41

I have heard of the method of using 4 random dictionary words, it gives you lots of characters and is easy to remember.

But that seems to be open to dictionary attacks, especially if the attacker has heard of the method as well, and brute force attacks of combinations of 4 dictionary words.

Are there too many combinations of 4 dictionary words, so that it would still be safe?

I noticed that Veracrypt specifically states not to use dictionary words, or combinations of 2, 3, 4 such words.

So, if thats not safe, is there a safe method that still let's me remember the password? Would a combination of 8 dictionary words work?

jlevis
  • 113
  • 2
Lichtbringer
  • 569
  • 1
  • 4
  • 7
  • Yes, I looked at some other topics. I think the question is specific enough, because I saw in other answers that recommended the 4 word combination, but that directly conflicted with the security warning from Veracrypt not to use such a password. Maybe I have to rename/restructure the question. – Lichtbringer Aug 29 '18 at 12:27
  • 24
    The most important part about this method is, that you choose the words truly random. Humans are bad at being random. So get some dice and then apply the [diceware method](https://en.wikipedia.org/wiki/Diceware) and it should be safe. You can calculate the entropy of a diceware password by wordlist length and number of words, but as said this only applies if the choice was really random. – allo Aug 29 '18 at 12:31
  • 6
    Related: https://security.stackexchange.com/q/62832/134527 and https://security.stackexchange.com/q/6095/134527 – GoodDeeds Aug 29 '18 at 13:32
  • Have you tried `strongpasswordthatiseasytoremember` ? If I hadn't just posted it in the comments, it'd probably be a pretty good one. – aslum Aug 29 '18 at 16:19
  • 2
    A good rule of thumb is that if you can remember your password, then it is not strong enough. – kloddant Aug 29 '18 at 17:29
  • You cannot make a strong password which is easy to remember. You can make a strong password which is hard to remember, then put the required work into remembering it. You can make a strong password, then keep it in a password safe or write it down and keep the paper in a safe place. – Ben Aug 29 '18 at 17:35
  • 5
    @kloddant I disagree. The password I use for my PC has nearly 80 bits of entropy, yet is eminently memorable (it's a six words long Diceware passphrase, which gives nominally 6\*12.9 = 77.4 bits; add to this that there are a few perfectly reasonable word-separator characters and you easily get another few bits). While 80 bits of password probably won't stop a nation-state attacker, it definitely will stop most people; at that point, the weak link is no longer the user account password. – user Aug 29 '18 at 18:00
  • Why does everyone want to limit the number of words used in a pass phrase? What's the point of setting such a limit? – barbecue Aug 29 '18 at 18:18
  • You can use a service such as [passmaker.com](http://passmaker.com) and choose how many words. Change some letters to uppercase and symbols to numbers as required by the site. Choose how many words and min/max word length. Also provided is an equivalent to a key length in bits. The Python source code is available on the site. – zaph Aug 29 '18 at 18:23
  • Spell the words wrong – Carl Aug 29 '18 at 20:14
  • @Ben (also Conor_Macone) While there are similar questions, I haven't seen many that really directly address this fundamental question of "how", in part because even slightly opinion-based or broad password questions tend to get shut down. (I think this is an important and distinct enough question to keep up) There's some meta discussion on making more general password questions here: https://security.meta.stackexchange.com/questions/2821/can-we-redirect-all-pattern-or-trick-based-password-selection-policies-to-the/ – Cody P Aug 31 '18 at 00:51
  • @kloddant No, it isn't. For this to be a good method, the words must be chosen randomly and *independently*. If you randomly select 6 words from a small, 10,000 word vocabulary, there are 1 septillion (10^24) possible passphrases. There are nowhere near that many grammatically correct 6 word phrases that relate to passwords. – Ray Aug 31 '18 at 04:31
  • @Lichtbringer Suppose your dictionary has 10000 words, and that they're numbered (starting at 0000). If you have any 4 digit number, you can find the corresponding word, and vice versa. So if the attacker has the dictionary (and we assume they do, since we want to be strong even in the worst case scenario), a password with 4 words *randomly and independently selected* from this dictionary is equivalent to one consisting of 16 uniformly random digits. Each extra word adds 4 more digits worth of security. – Ray Aug 31 '18 at 04:40

14 Answers14

70

The main problem with passwords is not password complexity, but password reuse (obligatory xkcd). One service leaks logins and passwords, suddenly lots of providers see a surge on account hijacks. Why? Because we humans cannot remember dozens of different passwords, so we create one password for common services, and one for special ones. But most of us will have only one password.

