ARE NOT CHOSEN BY THE USER`", in many places, you *can't* use a password manager. In my opinion, the xkcd article is still somewhat good advice when choosing a password. – Mark Buffalo Jan 21 '16 at 16:39
  • 1
    Yes I agree the method is good, that was my point. The article claims the XKCD method is bad because the user is "not very creative" and may choose a password like "letmeinfacebook". – Ben Jan 21 '16 at 16:55
  • I like password managers but they're not really practical for something you expect to need to log into often away from your own personal computer. – Casey Jan 26 '16 at 15:03
  • @Casey Why not? Many password managers (e.g. KeePass) have a portable version, or you can install mobile apps to log in on your phone or tablet. – Ben Jan 26 '16 at 16:19
3

In a word, no. It is extremely stupid. Anything that reduces the search space for attackers is insecure. Don't do this. Somebody should hold the BBC to account for this.

user207421
  • 245
  • 1
  • 7
2

This is really bad advice I concur with the general consensus.

But, the target audience for this advice is people who use passwords like password123 or il0vecarr0ts so this will improve their passwords, albeit with a flawed password...but less flawed. Which is a good thing.

Also the risk of what you are protecting has to be considered, for example if a 14 year old girl is using a JB song to seed her password for Facebook, then that is probably a reasonable risk to take.

If however if someone like BA Obama is using all the single ladies by Beyonce to seed the password that protects the proverbial big red button on the US nuclear arsenal..well then that would be a little too risky.

silly_user
  • 33
  • 4
  • There is no password on the big red button. Too risky. Nuclear arsenals don't fail-safe, they fail-deadly. – timuzhti Jan 24 '16 at 01:12
  • 2
    It'd be an improvement over `00000000` which was [used for decades](http://www.dailymail.co.uk/news/article-2515598/Launch-code-US-nuclear-weapons-easy-00000000.html). – Casey Jan 26 '16 at 15:07
2

Is this password better than other naive schemes that generate passwords like Texas89, ddddd, zxczxc, Judges12:6, purple1, or 65432? Yes, much better. Would I recommend it to a friend? Probably not.

A good password generation scheme balances the priorities of trillions or more unique passwords (not just thousands), and being easy to remember and type. This password scheme, especially as described by BBC, makes it too easy to make an insecure password for how hard the passwords are to remember.

What's our threat model?

  • Is a hacker using a leaked password from somewhere else to see if you reused it? The suggested scheme makes it easier to generate lots of memorable unique passwords than other schemes (like adding 0 to a random word), so you could protect yourself here as long as you remembered the hundreds of passwords you're creating.
  • Is a friend, colleague, or social engineer trying to guess your password based on their knowledge of you? In this case they'd likely never guess the password even if they correctly guessed it was based on one of your favorite songs.
  • Is a hacker trying to crack your password offline (e.g. after a database leak)? This is the most dangerous threat, and the one with the most complex password policy implications. We'll discuss that in greater detail.
  • There are also methods like phishing, taking over the password reset, and stealing a plaintext database. In all of those threats it doesn't matter how complicated your password is; it's gone anyways.

However, it's worth pointing out that using a password manager effectively is a better solution to all of the above threats, although it does introduce a minor additional threat of having your password manager's database leaked.

What advantage is there in only using the first letter?

There are thousands of words in the English language and but only twenty six letters. Even natural English, non-random phrases give you more entropy than the collection of their first letters (see more below). "ijamwnsasth" could stand for "I'm just a man who needed someone and somewhere to hide", "it's just a most wonderful new shirt and skirt that had" or "imagine just anyone may work near Seattle and show them here", "in just a manner which satisfied and seemed to her", or hundreds of other phrases.

Of course, password crackers do sometimes have databases of song lyrics to draw from, so this suggested password scheme is probably attempting to circumvent attacks based on such databases. The problem is that they're significantly cutting the complexity in the process. You can add strength to a password by taking away letters (for example, letein is better than the extremely common password letmein), but this suggested scheme seems to strip away too much randomness to make the password stronger.

The only realistic reason I can see to use this scheme instead of using the full words is if the service used has a maximum password length. Since many passwords are compromised by methods other than offline cracking, a high maximum password length is sometimes viewed as unnecessary by companies. A lot of companies still have 16 character or lower for maximum password length, despite OWASP's recommendations on the matter.

Password entropy

Humans are pretty bad at telling how complex a password is by looking at it, so don't trust just your judgement. We can measure password complexity in bits of entropy, and there are several ways to do it. The most naive way is to assume the attacker is trying to brute force the password using all the characters in the character set allowed, in which case password length and character set allowed are the only criteria. Full-knowledge entropy, on the other hand, assumes the worst-case scenario in which the attacker fully understands your password generation scheme. In practice the true difficulty of your password usually lies somewhere between the two, usually closer to full-knowledge entropy due to the sophistication of modern crackers.

