Weirdly enough I have studied the field of passwords vs. passphrases over the past few months. Let me first quote from the article then present some interesting research-based conclusions.
From the article
Both passwords and passphrases can be secure, and if you are using a password manager, the security and usability differences between passwords and passphrases will not be significant. However, if you are setting a password that you must remember by heart, for usability reasons, we recommend using passphrases.
I agree with this statement. I believe that, in the current world we live in where credentials are “something you know” plus sometimes “something you have” (two-factor authentication), that you should use a password manager for the vast majority of passwords and generate them randomly, then use secure passphrases for a handful of frequently used accounts (e.g. company logins).
Use a unique passphrase for every account you own. That way, if one passphrase is ever exposed, the other accounts remain secure.
Regardless of whether you use passwords or passphrases, it is simply not possible to memorize something genuinely unique for every account that you own. I just opened my 1Password to check: I have 490 credentials. Who can memorize 490 passwords? Not me. I think the article means “Use a unique passphrase for every critical account that you could not survive without if you lost access to your password manager.”
Research
In [1] passphrases and passwords were forgotten at similar rates, if a system assigns them at random in order to prevent low-entropy secrets, and attempting to use pronounceable passwords or memory aids did not help. However I noticed they used a very old method of generating pronounceable passwords [2], and I thought that maybe there was new research or methods into doing so.
Implementation
A few months ago I spotted [3] whose technique is quite ingenious:
Scrape a large body of text for a language. In [3] they use Google Ngrams, to be different I processed Wikipedia [4].
Create a language model based on the body of text.
Find the top 1024 occurring three-letter prefixes for words. 1024 = 2^10.
To generate a secure passphrase of 70 bits, pick 7 prefixes, then use the language model to piece together a likely sequence of words for those prefixes.
This password is shorter to type in than a full passphrase because it is “only” 21 letters (with a digit and symbol thrown in), but it is easier to memorize than an equivalent random 21 character password. [1] found that the length of a passphrase increases the error rate of entry and retention.
I took this approach and made an app called EzMemPass for iOS [5] and Android [6], it’s free to use. I use it for my critical accounts. I find that with repetition (using the password twice a day for seven days) I can memorize 70 bit passwords for a long period of time.
There are improvements I can make to the app:
More languages with better language models.
I’m also interested in research into spaced repetition [7] and I know that offering reminders at strategic intervals would improve the retention of these passphrases. I’m not the first one to think of this [8]. I’m curious if people would like this as a paid option but based on some minor user research it seems like the field of “I need secure, easy to memorize passwords with research-based memorization prompts” is…non-existent.
The only way to “settle” is to forget about passwords entirely. I can fully control a remote machine using public key cryptography without ever having to deal with dirty passwords. Why cannot I read my webmail or buy stuff from an online shop? It is ridiculous that in the age of public key crypto we are still using passwords.
Do you think that non technical users can and will use public key crypto? I mean, I guess they are every time they visit a site with an https:// in the URL.
Is it just that the right tools haven’t been found yet? I was on a call with HYPR a few days ago (disclaimer, we’ve done some work integrating with their solution): https://www.hypr.com/why-hypr/ and it seems pretty sweet, but then we move from securing knowledge to securing devices.
I doubt they will be able to manage private keys well.
Servers indeed are doing that now with HTTPS, but we expect server admins to be a little better at these things. And they still fail more often than we would like. IIRC, HPKP was deprecated because it was too easy for sysadmins to get wrong, or to have used against them by malicious actors, rendering their domain semi-permanently inaccessible. Are we going to expect casual users to do better than them?
Casual users may have even messier use cases. Say you have 5 devices that you want to be able to access all of your accounts from. Now you’d have to register all 5 public keys with every service you want secure access to. And correctly manage dropping the right key from all of them if you lose or discard a device, and add one to all of them if you get a new device.
Build the protocol into the browser, have it manage your key. Browser vendors can even store an encrypted version of your key on their servers (optionally) to allow you to regain access if you lose it/sync to multiple devices.
Edit: Like BitID but instead of using a bitcoin private key you use any other type of private key, and it’s in your browser instead of in another app.
You would still have to synchronize the private key between your devices. And even if nowadays you browser can sync itself across devices, it is done through an online account. Secured with a password.
Passwords are going to last, because they are immaterial, so you can have them with you at all times “just” by remembering them. Physical private keys are too complex to manage, and to easy to lose, thus locking you out. The last option we have is biometrical identification which would be easier for everyone (nothing to remember, everything with you at all times), but this is a further step in the privacy field…
Weirdly enough I have studied the field of passwords vs. passphrases over the past few months. Let me first quote from the article then present some interesting research-based conclusions.