Don't create your own passwords, use a password manager. They can create very complex passwords, one for each service, have plugins and extensions for the major browsers, have strong encryption, cloud backup, multi device syncing, and more. Don't trust your brain to create different random passwords for each service.

Using a password manager means you will only need to know one password - the master one. This password can be written down and kept on your wallet. All the others will be created by the manager, and can contain 128 chars, 10 numbers, 30 special chars, including ĥaŕd-tö-tỹpẽ ones...

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
  • 11
    And for the master password, you might look at something like Diceware (https://en.wikipedia.org/wiki/Diceware) with the EFF word list, which gives randomly selected dictionary words, removing human bias (like putting them in some kind of order). – Matthew Aug 29 '18 at 12:03
  • Thanks for the answer! I do use a password manager for most of my stuff, but I was thinking about a password for Veracrypt or a Masterpassword for the Manager. I will check Matthews link. – Lichtbringer Aug 29 '18 at 12:25
  • 1
    @ConorMancone Veracrypt does (and password managers _should_) use a slow key derivation function, so while testing a password may involve a decryption instead of a direct string comparison, it still requires a slow hash. – AndrolGenhald Aug 29 '18 at 18:49
  • 6
    I think it's worth mentioning though that by using a password manager, there is some risk that compromising the main password can compromise all that use the password manager. This brings you somewhat close to the realm of "one password for everything" again; though with a far more controlled point of failure. – JMac Aug 29 '18 at 19:41
  • 7
    Just make sure to take your wallet out of your pants before tossing them in the the washer. There's nothing quite like locking everything down and then losing the master key. –  Aug 29 '18 at 19:43
  • 5
    My password manager asks for the password every time I reboot, so I have to type my passphase at least 3 times a week, every single week, for as long as I have this password manager. It's very, very unlikely at all that I will forget that passphrase. – ThoriumBR Aug 29 '18 at 19:50
  • 5
    Though it's probably a good idea to avoid special characters that are difficult to type, because there's always that one time you're unable to auto-type or paste into a specific application. Not to mention the sites with encoding issues. – Bob Aug 30 '18 at 01:16
  • @Matthew for the master password, it's more efficient to use _completely random lowercase characters and digits_ rather than dictionary words. Although that's tricky to remember initially, it gives you more entropy per keystroke, and for a password you type multiple times every day it's not so much the actual content you need to remember as the finger movement needed to type it. (It's a good idea to also have a backup key of dictionary words though – muscle memory can fail horribly for simple reasons like one of the keys being slightly stuck!) – leftaroundabout Aug 30 '18 at 13:22
  • Just to add to the possibility of losing/forgetting one's master password, if you're happy to trust your password manager to biometrics, there are phone apps for some of the better known managers that let you access your password database using your fingerprint. YMMV as to whether you see that as more or less secure than writing your master password down somewhere, although it's certainly very convenient. – delinear Aug 30 '18 at 16:13
  • 1
    @leftaroundabout Personally I prefer typing longer password sentences with dictionary words because the connection from my brain to hands works much smoother that way. I'm instantly able to type a new password sentence effortlessly without the need to teach my muscle memory. I find this to be more efficient for me in the practice (though, I do understand what you're saying). – mgronber Aug 31 '18 at 06:33
  • Suggestion: consider adding a point about setting up 2FA for password managers to alleviate the single point of failure. That way If your password manager's cloud sync is compromised, at least you have that extra layer in front of your password – Robotnik Aug 31 '18 at 06:47
29

Definitely take Thorium's answer seriously. However, I figured I might as well try to address your actual question too.

You'll hear this all the time on a security board like this, but I'll say it anyway: the answer always depends on your anticipated threat vector. I'll focus on brute-force attacks by people who aren't specifically targeting you (because that sounds like your primary concern), but the situation is much different if someone is specifically targeting you. Let's keep it simple though.

Untargeted Offline brute-force attack

A big reason for high-entropy passwords is to defeat offline brute-force attacks. Obviously offline brute-force attacks are trivially easy if the hacked service uses plain-text passwords (which is a very important reason why you should never reuse passwords across sites). However, what if your password ends up in a dump from a service that uses MD5 for passwords? There are rigs out there that can test hundreds of billions of passwords per second against MD5. The best defense against such an attack is simply password length, and making sure your password isn't on a password list or a simple variation of common password schemes people use.

