5

I assume that it was considered at one point, and that there's a good reason for not doing it, I'm just curious as to why. I'm sure that there are many people who struggle to remember a single password for a site, but aside from that, would requiring two or three passwords to login to a website really enhance security, or would you gain a similar benefit by just increasing your password complexity?

Glen Despaux Jr
  • 171
  • 4

3 Answers3

7

It depends what you mean by "enhance security". On the one hand, yes, it's more pieces of information for a thief to steal, but on the other hand, if they can steal one password, chances are they can steal all your passwords.

For a great discussion on multi-factor authentication see this answer. by @tylerl.

The Cole's Notes is: we like to have multiple authentication elements which

fall under different categories with respect to "something you have", "something you are", and "something you know".

Having authentication elements from more than one category (ex.: a password and a fingerprint, or a password and an SMS code on your phone) is properly called multi-factor authentication, while having multiple elements from the same category is called mutli-step authentication.

  • Stealing "something you know" typically requires planting a keylogger or file sniffer on your computer, watching you type your passwords, stealing the paper you wrote it down on, etc.

  • stealing "something you have" typically requires lifting something from your office after hours, stealing your laptop bag with the key gen token in it, etc

  • stealing "something you are" typically requires some kind of access to your biometrics.

So having multiple elements from the same category does add some barrier to theft, but not much since stealing all the passwords is not much harder than stealing one password, stealing all the physical objects is not much harder than stealing one physical objects, etc. Usually the inconvenience far outweighs the added security. It's much better to require thieves to perform a data theft and a physical theft, etc.

Community
  • 1
Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209
  • Thanks! I use TFA on a few sites, I guess I just never equated it to the multiple passwords idea since it uses different(better) methods. Great info – Glen Despaux Jr May 18 '15 at 15:16
  • 2
    @GlenDespaux At the end of the day, bits are bits. Any 2FA method which doesn't generate a new code for each login is basically equivalent to a password. Also: for an example of **what not to do** see **Banks**; asking for a password and then the name of your first pet is completely useless. – Mike Ounsworth May 18 '15 at 15:29
  • 1
    @Mike At this point, some banks are actually beginning to implement real 2FA, so "banks" by itself may not be the best example anymore. – cpast May 18 '15 at 15:45
  • @cpast That's great. I look forward to not being able to use this example anymore, unfortunately the banks I use still ask me dumb Security Questions :( ... (and the phone verification process of "tell me a recent purchase, and the type of account you have" doesn't add _anything_ above "can you log into the account?".) – Mike Ounsworth May 18 '15 at 16:20
  • @MikeOunsworth I could see an additional benefit where by requiring that the two passwords are different, you may mitigate the case where a user uses the same password across multiple websites. Thus if password 1 is compromised from a 3rd party compromise and not a client attack, an attacker still has to determine password 2. – amccormack May 21 '15 at 13:40
  • @amccormack Agreed. You can certainly construct circumstances in which multiple passwords makes sense. Multiple passwords is not inherently a bad idea, and it does add some security, just not as much as proper two-factor (2FA). – Mike Ounsworth May 21 '15 at 14:09
  • Using "two passwords" is not two pieces of information. Two 10 character passwords is exactly the same from a security standpoint as one 20 character password--the only difference is that it's slightly harder to type in. If it's ambiguous where the large password would be split, that adds a couple more bits of entropy, but far less than would be added by even a single extra character on the end. – GrandOpener Oct 25 '16 at 13:02
  • I was responding to some of the other comments here. I completely agree with your original answer. – GrandOpener Oct 25 '16 at 13:11
2

The main concern with implementing multiple passwords is that users tend to have a hard time remembering one password, and adding more just makes it more likely that they will start writing down each of them, netting you with a loss of security.

Besides, even if they don't write it down, there is still a single point of failure and multiple passwords will not protect you against the most common ways to steal them, being shouldersurfing, Man-in-the-Middle and a databreach.

Third, what is to stop a user from using Passw0rd, Pa$$word and P@ssword or something similar along those lines? They will be very inclined to use variations of the same password or use the same combination they used on a different website that would implement the same thing.

All in all passwords are not really as secure as most people think, and are mostly there as a hurdle for the common threats, but are in no way perfect. The implementation of the multiple-passwords-concept that does seem to increase the security is 2FA.

Voidpaw
  • 131
  • 4
0

Having a double/triple password makes the login process more cumbersome for users and offers no additional security because once the client machine or the server is compromised, the attacker has access to all passwords; it doesn't make any difference if the user has one or two or three passwords to login.

What actually increases security is multi-factor authentication.

Note that a "secret question" in addition to a password is not a multi-factor authentication.

dr_
  • 5,109
  • 4
  • 20
  • 30