From the articleI agree with this statement. I believe that, in the current world we live in where credentials are “something you know” plus sometimes “something you have” (two-factor authentication), that you should use a password manager for the vast majority of passwords and generate them randomly, then use secure passphrases for a handful of frequently used accounts (e.g. company logins).
Regardless of whether you use passwords or passphrases, it is simply not possible to memorize something genuinely unique for every account that you own. I just opened my 1Password to check: I have 490 credentials. Who can memorize 490 passwords? Not me. I think the article means “Use a unique passphrase for every critical account that you could not survive without if you lost access to your password manager.”
ResearchIn [1] passphrases and passwords were forgotten at similar rates, if a system assigns them at random in order to prevent low-entropy secrets, and attempting to use pronounceable passwords or memory aids did not help. However I noticed they used a very old method of generating pronounceable passwords [2], and I thought that maybe there was new research or methods into doing so.
ImplementationA few months ago I spotted [3] whose technique is quite ingenious:
2^10.I took this approach and made an app called EzMemPass for iOS [5] and Android [6], it’s free to use. I use it for my critical accounts. I find that with repetition (using the password twice a day for seven days) I can memorize 70 bit passwords for a long period of time.
There are improvements I can make to the app:
- More languages with better language models.
- I’m also interested in research into spaced repetition [7] and I know that offering reminders at strategic intervals would improve the retention of these passphrases. I’m not the first one to think of this [8]. I’m curious if people would like this as a paid option but based on some minor user research it seems like the field of “I need secure, easy to memorize passwords with research-based memorization prompts” is…non-existent.
References[1] Shay, Richard, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicolas Christin and Lorrie Faith Cranor. “Correct horse battery staple: exploring the usability of system-assigned passphrases.” SOUPS (2012).
[2] Gasser, Monika. “A Random Word Generator for Pronounceable Passwords.” (1975).
[3] https://github.com/rmmh/abbrase
[4] https://github.com/asimihsan/word-frequencies
[5] https://apps.apple.com/us/app/ezmempass/id1490538369
[6] https://play.google.com/store/apps/details?id=com.asimihsan.ezmempass
[7] https://www.gwern.net/Spaced-repetition
[8] Blocki, Jeremiah, Saranga Komanduri, Lorrie Faith Cranor and Anupam Datta. “Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords.” ArXiv abs/1410.1490 (2015): n. pag.
The only way to “settle” is to forget about passwords entirely. I can fully control a remote machine using public key cryptography without ever having to deal with dirty passwords. Why cannot I read my webmail or buy stuff from an online shop? It is ridiculous that in the age of public key crypto we are still using passwords.
Do you think that non technical users can and will use public key crypto? I mean, I guess they are every time they visit a site with an https:// in the URL.
Is it just that the right tools haven’t been found yet? I was on a call with HYPR a few days ago (disclaimer, we’ve done some work integrating with their solution): https://www.hypr.com/why-hypr/ and it seems pretty sweet, but then we move from securing knowledge to securing devices.
Something has to hold the private key, after all.
I doubt they will be able to manage private keys well.
Servers indeed are doing that now with HTTPS, but we expect server admins to be a little better at these things. And they still fail more often than we would like. IIRC, HPKP was deprecated because it was too easy for sysadmins to get wrong, or to have used against them by malicious actors, rendering their domain semi-permanently inaccessible. Are we going to expect casual users to do better than them?
Casual users may have even messier use cases. Say you have 5 devices that you want to be able to access all of your accounts from. Now you’d have to register all 5 public keys with every service you want secure access to. And correctly manage dropping the right key from all of them if you lose or discard a device, and add one to all of them if you get a new device.
Build the protocol into the browser, have it manage your key. Browser vendors can even store an encrypted version of your key on their servers (optionally) to allow you to regain access if you lose it/sync to multiple devices.
Edit: Like BitID but instead of using a bitcoin private key you use any other type of private key, and it’s in your browser instead of in another app.
You would still have to synchronize the private key between your devices. And even if nowadays you browser can sync itself across devices, it is done through an online account. Secured with a password.
Passwords are going to last, because they are immaterial, so you can have them with you at all times “just” by remembering them. Physical private keys are too complex to manage, and to easy to lose, thus locking you out. The last option we have is biometrical identification which would be easier for everyone (nothing to remember, everything with you at all times), but this is a further step in the privacy field…
Mozilla tried this with Persona (née BrowserId), and it did not take off.