Even with an offline brute-force against an MD5 password list, an attacker isn't going to just exhaustively search password space. They will start by downloading lists of previously-cracked passwords and trying all of those. Then they'll take a list of the most commonly used password-generation schemes and try those. The "combination of dictionary words" generation phrase is common enough that they may even try that. If so, the question is how long can you hold up? Depends on how many words you have and how many words are in your list. There are 7776 words in the diceware list, so let's use that. That means a 4 word passphrase has approximately 3.66e15 different passwords combinations it can make. At a rate of 200 billion passwords per second (a top-of-the-line hashing rig) it will take 5 hours to search that password space. Here is the search time depending on the number of words in your password:

  • 4 words: 5 hours
  • 5 words: 4.5 years
  • 6 words: 35,000 years
  • 7 words: 270 million years
  • 8 words: 2 trillion years

Of course MD5 is terrible. If your password was leaked from a system that uses more modern hashing methods, even a 4 word password will be effectively uncrackable. However, it's best to assume the worst and, for important services, assume the person on the other end is using the worst possible security and choose accordingly (i.e. assume plain-text passwords or MD5). There are plenty of systems out there that are still using MD5 for passwords.

The unknowns

There are lots of unknowns though, which makes this hard to answer. We've assumed that an attacker has tried to brute force a diceware-like password and is using the exact same password list that you used. Those are a lot of assumptions, and a hacker might not bother or might not have your word list. What if they don't and instead just try an exhaustive search? Assuming an average word length of 5 characters, a 4 word diceware password is 20 characters long. They are doing an exhaustive search so must check all letters and numbers even though you have only lowecase letters (we'll be nice and ignore special characters). Now there are 7e35 password combinations to try (if they want to search all passwords up to 20 characters long), or 1e17 years of computation with a top-notch hashing rig before exhaustively searching the necessary password space. In other words, there is absolutely no chance of your password being cracked. Obviously, no one would even bother trying that. Which is what it really comes down to. Most people who are just trying to crack as many passwords as they can are going to try the obvious answers first. Past a certain level of complexity there is some safety in the simple fact that you are no longer the low-hanging fruit. Of course if someone is specifically targeting you, then all bets are off (another obligatory xkcd).

Still, I'd probably opt for 6 or more words. Also, don't reuse it anywhere.

Regarding disk encryption/password managers

In a comment you mention that your interest may primarily be in selecting a master password for a password manager, or a password for disk encryption. This is a slightly different use-case. Modern password hashing algorithms are designed to be slow and therefore hard to brute-force. However, encryption algorithms work a bit differently and "slowness" is not as important for encryption as it is for password hashing (to some extent too much slowness is even a bad thing). How "hard" it is to brute force an encryption key varies wildly depending on the exact details of the encryption method (so I can't really guess at what that would look like in practice), but comparing against something like MD5 might not be a bad reference point.

An important difference (h/t Michael Kjörling) is that with local disk encryption or password manager you may have control over the cost factor for the key generation process. In this case you can crank up the "hardness", decrease your password length, and find your own acceptable compromise between security, ease of memory, and "how long I have to wait until this thing opens" (i.e. ease of use).

