back to article Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

HashCat, an open source password recovery tool, can now crack an eight-character Windows NTLM password hash in less time than it will take to watch Avengers: Endgame. In 2011 security researcher Steven Meyer demonstrated that an eight-character (53-bit) password could be brute forced in 44 days, or in 14 seconds if you use a …

  1. Will Godfrey Silver badge
    Happy

    Interesting

    I just had a look at some of my old email list ones - mostly 12-15 characters, and one for shopping (long since expired) was:

    1 or MORE stupid requirement!

  2. Bush_rat

    The Usual Response...

    *Use passphrases, not words, "AworldinwhichIdieonTuesday" is stronger in basically every way when compared to "trump3t"

    *Make them nonsensical, mix case and use word and numeral representations, "TacosEngraveSixFlying9s" over "tacosengrave6flying9s" or "tacosengravesixflyingnines"

    *Throw some punctuation and grammar in, "WhyIdon'tmindifU2!"

    *And then use a local, opensource passphrase manager without cloud syncing or cloud backups.

    1. Baldrickk

      Re: The Usual Response...

      If you use a password manager, (last step) all the preceding steps are useless - use long random passwords instead - you don't need to remember them.

      1. Anonymous Coward
        Joke

        Re: The Usual Response...

        For kicks, I'm thinking of using the bitcoin addresses from the large amounts of blackmail spam that I now receive, courtesy of LinkedIn's incompetence, for use as 'random' passwords.

      2. jason 7

        Re: The Usual Response...

        Yeah who manages the password managers? Didn't one get hacked a few weeks after i raised this very question a couple of years ago?

        I'd rather not. I keep mine on paper hidden in a book. That way the hackers at least have to have the balls to break into my home to get them.

        I also use 16+ digit (usually around 25) passwords if the damn site/system will let me.

        1. CAPS LOCK

          This ^^ is the correct answer.

          The reasons why are left to the reader as an exercise. Clue: you might be run over by a bus.

        2. Pascal

          Re: The Usual Response...

          I still don't like them either but typical password managers now encrypt passwords on your end before storing them and your one master password that you need to remember is used to encrypt the key.

        3. PickledAardvark

          Re: The Usual Response...

          "I'd rather not. I keep mine on paper hidden in a book."

          My sister's husband followed my advice to record his passwords in a private notebook. When he died in an accident, we recovered the passwords for his business and private investments. My sister would not have been affected immediately -- enough money around in current joint accounts. But the business could not have traded without stuff being written down.

      3. jmch Silver badge

        Re: The Usual Response...

        "If you use a password manager, (last step) all the preceding steps are useless - use long random passwords instead - you don't need to remember them."

        Those previous steps are still useful to generate a master password for the password manager

    2. Cuddles

      Re: The Usual Response...

      "Throw some punctuation and grammar in"

      Decent advice up to this point, but despite being all too common this is a terrible idea. Unless you're using a password vault (which as Baldrickk notes makes any rules about passwords basically irrelevant), a password needs to serve two equally important purposes - it needs to be secure, and you need to be able to remember it. Throwing in even fairly simple obfuscation like punctuation, odd grammar, replacing o with 0, and so on, does very little to increase security but makes things virtually impossible to remember.

      The trick is to remember that there are far more words than there are characters. A random jumble of 10 alphanumeric characters has ~10^17 possible combinations*. Throw in a variety of punctuation and that goes up to ~10^19. The OED contains 171,476 English words currently in use (and a whole bunch more of obsolete, derivatives, and so on). A random selection of 4 words gives ~10^20 combinations. That's why the whole correcthorsebatterystable thing exists - just four words is better password than 10 random characters even if an attacker knows it's four words and attacks that rather than by character. 10 random words puts the possible combinations over 10^52, and is still easier to remember than a jumble of punctuation.

      Using meaningful sentences reduces that quite a bit, but greatly improves the ability to remember it while still leaving far more combinations than even the kind of longer random passwords generated by password managers.You just have to look at how many hundreds of songs, film quotes, famous sayings, and so on, the average person can remember. Admittedly that approach can make things a little more vulnerable to social engineering, but given that by far the biggest threat these days comes from mass leaks of credentials where an attacker has no idea what a given username/password combination's favourite song might be, that's a pretty small tradeoff for a massive boost to both password security and memorability.

      * Assuming no repetition, so essentially just n!/(n-m)!. Allowing repetition and variation in the exact character set might make an order of magnitude or two difference, but isn't really significant.

      1. katrinab Silver badge

        Re: The Usual Response...

        If it is commonly used words that you are likely to remember, then isn't it a lot less than that. The 171,476 words are in the 20 volume full edition of the Oxford Dictionary. You will find pretty much all the words you need in the pocket edition.

        1. Cuddles

          Re: The Usual Response...

          "If it is commonly used words that you are likely to remember, then isn't it a lot less than that."

          Or it might be a lot more. Merriam-Webster lists nearly 500,000 words, and apparently some counts put it at over 1 million. Even that 171k is only those listed as in common usage, the OED actually contains around 230k. Plus dictionaries generally don't include proper nouns, so there's a huge additional pool as soon as you start using names. The thing is, the exact number really doesn't matter. All that's important is that there are a lot more words than there are characters (that is the entire point of an alphabet after all) and that it's generally easier to remember longer combinations of them. Even if you assume people only use their own vocabulary and don't look anything up or use a generator, that's around 30,000 common words, and a random selection of four of them provides about the same number of possible combinations as 10 random characters.

          Essentially, there are two main factors involved in creating a strong password - length and character set. If you consider your character set to be actual single characters, you're limiting yourself to a few tens - basic alphanumeric gets you 36, adding cases and punctuation can push you up to maybe 100 at most. That means in order to get a strong password you need to make it long, and as this article shows the traditional 8 characters that still serves as a limit in many places simply isn't adequate.

          If you instead you use whole words as your character set, you're looking at orders of magnitude larger - around 30,000 for the average person's working vocabulary, potentially into the millions using dictionaries, names, slang, and other languages. With your working character set orders of magnitude larger, a password doesn't need to be as long - four words being about equivalent to a reasonable strength password made of random characters. Quibbling over exactly how much bigger the character set is just doesn't matter. Maybe it's only 20,000, maybe it's a million. Maybe you need 5 words instead of just 4, maybe even 3 is good enough. It's the qualitative difference that's matters; as long as your working character set is orders of magnitude larger, exactly how many orders of magnitude just isn't that important.

        2. J27

          Re: The Usual Response...

          Which is why my passwords are a combination of all 3 languages I speak. Learn some more languages! It's fun.

      2. tip pc Silver badge
        Paris Hilton

        Re: The Usual Response...

        mysobeit

        my 4 words still add up to 8 characters

        (how long before the reg have to put a dumb blond bloke icon on here)

      3. Robert Carnegie Silver badge

        Re: The Usual Response...

        Text has entropy, or something, of about 1 digital bit per letter: on average it's a fifty-fifty bet what the next character is. Some have more options, Q basically has no options - it's always u.