As for blind entropy, this scheme seems sufficient when a long password is used. However, the article by BBC doesn't state any suggestions for password length, which I view as a major oversight. Since password cracking difficulty goes up exponentially, especially when brute-forcing a large character set, adding just two random characters to your password can make your password 1000 times harder to crack. Both the password suggested here and on the BBC site are at least ten characters long, providing a large amount of entropy.

Is the first letter really better than the whole word?

We know from Claude Shannon and more modern results that the English language has at least 1.1 bits of entropy per non-space character, possibly as high as 1.75 bits (see also here). Other studies show that each word can be estimated to add 5.97 bits of entropy.

In comparison, the entropy of random letters in the English alphabet is 4.7 bits and the entropy of first letters is about 4.1 bits per letter. That means the first letters in a randomly chosen 6-word phrase is about as random as the first four entire words in the same phrase, or that even a single random letter is only as complex as about four letters of a normal phrase. (Note that these figures don't apply when the individual words are randomly chosen, as in the xkcd scheme.)

But aren't song lyrics more predictable? Not much more predictable than other English phrases as long as the lyrics as randomly chosen. Careful analysis of the frequency distribution of the MusixMatch dataset against other English corpora shows that the differences are not huge, and some of the differences can probably be attributed to differences in counting methods. See the chart below. However, this is all assuming that we're choosing our phrases completely at random from each source. If you pick a common phrase from either you might be busted.

enter image description here

So in summary, even if the attacker knows that you're picking 10 fairly-random letters and your neighbor is picking 10 whole words from lyrics, your neighbor's password is more complex, assuming the lyrics are randomly chosen. Changing capitalization or using common character substitution only mask this problem.

Why substitute characters for numbers and change the casing?

You might say to yourself "26 character English is way too small a character set. I'll just substitute @ for a and the attacker will be forced to use dozens of symbols in the character set". In reality, hackers know you'll make substitutions like this so p@ssw0rd is still a horrible password. So yes, changing case randomly and substituting characters will make your password more random, but don't expect your password to be more than 2-4 times more difficult to guess per character when using both of these methods.

That being said, most services now force you to use an alphanumeric password and this ensures you meet those constraints. However, I'm wary of using symbols as the primary method to enforce password complexity since they make it much more difficult to remember your password, hackers know you're going to make these substitutions, and several studies have shown that increasing length, not character complexity, is often the better way to generate secure passwords. (see this study or this one)

Actual Password Cracking

Your BBC-scheme password would probably be cracked using plain brute-force. A password is typically cracked by running every combination of a set of composition rules over every hashed password in their stolen database. Password composition rules include dictionaries of common words, numbers, and character substitutions. You can learn more here.

For example, if you used several entire words and your password was short enough, the attacker could possibly crack it using a dictionary attack. In the book Financial Cryptography and Data Security, researchers ran an experiment in which 37% of their cracked passwords matched lyrics but only 5% of these lyric passwords were not found using dictionary based attacks or other password databases.

However, since your characters are fairly random, I don't think any of the commonly used rules would help here. The best approach would be brute force over the character set of alphanumeric characters and common substitution symbols like @. I'm no expert in estimating cracking time, but based on results like these any such password of 6 or fewer characters would be very insecure, but any password in this scheme of 11 or more characters should be ok for the average user. Such a password would be so difficult to brute force that an attacker would have to be running a custom hardware, have huge amounts of lot time/money, and/or be cracking an insecure hash like md5.

So in summary: yes if you pick song lyrics as randomly as possible and you make sure it's long enough, this scheme suggested by BBC would generate a secure (but hard to remember) password. It's better than most naïve schemes average people use for passwords. However, it's based on some shaky principles, like assuming the first letter is better than the whole word, and BBC's article omits some of the most important points like the importance of length. There are better ways to come up with and manage passwords. I wouldn't recommend this to a friend.

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
Cody P
  • 1,148
  • 6
  • 14
1

Doing the math your password gets more secure (higher entropy) if its longer not more complex. Ideally it is long and complex but who can remember that. So there is always a trade-off between usability and security.

Here is are two good blog posts which discuss that in detail:

https://pthree.org/2011/03/07/strong-passwords-need-entropy/

http://crambler.com/password-security-why-secure-passwords-need-length-over-complexity/

  • 4
    Pointing to blog posts rather than summarising the information is not very good practice for StackExchange, as blogs tend to disappear. Besides that detail, most people fail to understand the fact that entropy depends on the relative likelihood of a specific piece of information existing in-the-wild compared to others. Not all passwords are equal. Not all letters, symbols or additional characters add the same amount of entropy. And these blog posts you are pointing to contain wrong maths. – Steve Dodier-Lazaro Jan 21 '16 at 16:56