Conor Mancone
  • 30,380
  • 13
  • 92
  • 98
  • I get 4.5 years for 5 words. – AndrolGenhald Aug 29 '18 at 14:03
  • @AndrolGenhald That's what I said :p For the curious (python): `7776**5/2e11/86400/365` – Conor Mancone Aug 29 '18 at 14:06
  • 1
    Where are you getting the 200 billion per second rate? – Karl Bielefeldt Aug 29 '18 at 14:29
  • 2
    @KarlBielefeldt here is an example hashing setup: https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40 – Conor Mancone Aug 29 '18 at 14:32
  • I'm guessing those times only calculate brute force of english words, am I right? because if that is the case then the rest of the non english speaking world should be safe :-P. Mixing words from different laguages may make a good password. – YoMismo Aug 29 '18 at 15:01
  • 1
    @YoMismo no, see [here](https://security.stackexchange.com/q/113518/151903) and [here](https://security.stackexchange.com/q/190682/151903). There is a list of 7776 words that we assume the attacker knows, it does not matter where the words come from. – AndrolGenhald Aug 29 '18 at 15:07
  • @AndrolGenhald if you assume something then you're missing my passphrase. If you don't assume anything then my native lange has a list of 80.000 words, if you assume I will only use words like house, dog, then you're assuming too much, maybe my password contains words like `depone` just to make sure someone trying to crack my password needs to have all the words in his bag. In that case in my language, the number of combinations to find my password would be 80000^4 which I think is not solvable in just 5 hours, not even in days and looks like a good password to me. – YoMismo Aug 29 '18 at 15:53
  • 2
    @YoMismo I'm not sure what your point is. Yes, increasing the size of the list increases the entropy, and using 4 random words from a list of 80,000 is about the same as 5 words from a list of 7776. It doesn't matter what those words are though when working under the assumption that the attacker knows the list (which is done to make the entropy estimate possible and to provide a lower bound). They could be gibberish, slang, from multiple languages, etc, it doesn't change the estimate. – AndrolGenhald Aug 29 '18 at 16:16
  • 3
    @YoMismo I feel like we've devolved into a red herring here. I (thought) I was pretty clear about my assumptions, which Androl has reiterated. Yes, a larger word list will be more secure. Regardless of word list, if the attacker doesn't know your list, then all that matters is your final password length. If someone is targeting you of course then its a different ball game all together. – Conor Mancone Aug 29 '18 at 16:22
  • 1
    A master password for full disk encryption or a password manager is actually advantageous, because setting a very high PBKDF iteration count is feasible for such a scenario. It's not a problem if the master password database or the encrypted disk volume takes a second to open because it needs to run the key derivation function for that amount of time; whereas for most online services, such times would be unacceptable (if nothing else, it gives regular users an easy DDOS attack vector). – user Aug 29 '18 at 18:05
  • 2
    I think that a relevant point here is why using a word list like diceware and properly selecting random words is important. It turns out that people picking "random" words on their own ends up being pretty poor and a lot less words end up being used making the security much lower. If your 4 "random" words end up in the top 1000 words in the English language, which is fairly likely if you pick them yourself, your 4 word pass phrase is much less secure. – Evan Steinbrenner Aug 29 '18 at 20:19
  • 1
    @EvanSteinbrenner I just tried this by thinking up four passwords, and out of the 16 words, only two were in the top 1 000. The vast majority (12) were not even in the top 10 000. – Fax Aug 30 '18 at 13:37
  • HD Encryption needs to be *fast* - but turning the password into a master key (from which all the block keys are derived), can be very slow. The natural way to do it would be something like PBKDF2 with a *very* large iteration count. – Martin Bonner supports Monica Aug 30 '18 at 14:55
8

Even if you use a password manager for most work, there is still value in having a consistent format derived from dictionary words. For instance, you could generate six-word passwords from a 4000-word dictionary, giving passwords like:

that-feats-peers-film-wash-propaganda
chrome-document-thirty-ignore-given-screen
studying-mark-approved-rods-heavy-mocking
ahhh-shock-input-movies-considering-trader
equipment-download-created-compile-cookie-oops
effective-saved-systems-garage-wrote-wondering

What is the advantage? Imagine you're transcribing one of these passwords to a different computer - looking at it in your password manager and then typing it into a completely different computer. Or a phone. Or anything like that. Look at, say, the third password on the list; then look away, type as much of it as you can remember, and come back. You can probably transcribe the entire password with perfect accuracy in two tries - maybe even one. Even if you go as far as ten word passwords, you should be able to transcribe one in about three steps. Try it with "heaps-comment-handle-emerald-capped-gain-write-details-grey-moment" and see how easy that is.

You may think this will never matter to you, but it needn't cost you anything (the passwords I've given here have 71 bits and 120 bits of entropy, respectively), and if it ever DOES matter, you've gained enormously.

rosuav
  • 239
  • 1
  • 3
  • I can see limited utility in that approach, mainly if you regularly have to enter these passwords into a device with a less-than-friendly input mechanism, such as a small touch-screen, and of course for your main computer login which gives access to your password manager in the first place. For most use-cases though, surely you can just copy-paste (or if you need to transfer them all to a new device, just copy the database across and install the application to open it on that device, or even stick it in the cloud) and go for the more obscure passwords? – delinear Aug 30 '18 at 16:22
  • 1
    You assume that copy-paste is an option. Sometimes it isn't. For a very very simple example, take your wifi password - chances are you have to actually type that one in. My point is, these passwords are no worse than those built out of Base 85 characters, and occasionally better. You lose no security and you gain typeability. – rosuav Aug 30 '18 at 18:12
4

This Question provides a starting point for reading on the broad topic of different possiblities.