        I've been using two random numerals and six consonants (one capital), usually with a little verbal reminder: for instance PDL5HTZ8 I'd remember as "pendulum height" and the rest does come from memory. (This isn't a current password.) So maybe time to upgrade now. What's "safe"?

        1. Roland6 Silver badge

          Re: The Usual Response...

          >What's "safe"?

          Well clearly "PDL5HTZ8" isn't because it is only 8 characters, whereas "pendulum height" - 15 characters (or variants using a special character instead of the space character) is.

          However, if the website is using something other than NTLM then "PDL5HTZ8" is probably still "safe".

          1. Anonymous Coward
            Anonymous Coward

            Re: The Usual Response...

            "However, if the website is using something other than NTLM then "PDL5HTZ8" is probably still "safe"."

            I'm assuming that "safe" means "if the hashed password is found, it can not easily be recovered allowing other accounts that use the same password to be recovered or allowing other det".

            In which case, it is purely down to entropy. While numbers, case and symbols allow you to increase entropy, I would argue that anything less than 12 characters will not contain sufficient entropy to protect you if you are not using random text (i.e. anything containing dictionary words, guessable numbers combinations at the start or end, common character-to-symbol swaps etc) so look for 14+ characters.

            Also, corporate password rules (one or more numbers, one or more symbols and upper and lower case) can make a significant difference to password strength in a corporate environment. i.e. patterns like "Barclays2019!"

            As others have said, use a password manager with a long, complex password to make it hard for the address space to be easily searched. For everything else, use a random password generator with very long passwords (20+ characters of random noise) and save them in the password manager. If you're signing up to a website that you are unlikely to use again, use a 10-minute e-mail site to register fake details and a made up password you use once and then abandon.

            Unfortunately, this isn't being paranoid now, it's just avoiding the effort required to fix things when one of the websites you depend on coughs up your details :( If you're paranoid or think the government is out to get you (rather than everybody...) double the password lengths because you're likely trying to hide things for more than 5 years.

        2. Anonymous Coward
          Anonymous Coward

          Re: The Usual Response...

          According to my on-line Scrabble game, Qi is acceptable because it is another form of Chi.

        3. Shocked Jock

          Re: The Usual Response...

          Qatar, qat, Qantas, Iraq,...

          Q's options include "a" and a space.

      4. Stevie

        Re: The Usual Response...

        " it needs to be secure, and you need to be able to remember it."

        And the one they always miss: You have to be able to type it reliably without visual cues.

        Let's face it; everyone who has a short password likely started out with a longer one but all the retyping got old fast.

        1. BigBear

          Re: The Usual Response...

          "Let's face it; everyone who has a short password likely started out with a longer one but all the retyping got old fast."

          Not to mention being locked out of online access by your bank or credit card company until you call them. I'm getting older and my touch-typing of even real words isn't that reliable unless I watch my fingers. Thankfully, some sites now allow you to display the characters you type — presumably for when you are confident that no one will be able to see your display.

      5. Filippo Silver badge

        Re: The Usual Response...

        I'd love to use something like correcthorsebatterystaple everywhere. Unfortunately, dang near everything demands mixed case, symbols and numbers. At which point everyone picks a short password, because nobody can remember a long password with jumbled spelling. If I find whoever decided that mixed case, symbols and numbers were a good idea, I'll hit him with a dictionary.

        1. Someone Else Silver badge

          Re: The Usual Response...

          So? What would be wrong with 'correcthor5ebatterYstapl3"?

          Leetspeak can be your friend.

          1. Anonymous Coward
            Anonymous Coward

            Re: The Usual Response...

            The problem with a leetspeak spelling like that is that unless you have a good memory (and/or type the password frequently), there's a reasonable chance that you'll forget exactly which letters you leeted and which you capitalised, etc.

            I suppose a possibility to satisfy such password rules would be something along the lines of CorrectHorseBatteryStaple1234$, with the words always capitalised in the normal way, and always using the same number/symbol string on the end (for every password that requires that), so that you can remember it?

            (Of course, you can bet that every password cracking program nowadays will include a check for 'correcthorsebatterystaple' before it tries other long passwords anyway...)

            1. pdebarra
              Facepalm

              Re: The Usual Response...

              Gaaah, now I've to change my password for everything!

          2. Anonymous Coward
            Anonymous Coward

            Re: The Usual Response...

            "Leetspeak can be your friend."

            Your only friend is entropy. Leetspeak adds a similar level of entropy as one capital and a better approach is to add characters between the words as it increases the password length:

            i.e.

            Password Entropy bits

            correcthorsebatterystaple 93

            Correcthorsebatterystaple 114

            correcthor5ebatterYstapl3 120

            Correct$horse$battery$staple 130

            Correct$horse$battery$stapl9 136

            1337 may make a difference with brute force, but that's likely to be the last method used after dictionaries, rainbow tables and more intelligent patterns.

            Note that these are example passwords and I'm assuming for the example they aren't well known. All variants of these are likely to occur in decent dictionaries/rainbow tables meaning that even entropy won't save you.

          3. Stevie

            Re: Leetspeak can be your friend.

            What would be wrong with 'correcthor5ebatterYstapl3"?

            Two years later:

            Attempted & rejected password attempts:

            corr3cthor5ebatterYstapl3

            correcthor5ebatterY5tapl3

            corr3cthor5ebatterY5tapl3

            correcthor5ebatt3rYstapl3

            corr3cthor53batterY5tapl3

            (all the versions with inadvertent typos redacted for brevity)

      6. hmv

        Re: The Usual Response...

        It's true that adding in genuinely random punctuation will make it much harder to remember but adding in a punctuation character that is randomly selected once at the beginning of time does add a bit of value. It's worth remembering that if we suggest four random words, the average critter in the street will think "well two or three will be good enough" and they won't necessarily be well chosen words at that ("letmein" is three words but it's very far from uncrackable).

        I always point out that any transformation ("o" -> "0") you can think of, those who crack passwords professionally have thought of it before you, so it's pointless.

        One of the downsides of password manager generated random passwords ("45K7WaUfHxFyrIu6J6CPKM3Gs1jU1oB+UhMByAkn48A" (yes I do have a shell function to generate random noise passwords - don't you?)) is that they're a lot harder to type in than random word-style passwords ("petrifies-Reunion-primitive-putsch" (ditto)). And sometimes you do have to type 'em in.

    3. jmch Silver badge
      Thumb Up

      Re: The Usual Response...

      "*And then use a local, opensource passphrase manager without cloud syncing or cloud backups."

      Of course you'd better have a good backup strategy!

      1. J. Cook Silver badge
        Go

        Re: The Usual Response...

        That backup strategy is 'multiple copies on multiple media'.

        Especially if you insist on keeping the master copy on a thumb drive. Ask me how I know....

        1. BigBear

          Re: The Usual Response...

