There's no shortage of advice around on how to choose passwords, but just about all of it I've seen is inadequate. It tells you what not to do, but there are often problems in following the suggestions on what you should do. My apologies if this topic seems a bit afield for a Kubuntu forum, but this seems like a good place to ask the question.
I'm no security expert, but it seems to me that password attacks have to follow one of two strategies: exhaustive search or sophisticated limited search. Dictionary attacks and attacks based on knowledge of the user, like her birthday, are sophisticated limited search. It's hard to see how the two strategies can be combined, although they certainly can both be used independently and possibly interleaved. Any password-invention strategy has to consider what it's defending against.
Here' what I see as the criteria for a good password-invention strategy:
1. It should work for creating a large set of passwords, not for just one. I'm not unusual in having perhaps 30 sites I use where I care about the security of the passwords, and many more where I don't care much about it. (For the ones where security doesn't matter, a single password probably suffices -- not to worry if it's stolen.)
2. If one password in the set is compromised, the others should remain invulnerable. Passwords can be and often have been compromised through no fault of the user, e.g., stolen.
3. It should not require a good memory but should not depend on writing anything down.
4. It should account for the fact that different website have different criteria for valid passwords. For instance, some sites require a password to contain at least one non-alphabetic, non-numeric character, while other sites reject passwords with such characters. Minimum and maximum valid password lengths also vary.
5. It should work on multiple machines, including ones only temporarily accessible.
6. It should somehow be able to cope with periodic changes to the passwords, though it should not require changing all of them at once.
Algorithmic password generators are not adequate because of criterion 1. The most promising strategies seem to use some kind of mental generating strategy, like partly basing each password on the URL of the website to which it applies. An example of such a strategy would be to create passwords by having passwords consisting of word 1 followed by the first three letters of the URL in reverse order followed by word 2, probably with some fixed leavening of digits and special characters. I'm unsure, however, of how secure such passwords would be in the face of an attack based on knowledge of another one of the user's passwords. If the relationship of the middle component to the URL can be inferred, then the other passwords become insecure.
My own strategy has been to create a written list, but that has several disadvantages. I'm not so concerned about the list being stolen, since it's unlikely that a housebreaker would be interested in it.
But the portability problem is significant; it's quite inconvenient always to have it on my person.
Are my criteria too demanding? Not demanding enough? Some combination of these? And what strategy might meet the criteria? I'd be interested in the thoughts of others on this topic.
I'm no security expert, but it seems to me that password attacks have to follow one of two strategies: exhaustive search or sophisticated limited search. Dictionary attacks and attacks based on knowledge of the user, like her birthday, are sophisticated limited search. It's hard to see how the two strategies can be combined, although they certainly can both be used independently and possibly interleaved. Any password-invention strategy has to consider what it's defending against.
Here' what I see as the criteria for a good password-invention strategy:
1. It should work for creating a large set of passwords, not for just one. I'm not unusual in having perhaps 30 sites I use where I care about the security of the passwords, and many more where I don't care much about it. (For the ones where security doesn't matter, a single password probably suffices -- not to worry if it's stolen.)
2. If one password in the set is compromised, the others should remain invulnerable. Passwords can be and often have been compromised through no fault of the user, e.g., stolen.
3. It should not require a good memory but should not depend on writing anything down.
4. It should account for the fact that different website have different criteria for valid passwords. For instance, some sites require a password to contain at least one non-alphabetic, non-numeric character, while other sites reject passwords with such characters. Minimum and maximum valid password lengths also vary.
5. It should work on multiple machines, including ones only temporarily accessible.
6. It should somehow be able to cope with periodic changes to the passwords, though it should not require changing all of them at once.
Algorithmic password generators are not adequate because of criterion 1. The most promising strategies seem to use some kind of mental generating strategy, like partly basing each password on the URL of the website to which it applies. An example of such a strategy would be to create passwords by having passwords consisting of word 1 followed by the first three letters of the URL in reverse order followed by word 2, probably with some fixed leavening of digits and special characters. I'm unsure, however, of how secure such passwords would be in the face of an attack based on knowledge of another one of the user's passwords. If the relationship of the middle component to the URL can be inferred, then the other passwords become insecure.
My own strategy has been to create a written list, but that has several disadvantages. I'm not so concerned about the list being stolen, since it's unlikely that a housebreaker would be interested in it.
But the portability problem is significant; it's quite inconvenient always to have it on my person.
Are my criteria too demanding? Not demanding enough? Some combination of these? And what strategy might meet the criteria? I'd be interested in the thoughts of others on this topic.
Comment