Keep in mind that some of the answers are several years old. Anyhow, there is a lot of hints towards a good password. Also this article tells you some more about calculation times (though you should try to get the point without really depending on every word there ;))

There are quite a lot of problems but as ThormiumBR stated one of the most common problems is reuse or partial reuse. If people use e.g. the password a9wdu$$$db§c5829ae1 somewhere and made it at somepoint to remembering it, chances are there will be a9wdu$$$db§c5829ae2 or any other derivate as well somewhere. One of the better methods is to basicly randomly (yep that means dice) 4 to 6 random words from a dictionary (such as here). That increases your chance for a long password that you can remember as well and therefor decreases the chances of reusage or partial reusage. Why would you need to, if they are easy to remember?

But that seems to be open to dictonary attacks, especially if the attacker has heard of the method as well, and brute forces combinations of 4 dictonary words.

Pretty much no. One of the reasons is that the attacker (if you used the oxford dictionary) and he decides to use this full english dictionary for cracking as well, he might be busy for quite a while ;) Second and quite more important: An attacker typically does not brute-force that way. If you are specifically targeted and the motivation is enourmous he might go for that approach but if you are, theres 2FA and so on. Most likely attackers in different scenarios use different forms of wordlists and if you did your random correctly there is very little chance your sentence will be in someones wordlist.

This all, off course, does not apply to people actually using a password manager everywhere (at least in some way). If you do so you could simply ask it to generate a 'random' 35 characters long password with every possible strange and hard to remember character and then save it. But since you asked this way I assume you don't want or cannot do it for some reason.

Tobi Nary
  • 14,352
  • 8
  • 44
  • 58
Ben
  • 2,024
  • 8
  • 17
3

I'd check out EFF's Dice page: EFF Dice

This technique works for a master password, then just use randomly generated passwords for everything else. Stringing together 6 (or more) truly random words from the above link, can be a little difficult to remember initially. I wrote them down on a small whiteboard while at home and just glanced at it throughout the day, using whatever technique is required to memorize it. Once memorized, I erased the whiteboard. The passphrase works great...and it's crazy long :)

vim_usr
  • 31
  • 1
2

The other answers make two very important points.

  1. Password reuse is the bigger issue

  2. Password managers are the ideal solution

I recommend the above when possible. But I have found situations where I needed to provide a secure but easy to remember password for somebody, for which the 4 word method is ideal.

If you try to provide 4 random words, it might not be very random. A color is very likely to be one of the words, as is food, animals, and other common nouns. While there is a million words in the english language, you could very easily come up with a very predictable password. So for instance Conor Mancone's suggested a dictionary of 7776 words, but a simple 4 word password could be cracked using a list of 1000 words or even less, such as yellowcatrunaway.

My advice for using secure 4 word passwords is to use uncommon words, and it bears repeating, never reuse your password.

Goose
  • 1,384
  • 1
  • 11
  • 17
  • 2
    Conor's advice is to pick words randomly from a 7776 word dictionary using a suitable entropy source (such as dice) (see [diceware](https://en.wikipedia.org/wiki/Diceware)). His estimate is accurate. Using uncommon words doesn't change the estimate as the threat model assumes the attacker knows the word list. – AndrolGenhald Aug 29 '18 at 14:56
  • @AndrolGenhald Ah I see. I thought he was talking about from the view point of the attacker, not the viewpoint of the person creating a password. I will edit my answer. – Goose Aug 29 '18 at 16:05
  • [Afourwordsxkcd](https://xkcd.com/936/) – mviereck Aug 29 '18 at 18:02
0

Yes, The four words give a good long password with plenty of entropy (assuming you chose them randomly).

I use a 4 word pass generator for all my passwords. They are really handy because you can remember them for a short time, easily type into your phone or tell someone else in the office.

Of course everything people have said about password managers and password reuse is true, and I always use one of those as well - as has been said, but it worth repeating, password reuse is bad bad bad

mcfedr
  • 162
  • 4
0

Using a password manager is great advice (that I follow), but we inevitably have to compose passwords sometime. To actually answer your question: try Bruce Schneier's method:

My advice is to take a sentence and turn it into a password. Something like "This little piggy went to market" might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary. Of course, don't use this one, because I've written about it. Choose your own sentence -- something personal.

So How can I make a strong password that's easy to remember? becomes HcIma$TRONGpte2r? or similar. I'd still consider that a bit short, so just think of a longer sentence. In fact, you could type a whole sentence, and sometimes I do just that! However, you're often unfortunately limited in password length.

Personally, I tend to base my password sentences off of mental rants, such as the stupidity of the password policies in question. The emotion aids my memory.