          I'm very familiar with 2- or 3-year old thumb drives — even those made in the USA by the best manufacturers — either becoming completely unreadable (looks like unformatted media) or having random data corruption inside files. They are simply not a reliable archive medium.

      2. Michael Wojcik Silver badge

        Re: The Usual Response...

        Of course you'd better have a good backup strategy!

        Yes. And for many people, it's also important to have an inheritance strategy, so that your heirs can get into at least the important accounts in the event of your unexpected demise. This is a major problem for many families, and one that most of the password managers I've looked at don't handle very well.

        1. Mud5hark

          Re: The Usual Response...

          Surely you don't need the passwords in this case. As long as you know the account numbers you can approach the vendor with the death certificate and you will get the funds.

          1. Roland6 Silver badge

            Re: The Usual Response...

            >As long as you know the account numbers you can approach the vendor with the death certificate and you will get the funds.

            Obviously not been through the Probate process in recent years...

            Remember web accounts aren't always directly connected to a living person: for example try and provide that the deceased John Smith for which you have a death certificate is the same John.Smith@gmail.com...

            Also one of the last 'vendors' you actually want to approach with a death certificate is their bank - they will tend to immediately close the account instead of doing the more sensible and blocking payments out until presented with a deed of Probate. This means that various utility and insurance premium overpayments have no account to go into (most companies will simply rebate overpayments on production of the death certificate to the account from which they were taken), thus now you have to go round all these companies sending them a copy of the deed of probate etc. just so that they can write a cheque out for these small amounts.

            Another back of the queue vendor is the phone company, if the person has set up their phone as part of the account recovery, loss of the phone numbers means these accounts become practically unrecoverable...

            With more and more companies only effectively operating on-line this is going to become more and more of a problem.

    4. steviebuk Silver badge

      Re: The Usual Response...

      Unless you use Microsoft 365 that appears to totally fall over if you put a space at the beginning of a password. On perm AD works fine with that, but once it gets to Microsoft 365, it freaks out won't let the user login to e-mail. All because of a pissing space at the beginning of the password.

      1. Someone Else Silver badge

        Re: The Usual Response...

        Microsoft is stupid. I'm surprised you just now finding this out...

    5. GnuTzu
      Headmaster

      Re: The Usual Response... -- Grammatically Correct

      Note that it's possible to have nonsense phrases that are grammatically valid, which might help with memory, as in: "Colorless green ideas sleep furiously." But, don't use that one, as it's a quote of a certain famous linguist. (And no, I wouldn't include the spaces either.)

      1. Roland6 Silver badge

        Re: The Usual Response... -- Grammatically Correct

        >Note that it's possible to have nonsense phrases that are grammatically valid, which might help with memory...

        Another part of my early 1980's Computing degree that is still current :)

        I tend to use this style of passwords for those accounts that it is helpful (ie. less irritating) to 'remember' short-term but not long-term. For example the SysAdmin account: for the few hours I'm working on something and swapping between accounts this style of password - in part because of the imagery and humour is relatively easy to retain and thus enter, compared to the typical random password which may be shorter but always requires you to look up, even if you had only used it a couple of minutes previously, and thus distract from the main task at hand.

      2. Shocked Jock

        Re: The Usual Response... -- Grammatically Correct

        Is this where we mention linguists' approach to spelling? (UK site: so I'll be snotty if I want.)

    6. Anonymous Coward
      Anonymous Coward

      Re: The Usual Response...

      Use passphrases, not words, "AworldinwhichIdieonTuesday" is stronger in basically every way when compared to "trump3t"

      On private services I find the password length is often limited, so no joy. And on corporate systems you've always got your company's ITSec brainiac imposing rules about changing every one to three months, demanding mixes of upper case, lower case, special characters, numbers, no repeated characters etc etc.

      When the company want proper password security, I presume they'll come up with better rules...

      1. Michael Wojcik Silver badge

        Re: The Usual Response...

        rules about changing every one to three months, demanding mixes of upper case, lower case, special characters, numbers, no repeated characters

        Aside from the last, none of those should be any real impediment to using real-world passphrases. It's quite easy to construct natural-language phrases which "naturally" (i.e. in a manner familiar to a reader of that language) include mixed case, punctuation, and numerals. And memorizing such phrases is not particularly difficult, so having to change them periodically isn't a problem either.1

        One technique is to choose words at random from a dictionary until you can assemble a phrase in the style of a newspaper headline; then add a numeral and some punctuation. For example, here's a few I selected from a list of words I extracted at random from aspell's US-English dictionary:

        Norrie's, cashier, unstable, syphilis, unmanageable, newsreel, show

        I just chose those from the first screenful, in about 10 seconds of looking. From those I could make:

        Cashier Norrie's unstable syphilis unmanageable; newsreel shown at 11:00

        That's shouldn't take much effort to memorize, and the use of capitalization, punctuation, and numerals is natural.

        Now, that doesn't have a ton of information entropy. With Shannon's estimate of around 1.5 bits of entropy per English letter, we have only "about" 110 bits at best from the text. Since the capitalization is natural, an attacker who knows our scheme (Kerckhoff's Principle) can guess those, so that adds nothing. Similarly the use of numerals and punctuation isn't contributing a lot.

        Now 110 bits still sounds pretty good (much better than that 8-character NTLM minimum password), but some experts think Shannon's estimate is too high in this context, particularly if attackers apply well-trained models to the problem. Someone who duplicated my aspell-based dictionary (around 150K words) and tagged them with part-of-speech information, then trained a model on plausible headline-style phrase structuring, could narrow the search space down quite a lot.

        Still, if you really want passphrases you can memorize, you can accommodate quite a lot of those largely-pointless password restrictions. The tough ones are length limitations and especially idiotic prohibitions like the one on repeated characters.

        1And, of course, you can always use a passphrase manager blah blah we've all read a thousand posts pointing this out.

        1. Danny 14

          Re: The Usual Response...

          i have a knack for remembering registration plates and phone numbers. Even addresses with words work.

          BigTitsAna15CharlesStreet for example.

    7. badger31

      Re: The Usual Response...

      Sorry, but I'm not typing something like "tacosengravesixflyingnines" every time I need to authenticate myself.

      The two passwords I use most often are 10 long but I can type them using muscle memory in about half a second.

    8. Psion1k
      Unhappy

      Re: The Usual Response...

      The idea of a passphrase is a good one.

      Unfortunately, there are quite a number of systems and websites that cap a password at 12 or 16 characters, so it does not always work.

  3. anthonyhegedus Silver badge

    All very well but why does one of the most commonly used cloud services, office 365, limit passwords to just 16 characters? Barely enough for two short words and a number. Correcthorsebatt.

    It’s not good enough.

    And why are the default system-generated passwords on office 365 of the format 3 letters plus 5 numbers with the first letter always being upper case?

    1. jmch Silver badge
      Trollface

      "Barely enough for two short words and a number. Correcthorsebatt."

      Or three short words... correcthorsebutt

      :)

    2. Michael Wojcik Silver badge

      why does one of the most commonly used cloud services, office 365, limit passwords to just 16 characters?

      Because the Microsoft Office 365 team are a bunch of idiots, presumably. (I note that Microsoft Forefront Gateway also used to have this problem, and may well still have this problem. It's unacceptable.)

      Fortunately, at my place of employment we use SAML authentication to Awful 365, and our authentication mechanism allows reasonable passphrases.

      There's no reason to ever restrict the passphrase length to any unreasonably short value for a web-hosted service. Even if the backend system has a password-length restriction, you can create a verifier using a decent PBKDF (bcrypt, Argon2, etc), then transcode that into the character set accepted by the backend system. You may well have to truncate the verifier, but that doesn't help an attacker all that much because they'll still have to find a prefix collision, and good PBKDFs are expensive to compute.

      1. Someone Else Silver badge
        Coat

        why does one of the most commonly used cloud services, office 365, limit passwords to just 16 characters?

        Because the Microsoft Office 365 team are a bunch of idiots, presumably.

        They are web programmers. 'Nuff said.

    3. N2
      Trollface

      Because

      its Microsoft and you just know that its shit.

  4. Time Waster

    correcthorsebatterystaple

    Much as I tend to agree that a memorable long password beats a non-memorable short one, I can’t help but worry that these aren’t really that much stronger. Yes, there are (apparently) upwards of 170,000 words in the (Oxford) English Dictionary, making this on paper appear to be 170,000 to the power 4 (a roughly 70 bit number) but the reality is that most educated native English speakers only know a fraction of this number. Assuming a 35,000 word vocabulary (a number I’ve seen mentioned as an upper bound on real vocabulary size), this quickly reduces to only 60 bits. Assuming all 4 words are fairly common, as with “correcthorsebatterystaple”, the vocabulary size required falls to less than 10,000, rendering this weaker than the random 8 character (53-bit) password, though obviously more memorable.

    Another issue with the long password, and one I’ve fallen foul of many times, is whilst they are fine when typing on a real keyboard. Try entering one with your thumbs on a phone screen, or worse, using a PlayStation / Xbox controller and they start feeling less of a great idea. Even more so if there’s a risk of shoulder surfing (the extreme case is with the PlayStation / Xbox), where the random mess of letters and numbers is relatively quick to type and tricky for an onlooker to remember. A set of English words, they may struggle to forget even if innocently observed.

    My personal favourite scheme (though I must confess, not one I always employ) is taking initials from a memorable sentence. Ie, the password “ihpcrbtmplm”, can be simply remembered by the phrase “i hate password complexity requirements because they make passwords less memorable”, which is roughly the same strength as each of the above mentioned schemes but obviously quicker to type than “correcthorsebatterystaple” and far easier to remember than “ff3sd21n” (which, being all numbers and lowercase, I can’t see being much better than 41 bits anyway).

    1. JohnFen

      Re: correcthorsebatterystaple

      "a memorable long password beats a non-memorable short one"

      The XKCD method results in passwords that are no more memorable than random ones for me, so I'll stick with the random ones. Same with using the first initial of each word in a quote.

    2. MrBanana

      Re: correcthorsebatterystaple

      You are correct, if users choose the words then there is a big reduction in the name space on offer. My password generator extracts random words from /usr/share/dict/words and combines them with a few digits and punctuation characters. Very often I get words that I would never have chosen myself, or didn't even know existed. It is tempting to try generating another password with something more memorable, but then you are "playing with randomness", which defeats the purpose of using random words. Instead, I look the word up, learn something new, and that process seems to make it stick in my brain. Who knew that "calp" is a type of limestone, dark grey or bluish black in colour, that is found in Ireland?

    3. Brangdon

      Re: correcthorsebatterystaple

      The XKCD example already takes dictionary attacks into account. It gives 44 bits of entropy from 4 words, hence is based on a dictionary of 2024 words. As it happens, 44 bits isn't a lot nowadays. Bigger dictionaries will give stronger passwords, as will using more words.

      I find multi-word English phrases much easier to enter into limited devices than random assortments of symbols. The latter I have to look up and enter one character at time, where-as a word like "horse" I can look up once than enter the whole word from memory. Even "ihpcrbtmplm" would make me stop to think for each letter. Not having to switch to weird symbol keyboards helps too. These phrases are also easier to tell other people, eg if they need to know your WiFi password.

      1. jmch Silver badge

        Re: correcthorsebatterystaple

        " Bigger dictionaries will give stronger passwords, as will using more words.... multi-word English phrases..."

        Of course simply using multiple languages can quickly multiply the available dictionary space without significantly increasing complexity. Many native English speakers are hampered in this regard by not knowing any other language but most people worldwide know at least 2 languages to draw words from

        1. John Brown (no body) Silver badge
          Joke

          Re: correcthorsebatterystaple

          "Many native English speakers are hampered in this regard by not knowing any other language but most people worldwide know at least 2 languages to draw words from"

          I'm English, so I like to use passwords like cul-de-sac, boulevard etc. That really stumps the crackers.

          1. Anonymous Coward
            Anonymous Coward

            Re: correcthorsebatterystaple

            As a small company, for many years our network admin password was "hello" which worried me.

            When we were taken over by a larger French firm with a proper IT department I was looking forward to an improvement but discovered their admin password was "bonjour"

            We know have a 12 digit admin password with caps, numbers, special characters etc. It is impossible to remember so obviously easiest thing is to write it on a post-it note and stick top monitor :-)

      2. James O'Shea

        Re: correcthorsebatterystaple

        I am currently using a passphrase built out of:

        two words, neither of them from the English language and usually from two different languages, but which I remember quite well 'cause I know what they mean in English; my current words add up to 12 characters.

        two numbers

        one special character

        That's 15 characters, total. I don't use the same two numbers or special character, and vary the order of the two words and change the words themselves every now and again. I write down a passphrase hint (two alpha characters, one for each word, two different alpha characters for the numbers, and a different alpha character for the special character) so that _I_ know which passphrase I used this time, and carry around that list; the master list showing what alpha characters mean what is securely locked away elsewhere (y'all don't need to know where; those who do need to know also have instructions as to where to go to find it in an emergency). Without the master list, the passphrase list is useless. (quick: what passphrase does er wi o represent?) and that's without considerations as to the number and position of uppercase letters and the order and location of the numbers and special character. (The alpha character used tells me the order and location, thanks to the master list. Oh. Wait. Others ain't gonna have the master list.) Making the passphrase longer (and usually stronger) merely requires using longer words or more numbers or special characters or some combination.

        I find 15 characters to be easily remembered, especially after a look at the hint list, while being difficult to crack even for a native speaker of the languages in question. And I complicate things by using words from two _different_ languages. I went to uni with, among others, native speakers of Lakota, Urdu, Farsi, Japanese, and Tagalog and I have found certain phrases in those languages (and others; Arabic is really nice to have around when you want to curse someone out) to be quite useful.