Just make sure not to use anything that's ever been published - not a book quote, a Bible verse, movies, idioms, etc. It needs to be your from your own brain.

bendodge
  • 161
  • 3
0

How can I make a strong password that's easy to remember? Is the 4 Word method safe?

An easy to remember password is at a disadvantage compared to a dozen random letters, some uppercase, combined with punctuation and numbers - but certainly easier to remember and practically secure. The four words should make an unusual sentence. More are better.

Using PasswordMeter.com to check the strength of a password gives this result:

Password: "Googleisyourmother'sname." - Score: 100% - Complexity: Very Strong

HowSecureIsMyPassword.net claims: "It would take a computer about 15 octillion years to crack your password".

Giving away my secret I try Password.Kaspersky.com which says: "⚠️ There are widely used combinations. Your password will be bruteforced with an average home computer in approximately 10000+ centuries. You can find the Answer to the Ultimate Question of Life, the Universe, and Everything in that time."

A relatively simple passphrase can provide a sufficient level of security and still be easy to remember, just use a different password for each site. Adding a number to the end is helpful.


Google's account help: "Create a strong password" offers some tips for memorable passwords:

  • Step 1: Meet password requirements

    Make your password with 8 characters or more. It can be any combination of letters, numbers, and symbols.

    You can't use a password that:

    • Is used by many other accounts

    • You've used before on your account

  • Step 2: Follow tips for a good password

    A strong password is nearly impossible for someone else to guess. Follow these tips to learn what makes a good password, then apply them to your own.

    Use letters, numbers & symbols

    • Combine different types of characters

    Use a mix of alphanumeric characters (letters and numbers) and symbols:

    • Uppercase (capital) letters. Examples: A, E, R

    • Lowercase (small) letters. Examples: a, e, r

    • Numbers. Examples: 2, 6, 7

    • Symbols and special characters. Examples: ! @ & *

  • Recommendations & examples

    Replace letters with numbers & symbols: Choose a word or phrase and use numbers and symbols instead of some letters. Examples:

    • "Spooky Halloween" becomes "sPo0kyH@ll0w3En"

    • "Later gator" becomes "L8rg@+0R"

  • Abbreviate a sentence: Come up with a sentence and use the first letter of each word.

    Example:

  • "Uncle Peter always ate chocolate-covered everything" becomes "uP@8cCe!"

    Use long passwords: Long passwords are stronger. Since spaces are allowed, you can use memorable phrases or words from your favorite songs, poetry, or quotes. Example:

  • "an 0pen <3 = an 0pen MIND"

  • "It's a long way 2 the ^ if U wanna Rock&Roll"

  • "From time to time, The clouds give rest To the moon-beholders"

  • Avoid personal information & common words

  • Don't use personal information

    Avoid using information that others might know about you or could easily find out. Examples:

    • Your pet's name

    • Your nickname

    • Your street name

  • Don't use common words

    Avoid simple words, phrases, and patterns that are easy to guess. Examples:

    Obvious words and phrases like "password" or "letmein"

    Sequences like "abcd" or "1234"

    Keyboard patterns like "qwerty" or "qazwsx"

    Any examples in this article, like "sPo0kyH@ll0w3En" or "uP@8cCe!"

  • Don't reuse passwords
Rob
  • 530
  • 1
  • 3
  • 13
0

Passwords should always be randomised regardless of the fact that whether you should be able to remember them or not, I recommend you to generate a password of greater entropy which would make brute-force attacks practically infeasible or almost impossible.

Entropy

Entropy is basically the degree of randomness so basically you can type in random special characters, numbers and letters without following a specific pattern for example - " cvg*@3#5£22@_-+()czBbd*$" could be a good choice for your sensitive accounts since it has considerable entropy which makes it hard to be brute-force feasibly. Because, you can have so many permutations and combinations of these characters which also contain upper and lower case letters,numbers and special characters as well.

Use a trusted password manager

If you feel like being unable to remember or lose passwords, you can go for a password manager like lastpass or 1password to help manage your passwords without the hassle of making your passwords more comprehensible and less random in order to remember them , which would in turn make it easily brute-forcible.

A Khan
  • 67
  • 5
-4

Why can't we just remember an algorithm for our passwords? Instead of remembering the password, we could generate it every time using our algorithm. It could also easily be written down somewhere in, for example, a symbol language.