    4. Anonymous Coward
      Anonymous Coward

      Re: correcthorsebatterystaple

      But now I know your plan, while I brute force guess your words as phrases password I'll add trivial complexity by testing whether you have used the initial letter of the phrase rather than the full phrase...

      And while I'm on it... in what percentage of 8 character Upper/Lower/Punctuation passwords is ! the 8th character?

      1. John Brown (no body) Silver badge

        Re: correcthorsebatterystaple

        "in what percentage of 8 character Upper/Lower/Punctuation passwords is ! the 8th character?"

        My guess would be....99.99999%

    5. Anonymous Coward
      Anonymous Coward

      Re: correcthorsebatterystaple

      English is just one language only, and a password entry box doesn't care if the language is dead or alive... moreover some languages have far more words variations than English.

    6. cosmogoblin

      Re: correcthorsebatterystaple

      If you're worried about humans picking the words - I use watchout4snakes. Get about 10 random words, and pick 4 or 5 that make a vaguely intelligible phrase. I don't know the size of their dictionary but my random 10 just now included theorem and pedantry.

      Where good password rules (i.e. none) are enforced, I use correcthorsebatterystaple. Where bad password rules are enforced, I use correcthorsebatterystaple1!. This means if I remember my password, but can't remember the ruleset, I have a 50/50 chance of getting it right first time.

    7. David Roberts
      Holmes

      Re: correcthorsebatterystaple

      Struggling with some of the assumptions here.

      For instance if you know that the passphrase is composed of dictionary words spelled correctly then you can calculate the time to brute force based on using all the dictionary words and gradually building up the length and complexity.

      However if you don't know then presumably you also have to brute force a string of random characters to the same password length. Possibly some of the examples assume that the first thing you do is a dictionay attack (but to what length of characters?) followed by a random character brute force.

      I think that this was what the XKCD example was based on - making remembering long strings of characters easier.

      If, for instance, you picked one set of 5 non-dictionary characters, say xf-r@, and inserted this into all your password strings then possibly a dictionary based attack would fail. Again I assume this is some of the point of requiring punctuation in a password.

      I would be interested in the entropy of, for example, correcthorsexf-r@batterystaple given that you don't know that it is mainly a dictionary based phrase and you don't know the length or location of the non-dictionary string.

      It is easy to work backwards if you know the answer. Assume you don't know the answer for a more accurate result, perhaps?

      1. Roland6 Silver badge

        Re: correcthorsebatterystaple

        >I would be interested in the entropy of, for example, correcthorsexf-r@batterystaple

        Useful calculator here: http://rumkin.com/tools/password/passchk.php

        But you aren't really comparing like with like, given the different lengths.

        I think this is where maths and the real world diverge.

        My understanding is that the entropy of "correcthorseb@tterystaple" and "correcthorsebatterystaple" is the same where the permitted charactersets and rules are the same.

        However, just as Bletchley Park realised, people are human and so there are ways to reduce the entropy based on statistical analysis and assumptions ie. most people given a large characterset will constrain themselves to the alphabet and real words. Hence your outline dictionary attack could result in a password being revealed much quicker than the entropy calculations suggest. The only problem is that your reference lookup table of passphrases does, relatively quickly, become rather large and unwieldy...

        However, I anticipate, given some of the comments here, that it won't be long before dictionaries exist for the more common (and shorter) passphrases.

    8. OldSoCalCoder

      Re: correcthorsebatterystaple

      Smartphones are a problem, and will be as banks, credit card companies and retail stores push towards their use. Entering long passphrases with combinations of <shift> keyboard special char, long hold-select is cumbersome and error prone. A few websites have started to have an option of 'show password text', but on mobile apps? Umm, no. I still don't know where or how passwords are stored on these phones, but it's convenient to check 'yes, store this password for future use'. Multifactor authentication on smartphones is even more cumbersome since (I'm guessing) it involves task switching, selecting a text string, copy, task switch back and pasting. Hardware authentication like Yubikey? For a while Apple wouldn't even give the outside security firms specs so they could design something that would work with their products.

      Is there one magic bullet solution to online security? I haven't seen one. But, articles like this are good if it gets us to change how we protect at least one high value asset.

      1. jmch Silver badge
        Flame

        Re: correcthorsebatterystaple

        "Entering long passphrases with combinations of <shift> keyboard special char, long hold-select is cumbersome and error prone"

        It's a pain on smartphone

        It's a huge pain on the office photocopier where I have to log in every time I want to scan anything

        It's a gigantic pain on a TV interface where you have to use the remote to go over every character and press OK for each

  5. Anonymous Coward
    Anonymous Coward

    Still used?

    ??According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers.??

    If you are using a Win2K server, Win98 clients, or Samba servers of similar age??

    As I recall, not on Win 2003 server unless you deliberately enable it ?

    AFAIK, the main reason for choosing to enable recording the NTLM hash in AD is so that password crackers can decode short passwords?

    1. scaley

      Re: Still used?

      You are referring to the LMHash which indeed is not used on newer DC, but the NTLM Hash is the only other storage for passwords.

      1. Roland6 Silver badge

        Re: Still used?

        Okay given NTLM is the default option now on Windows Server the question has to be: what is the time taken to crack longer passwords ie. to rephrase the articles sub-text:

        Password1 once again more secure and memorable than ff3sd21n

        Caveat: in the context of the HashCat cracking approach demonstrated here.

    2. Pascal

      Re: Still used?

      If you're using a "recent" (as in, 2008+) AD and only allow Kerberos, according to an old Technet article the passwords are stored like this:

      "AES256_CTS_HMAC_SHA1_96, AES128_CTS_HMAC_SHA1_96 - Used for Kerberos authentication since Windows Server 2008. Salted with user logon name and hashed 4096 times using HMAC-SHA1."

  6. Anonymous Coward
    Anonymous Coward

    Passwords

    Best commercial ever (Southwest Airlines)

    https://m.youtube.com/watch?v=wXU93BnLhbw

    Do you know hard it was to get family members to use 8 digits? (from 6 birthday numbers)

    @#$& it I’m getting everyone Yubikey’s for Christmas!

    1. herman

      Re: Passwords

      "@#$&" is only a 4 character password. You should know better.

  7. This post has been deleted by its author

  8. Pangasinan Philippines

    Easy to remember

    I use favorite song or album titles.

    Take the initial letters.

    For example

    If I could do it all over again Id do it all over you (by Caravan)

    becomes Iicdiaoaidiaoy

    is one of my (lesser) used versions.

    1. Kane

      Re: Easy to remember

      "I use favorite song or album titles.

      Take the initial letters.

      For example"

      ssosfagtiacagwap

      1. DWRandolph

        Re: Easy to remember

        Ummagumma is still one of my favorite albums

    2. phuzz Silver badge

      Re: Easy to remember

      Yep, a memorable line from a song or a book is easy to remember, and with a bit of creative punctuation (eg zero instead of the letter O), you'll end up with something that looks like gibberish, and is hopefully as hard to crack, but which you can remember.

    3. bazbt3

      Re: Easy to remember

      I pretty much do this*, but use the song title in full** with its aide-memoire abbreviation handwritten in a book.