Example- Let's say our algorithm is {vowels in name of service site in small} + {consonants of my username in capital} + {count of number of consonants in service site} + *&

Now, for gmail and if my username is username then my password comes as (ai+SRNM+3+&) = aiSRNM3&

The length and complexity depends on our algorithm, and it's almost impossible to reverse the algorithm back to the original password.

Instead of reusing password, reuse the algorithm.

xorist
  • 870
  • 4
  • 15
  • 1
    You could use this trick when there's a password reminder text. Without that, unless you use this algorithm everywhere, it's difficult to remember. And the password length is pretty short on your example too. Consider adding more chars, way more chars... – ThoriumBR Aug 29 '18 at 17:40
  • 3
    Many people use the same username in many places, and I wouldn't be so quick to assume that the algorithm is difficult to reverse engineer (and of course if it becomes a popular algorithm it'll be more obvious). Also, if you want to use the same algorithm everywhere, you'll have trouble changing passwords in case of a breach. – AndrolGenhald Aug 29 '18 at 17:55
  • 2
    You are describing a "password pattern" and that concept has known weaknesses. It's only secure if no one knows or figures out your pattern. For instance, if you personally use this algorithm, then I now can log into every site for which you have an account. – schroeder Aug 30 '18 at 12:09
  • 1
    I used to use something like this (it was actually password = SHA1 hash of site-name + master password). It breaks down as soon as the site has a breach, and forces a password reset. – Martin Bonner supports Monica Aug 30 '18 at 15:04
-4

There seems to be a lot of misinformation in this thread.

You don't know how the password is being stored so many answers here are making a lot of assumptions. As always, your biggest security issues are A) your computer is already compromised, B) the pathway to communicate is compromised, C) the server itself is compromised.
A--it doesn't matter what the password is, you've already lost if you're entering it plaintext. B--try not to get phished and be aware if site is weird--still if you enter your password it's still game over.
C--this is where the security over a well-selected password now matters. You have no idea how they are storing the password, in theory they use some reasonable security measures. So how do you avoid your password from being high risk? From here we're going to assume the password is stolen via the server, not your local computer. It's quite obvious if your plaintext password is stolen and you use the same one, everything else that uses the same password is now vulnerable as well. (But if you were infected locally, you could have had all those passwords sniffed too)

So let's look at it from the server-side, how do we avoid being in the high risk group? 1) Don't re-use the same password everywhere.
1.b) I think password managers are a bad idea, you're now entrusting a 3rd party application for something...more middlemen, more problems. 2) Don't use a password that other users are also using. 3) Because of 2, don't use a very short password. 3.b) Because of 2, try to use many different characters. It's very dumb sites force capitals and numbers, it really does not matter how large the character set/'alphabet' is. It's just easier for non-technological folks to make a securer password as they'll likely choose "password1234" if given the opportunity.

So your chosen password is run through a hashing/encryption algorithm to result in a unique string of characters that have no immediate bearing to the original password. Programs meant to find passwords are looking for the lowest hanging fruit--a whole bunch of people's passwords in large systems are going to hash to the same hash...because they're the same or extremely short and similar. If they get access to the system and with enough time it's possible the entire system's passwords are exposed or most of them.

Assume they used good methods that they are left with a brute force attack is necessary which is the real meat of the question. Ten thousand or so dictionary words people know, 10000^4 = 1e+16 combinations. Let's assume 200 billion hashes per second as per the other answer and we're around 5-6 hours to crack it. HOWEVER, there are assumptions to this. They are attacking your password specifically and made the assumption to specifically target using a dictionary attack. Not only a dictionary attack but exactly 4 words! Even capitalizing or adding a number, punctuation, etc. all of these things break our givens which then results in the generalized case of here's about 20-30 characters, good luck you're never cracking it anytime soon.

In short, using 4 not related dictionary words has enough entropy to work for most applications. For mission critical things, I would not recommend this--use at least 16 randomly generated characters. For your personal e-mail, 4 unique words assures you're mostly covered from both a hack situation as well as not losing your account because the password is lost for good. Mission critical things usually already have a real disaster plan in the case access is lost and that's a whole other situation than keeping people out of your private things.