      *apart from here, damnit

      **damnit, needz upper-case now I've said it

    4. MJI Silver badge

      Re: Easy to remember

      OK if they are long names.

      How about Black Sabbath fans

      Password is P

    5. -tim
      Facepalm

      Re: Easy to remember

      Almost all of the memorable book and song titles and most of the lyrics are already in the hacker dictionaries.

      I did this experiment in about 1992 with many thousands of people. We had them enter 5 different lines of lyrics from songs. We also asked them if they listened to both types of music or rock or something else. It turns out that the people who picked rock or country would often pick one of the same hundred to so lyrics. If we asked a country fan to quote 5 rock lyrics, it resulted in a much larger pool. The results would have also allowed high accuracy guesses of the subjects children's ages if they had small children.

    6. Roj Blake Silver badge

      Re: Easy to remember

      Just as long as one of your songs isn't YMCA.

  9. M.V. Lipvig Silver badge

    Something I don't get, and perhaps someone can enlighten me. How does this even work? Any time I type in a wrong password 5 times, my computer locks me out for 5 minutes. After that 5 minutes, do it wrong 5 more times and it's 15 minutes. Howncan they run through umpteen dozen thousand wrong passwords in a couple of hours if 5 wrong passwords locks you out for 5 minutes?

    1. Chozo

      Have you ever tried to guess the shape of an object from its shadow? , it's the same sort of thing but with numbers and an odd form of math called Modulo arithmetic. The attacker can see the shadow of the password and generates billions of combinations till it finds a 'shape' that matches. Then and only then is that combination tried against the target computer.

    2. DaLo

      They aren't typing the password in multiple times. They have already stolen the password, it's just that it's in an encrypted form. What they then do is try to find the original password (or even a different password that would give the same result when encrypted!).

      They can do this by trying every possible password one by one (against the same encryption method) until the encrypted result matches. So they start by trying 'a' then 'b' then 'c' ...a loong time later.... then 'Abhg75^&%fgtrds'. All these encryption methods cannot simply be reversed. ie. they are one-way so you can't just enter the encrypted (hashed) password and get the original plain text password as the plain text password no longer exists in any form. However some encryption schemes have vulnerabilities in the random number generator or method used that can reduce the number of attempts significantly. They might also demand a minimum of 6 characters so the attacker doesn't need to check for passwords less than 6 chars. However they would normally start by checking a dictionary list that would contain popular passwords, all the passwords from major breaches, all the words in a dictionary, every birth date, peoples names, including multiple capitalisation, swapping letters for common symbols (such as pa$$w0rd) etc.

      In then end they may get a match for the password (and - it doesn't always need to be the exact same password, but nowadays it normally is, it just needs to produce the same output when encrypted). They then use this password to log in on their 'first' attempt.

      How do they steal your encrypted password? Well either they have access to your PC/Network and have dumped the 'encrypted' password file or more likely they have stolen it from a website or intercepted it when sending it remotely.

      1. Doctor Syntax Silver badge

        "more likely they have stolen it from a website"

        And this is why you shouldn't use the same password on multiple sites.

        1. CAPS LOCK

          And this is why you shouldn't use the same password/username on multiple sites.

          Another reason why your email address is your username is A Bad Thing[1].

          Copyright Seller and Yeatman.

          1. Toltec

            Re: And this is why you shouldn't use the same password/username on multiple sites.

            Worse still if you select the 'Forgotten password' option it is obvious where the reset is sent.

            If your email password has already been cracked you are knackered.

            1. Anonymous Coward
              Anonymous Coward

              Re: And this is why you shouldn't use the same password/username on multiple sites.

              Which happened to my son. I couldn't understand why his Fortnite account kept being hacked, even after changing the password numerous times, each with an increasing level of complexity and length.

              Turned out his email password was a. weak and b. compromised and so the hackers just kept hitting the forgot password link whenever it got reset.

              Cue a forced reset of all of his passwords by me.

          2. AndrueC Silver badge
            Thumb Up

            Re: And this is why you shouldn't use the same password/username on multiple sites.

            Another reason why your email address is your username is A Bad Thing[1].

            Unless you use a DEA system and register a different email address for each site ;)

            That also makes it easier to see which site has been compromised.

          3. Michael Wojcik Silver badge

            Re: And this is why you shouldn't use the same password/username on multiple sites.

            Another reason why your email address is your username is A Bad Thing.

            That's highly dubious. Kirckhoff's Principle applies: assume everything not part of the secret is known to the attacker. Otherwise you're just adding a small amount of hard-to-manage entropy to the key.

            If not using an email address as a username is providing you with any significant additional security, then there's something very wrong with the security of the system you're using.

      2. This post has been deleted by its author

      3. Harry Stottle

        Hashing<>Encryption

        @ DaLo

        At the risk of teaching the occasional grandmother to suck eggs, I feel the urge to correct a few errors in your post.

        Encryption entails a (roughly) 1 to 1 relationship between plaintext and ciphertext. i.e for every character in the plaintext there should be at least one in the ciphertext (ignoring compression)

        Cryptographic hashing produces a fixed length output regardless of the size of the input. Using SHA256, for example, anything we hash will produce a 32 byte hash - whether its your 8 character password, or War and Peace.

        One consequence of the difference is that hashing algorithms are NOT vulnerable to poor quality entropy (eg the output from weak Random number generators). If they used randomness at all, they wouldn't work because the hashes for a fixed input would usually vary.

        Bcrypt is the exception to that rule. It is optimised for password handling. For example maximum input length is (from memory) 256 characters. And it does include randomness and thus always produces a different hash for a given input, which, amongst other things, means you can't test a Bcrypt password simply by repeating the hashing process. You need a partial decryption process which reads a section of the hash to determine the randomness which produced it, so it can verify the input against the output.

        And bcrypt passwords can even vary (slightly) in length (which confused the fuck out of me when I was learning how to use it) and doesn't run the hashing process once but, typically, a few thousand times (user configurable). All these tricks are how bcrypt makes Brute Force attacks thousands of times more time consuming. It SHOULD, by now, be the standard hashing technique for all passwords. If the NTLM passwords were Bcrypt hashed, they'd still be safe!

        1. Michael Wojcik Silver badge

          Re: Hashing<>Encryption

          Bcrypt is the exception to that rule

          bcrypt is only one of several modern PBKDFs which are more or less suitable for creating password/passphrase verifiers. These days, Argon2 is a better bet, if you have a choice.

      4. Michael Wojcik Silver badge

        They have already stolen the password, it's just that it's in an encrypted form

        Sigh. Hashing is not encryption.

        While there are certainly cases where password verifiers are encryptions of the plaintext password, it is much more common, and greatly preferred, to use verifiers which are derived from the passwords in a manner which cannot be reversed except by brute force.

        Salted cryptographic hashes are often used for this purpose,1 but for years now we've recommended password-based key derivation functions PBKDFs such as PBKDF2, bcrypt, and Argon2. The best PBKDFs for this purpose are the ones which are designed to be both compute- and memory-intensive, making it difficult to execute them quickly using GPUs or custom hardware.

        Aside from that, your description, while it describes offline password cracking correctly in broad terms, is rather behind the state of the art. Attackers won't try possible password-character combinations in order; they'll use dictionaries of known common passwords first, and then try less-likely variants. Often they'll have precomputed rainbow tables to speed the search. And for offline attempts, they'll be attacking a database of verifiers - verifiers are rarely sent over the network, so it's unlikely an attacker would have have "intercepted it".

        Of course, some applications continue to use trivially-broken verifiers, such as unsalted MD5 hashes. A Google search has an excellent chance of returning the preimage for an MD5 hash of an English word.

        1And before that, other things. UNIX originally used an encryption-based mechanism (first using the M-209 cipher and then a modified version of DES); but it used the password as the key to encrypt a fixed block, and then chained that for a number of rounds, injecting a salt value into the cipher. So the verifier was still in effect the output of a cryptographic hash of the password. NTLMv1, on the other hand, used an algorithm so stupid I can't even bear to describe it.

    3. canthinkofagoodname

      Confusion

      You may be confusing someone attempting a Brute Force / Dictionary / Guess attack with Password Cracking.

      As you describe it, the process of throwing multiple of variations of passwords at a login page, with the hope of getting the right combination of username and password is generally referred to as a Brute Force attack. The methods vary, like using a simple password list (dictionary) or using a tool which creates variations of different passwords by substituting letters with numbers, special characters etc. Could also be a case of someone sitting at your computer and manually trying different passwords. Doing this against a system that gradually increases lock out times with each unsuccessful login attempt does make this difficult.

      What they are referring to in the article is Password Cracking. The specific example in the article speaks to taking a password hash (the result of using a specific algorithim to turn a normal password into gibberish) and using a tool to brute force it (try every hash combination for the size of the password), or use a rainbow table (a list of precomputed hashes) and simply compare the results until they get a match.

      Doing it this way is a much faster way of getting someone's password, but requires either capturing the password hash in transit (like capturing the authentication traffic while you log into El Reg for example), or in AD environments (for example) dumping the password store for offline cracking.

      The crux of the article is that an 8 character password hash, hashed by NTLM, can be cracked very quickly, and affordably.

      Hope that helps

    4. AndrueC Silver badge
      Happy

      Just to extend the excellent replies I'll add that computers don't normally store your password and compare what you have entered with that. Instead when you enter your password for the first time they run it through an algorithm that converts it into something completely different. That's what they store.

      Every time you log in they take what you have entered and run it through the algorithm and compare the result with what they have stored. Thus no at least half way sensibly written system has a record of your password. This is great because if the system is compromised your password is still unknown.

      Password hacking as others have said is the process of finding 'some text' that when run through the same algorithm produces the same value. Once they have this they can log in using 'some text' as the password.

    5. Martin

      Well, that was exactly the question that I was going to ask. Thanks to the very clear answers above.

      Time to go through my LastPass list and change the 8 char passwords that still exist (and there aren't many left now) to 12 char passwords.

      1. Roland6 Silver badge
        Unhappy

        >Time to go through my LastPass list and change the 8 char passwords that still exist (and there aren't many left now) to 12 char passwords.

        While you are about it, strongly recommend you setup the account recovery security on key accounts. For a client I was glad I had done exactly that, they were using an old (ie. pre-2007) edition of Outlook, naturally in response to a Google prod about security they clicked the "improve my security" option which immediately blocked their Outlook client, this, in turn, continued to try and log in and fail, resulting in Google deciding that too many login attempts had been made and so locked the account. Also advise setting at least two phone numbers - client had originally used their PAYG mobile numbers, but for various reasons hadn't used that phone for 6+ months, fortunately, they had also set up their house landline number which hadn't changed...

    6. M.V. Lipvig Silver badge
      Headmaster

      Thanks for the most excellent replies, folks. That makes a lot more sense than the whole "try over and over" thing. A bit scary too, that they can get access to a string of characters that they can work over until they have a match, then log into an account first try. Methinks I will need to change important passwords more often. I've already been doing the multiple unrelated words for years, use the less common special characters and keep my passwords on a list only people who get into my house can access. In addition, my security questions have zero accuracy so anyone who knows me can't guess. They might know where I graduated high school, but that won't help them know that my security question "Where did you go to high school?" is answered with "quicklime and carpet."

      Going to have to assume that they have some powerful computers, or perhaps using botnets lets them crack these passwords in considerably less time than days per password, like that horse password is suppposed to take 18 days. Sorry, I'm just not a computer guy.

  10. Anonymous Coward
    Anonymous Coward

    some data from abstracted zxcvbn-go source

    ./pstrength CorrectHorseBatteryStaple

    for password 'CorrectHorseBatteryStaple' crack time is centuries

    ./pstrength ff3sd21n

    for password 'ff3sd21n' crack time is 18.0 days

    1. Anonymous Coward
      Anonymous Coward

      Except that 'CorrectHorseBatteryStaple' should be in any decent hackers dictionary of passwords somewhere between Passw0rd and 'supercalifragilisticexpialidocious'

      1. MiguelC Silver badge

        funnily enough, according to haveibeenpwned, the password 'correcthorsebatterystaple' was used in 144 pwned accounts

        1. Francis Boyle Silver badge

          Just another case of users not following instructions.

          1. Doctor Syntax Silver badge

            "users not following instructions"

            Or misunderstanding them.

        2. Graham 2
          Devil

          I wonder how many of those 144 are honeytraps?

          1. Danny 14

            camel case is often used. the trick is to 1 2 3 4 your caps

            FindyOurchEapbeeR etc. Password change? Rotate. 2 3 4 1 then 3 4 1 2 etc.

  11. mr_souter_Working

    Maximum Password length

    the sites that bug me (and there are a few banking sites that do this) - are those that have a MAXIMUM password length.

    so I can only use a 12 or 14 character password - mine tend to be 20+ characters long when I want something secure, and around 15 for the sites I am not giving any financial information to.

    1. upsidedowncreature

      Re: Maximum Password length

      Also sites (usually financial institutions) which ask for specific characters from your password, thereby betraying that they actually store your password in plain text.

      1. Anonymous Coward
        Facepalm

        Re: Maximum Password length

        I know a bank which limits a password to 8 characters, the first four of which needs to be numbers... I would really like to see the face of the person who decided it.

      2. Martin
        Unhappy

        Re: Maximum Password length

        Also sites (usually financial institutions) which ask for specific characters from your password, thereby betraying that they actually store your password in plain text.

        That's a thought that had literally never crossed my mind before. You surely must be right - I can't see how else they could do it. But it's a hell of a stupid thing to do.

        El Reg - why don't you ask First Direct and Santander (two that I know of who do indeed ask for specific characters) to comment on this? No point in a normal customer asking the question, we'd just be fobbed off.