Steve
  • 1
  • As for "mission critical", there's a meme that goes around (I have no idea if it's true) that for a long time, the launch code for US nuclear missiles was `00000000` because you *really* don't want a nuclear launch delayed because someone can't remember the password. Of course, their primary security measures lay and lie elsewhere. **Moral of the story:** what you need depends on the use case! – user Aug 29 '18 at 19:45
  • 5
    The question is asking about how to choose passwords - points A and B aren't really relevant to that. And I think trying to combine: Don'tUsePasswordManager + Don'tResusePasswords + MakePasswordsLong + UseLotsOfUniqueCharacters isn't really feasible. If you're *that* worried about a password manager's security, download the source code for KeePass, verify its integrity manually, and then compile it. – Kevin Aug 30 '18 at 13:58
  • 2
    The people who are entrusted with protecting the security of the British government and the US government don't agree with you about password managers. Both NCSC (UK) and NSA (US) recommend the use of password managers. Yes, it means you have to trust the app, but the risk is still lower than the alternatives. – Martin Bonner supports Monica Aug 30 '18 at 15:02
  • @Kevin You say it's not about that but that's exactly the question. How do you choose a password? Well here's where you're actually gaining security as opposed to just thinking 'these are good ideas and accepted practices'. That's really funny about the launch codes, it's really about use-case and doing something reasonable that doesn't have a huge logical failure in it (guessable with a basic assumption to lower the search space). it's easier than you think to poison a download...who checks file hashes? NSA is a whole nother world, every pw is unique+strong always. – Steve Aug 30 '18 at 15:48
  • The question is "Is the four dictionary word method secure?" That doesn't have *anything* to do with whether your computer you're typing the password into is infected, nor does it have *anything* to do with man in the middle attacks. The question is simply about the method used to generate a password - and whether it's secure. – Kevin Aug 30 '18 at 18:18
-6

The 4-word method is good but after a while, one may forget those words. Personally, I think that an encryption which is not too hard to remember might be useful. For example, you could substitute every letter of say, your favorite food like pizza for a number corresponding to the letter so p will become 16, I will become 9, Z will become 26 and so on. What you end up with is a brand new password. 16926261 for pizza.

Another method is shifting all letters to the left so A will become B, B will become C, and so on and Z will become A.

So a word like Movie will become NPWJF and you can add a 123 at the end always so the new password is NPWJF123.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Quark-epoch
  • 101
  • 1
  • 3
    If `rot13` isn't secure enough for you, I'd suggest dual rounds of `rot13` for security! – FreeMan Aug 29 '18 at 16:43
  • 1
    Unfortunately this doesn't really get you very far. With passwords length is more important than complexity. Your suggestion provides complexity, not length, and isn't really easy to remember anyway. The answers here will provide a lot of helpful reading: https://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase – Conor Mancone Aug 29 '18 at 16:49
  • Hmmm... Ok,,, you are right – Quark-epoch Aug 29 '18 at 17:02
  • 2
    I guess it's easier to remember 4 words than to remember how I shifted chars on a random arbitrary word I used when I created this password 3 months ago... – ThoriumBR Aug 29 '18 at 17:36
-6

I use a few tricks to harden my passwords:

1) Misspell the words. This will make them impervious to dictionary lookup attacks. Choose an alternate spelling that's memorable. (And being naughty or silly will help make your neologism terms more memorable).

2) Add a suffix to the password that is specific to each website to make it unique and easier to remember, like "FeeFieFumGoogel" or "GueyBlooeeFasebook".

3) Throw in a punctuation character that you like, like a leading or trailing ! or # or _, or use it to separate your words.

4) Uppercase each word in your series of words. Or better yet, uppercase only the last letter of each word.

Randy
  • 89
  • 1
  • 1: Maybe. 2: You're suggesting using the same password with only a different suffix on different sites? That's almost as bad as using the same password! Now an attacker who finds one password just has to try a few variations of "googol", "googel", etc. 3: Somewhat useless. A trailing "!" is probably the most common way to comply with symbol requirements, and it's a good bet the symbol will be at the end, or maybe at the start. Putting it between words isn't a bad idea, but unless you're using multiple different _random_ symbols it doesn't do much. 4: Basically useless. – AndrolGenhald Aug 29 '18 at 19:41
  • 6
    "dictionary" attacks do not just mean "Oxford Dictionary" attacks - many password "dictionaries" include misspellings – schroeder Aug 29 '18 at 21:48
  • 2
    @schroeder this is very, very important. I see a lot of people who think that "dictionary attack" just means "take the word as is, try in in the password field" whereas I don't know if this was ever the case. The first time I saw a brute force algorithm at work was almost 20 years ago and it would try "password" but also "passw0rd", "pa$$word", "pa$$w0rd", etc, etc. It also did misspells, misstypes (e.g., swapping letters), different capitalization, and appending common things to the end - "password123" and "password". – VLAZ Aug 30 '18 at 06:30