      3. Doctor Syntax Silver badge

        Re: Maximum Password length

        "thereby betraying that they actually store your password in plain text."

        You're assuming that the only way to hash a password is as a single hash.

        What they can do is produce a series of hashes of a few select characters and then ask for one of those selections. It has the disadvantage that if all permutations are stored the number of hashes to store expands very quickly as the password length grows. This means that either they have to pre-compute and store a large number of hashes, restrict you to short passwords or only store a small subset of permutations. Guess which is least likely.

        1. katrinab Silver badge

          Re: Maximum Password length

          Even if they hash a load of 3 letter fragments of passwords, that means a total 830,584 combinations per fragment if you use every character you can type on a keyboard which will not take long at all to brute force. 3 character passwords are not at all secure.

      4. TrickyRicky

        Re: Maximum Password length

        My problem with the 'enter the 4th 8th and penultimate character' sites is that you've got to remember the place value of each character or resort to counting on fingers.

        Quick, what's the 9th, 13th and 18th character in correcthorsebatterystaple (without resorting to fingers)?

        1. adam 40 Silver badge

          Re: Maximum Password length

          If you have 18 fingers then you must be my long lost cousin from Norfolk.... let's get married!

    2. hellwig

      Re: Maximum Password length

      If you let people use longer passwords, then you can't synchronize your older, legacy platforms (which seems like a bad idea to begin with). I remember having to choose a short SSO password at an employer because of some rules they had for their legacy Unix systems.

      1. hmv

        Re: Maximum Password length

        It gets even better when they enforce such restrictions years (decades?) after such restrictions on legacy Unix systems went away.

    3. J. Cook Silver badge
      WTF?

      Re: Maximum Password length

      Worse yet, some of those sites limit the password to under 8 characters. It's almost like they are using an old miniframe* with a web front-end slapped on it or something... at least it allows for complexity, which at gives some modicum of difficulty in this day and age.

      I can understand why- processor time used to be expensive, and crypto is processor intensive. That was before Moore's law and parallel processing kicked in proper-like and made CPU cycles cheap. (remembers running L0phtcrack on a machine's NTLM database overnight back in the early 2000's to extract the admin password on a win2K server when the original admin password was lost/misplaced. it got everything except the contact person's password, which required it to brute-force attack.)

      * iSeries, I'm glaring at YOU.

      1. Michael Wojcik Silver badge

        Re: Maximum Password length

        Worse yet, some of those sites limit the password to under 8 characters. It's almost like they are using an old miniframe* with a web front-end slapped on it or something

        Not an excuse. See my post above: It's trivial for a front end to overcome this sort of limitation in the backend system. You hash the password, transcode it into the backend system's allowed character set, and truncate if necessary. The attacker still has to find a prefix collision.

        I believe RACF has a password character set of at least 64 characters, so you can use Base64 tweaked for EBCDIC and encode 48 bits of entropy in an 8-character password. That's decent; it'd take quite a lot of resources to find a preimage for the first 48 bits of an Argon2 hash.

        When you see a web front end that only accepts 8 character passwords, it's a sign that the application developers don't understand security and couldn't be bothered to find someone who does.

    4. N2

      Re: Maximum Password length

      "the sites that bug me (and there are a few banking sites that do this) - are those that have a MAXIMUM password length."

      Yeah they are complete cunts that think they know better, Lloyds take note - your security sucks.

  12. max allan

    Surely it's "correct horse battery staple"?

    "correcthorsebatterystaple" misses 3 special characters.

    For a decent memorable password pick a phrase with punctuation and type it in exactly.

    "I should be so lucky, lucky, lucky, lucky"

    Or

    "I ain't gettin' on no plane fool"

    Or

    "My wife's birthday is 14/14/14"

    Everyone says "don't use a birthday or anniversary" but if you stick in a sentence like that, ain't nobody gonna crack it fool.

    1. Roland6 Silver badge

      >"My wife's birthday is 14/14/14"

      So she only gets to celebrate it every 22 years then?

      1. Michael Wojcik Silver badge
        1. Danny 14

          only time i spat coffee was when a onceuponatime colleague revealed Dicks4Chicks.com as their password.

  13. Keith 20

    1Pass

    Yet another advert added in an article for 1Password.

    ElReg, have you been bought ?

    1. DaLo

      Re: 1Pass

      This will be Troy Hunt's recommendation. He is definitely a big fan of their's!

      1. MJB7

        Re: 1Pass

        ... and has a relationship with them that is disclosed on https://haveibeenpwned.com/

  14. mark l 2 Silver badge

    I wonder if you used more exotic extended characters than what is available on the keyboard such as ὭӔꙬΘ whether this would make a 8 character password harder to crack?

    My standard login password is 13 characters but maybe time to change to a passphrase. I saw a good article where someone mentioned about opening a book onto a specific page and then creating a passphrase from the page number, and then the first word on say the top 6 lines intermixed with a special character.

    So doing that from a electrical parts catalogue I have on the table gives me a passphrase of:

    222Long-domestic-paths-Polycarbonate-Lumens-LEFULLWH

    1. Anonymous Coward
      Anonymous Coward

      When hashed, passwords are usually treated as simple sequences of bytes - not characters. So what sequences a password actually is depends on what character set is using. If a password entry filed allows for Unicode character, and is using, say, UTF-8, using characters that use 2/3/4 bytes will make it actually longer. If it uses an 8 bit code page not MBCS, it won't.

      Then depends how smart the password cracking algorithm is - if it just attempts sequences with valid ASCII7 printable characters it may not hit some password, it it just generates and hashes plain sequences of bytes it will found anything within its processing capabilities.

  15. jay_bea

    EFF Wordlist

    I use password manager-generated passwords of random characters and symbols for website passwords that I can fill again from the password manager, but there are some passwords that I need to be able to type in manually - typing ks£94!_lkF0#- with a Playstation controller is difficult (and even harder over the phone to the kids).

    For those occasions, I use a set of 5 dice and EFF's Wordlist [1] to construct a passphrase. This means I can still remember the individual words long enough to type them in, whilst the passphrases are appropriately random.There is something satisfyingly old-school about creating secure passwords using a dice and sheets of paper.

    1. https://www.eff.org/dice

    1. MrBanana

      Re: EFF Wordlist

      "...using a dice and sheets of paper."

      So you've written your password down. Are sheets of paper your password vault?

      1. jay_bea

        Re: EFF Wordlist

        No, the sheets of paper are the lookup lists. The resultant passwords are stored in a password manager!

        Mind you, I would rather my aged relatives used unique passwords for each website and wrote them down in a book than use the name of their favourite son-in-law for everything!

      2. Anonymous Coward
        Anonymous Coward

        Re: EFF Wordlist

        Much more secure for most domestic purposes. If your house fire destroys the safe contents, just reprint from digital backup. If burglar finds and breaks the safe to read it, just ensure they don't have a clue what they're looking at. Obviously don't tell anyone your unique scheme. Your random PIN for your bank card might be useful to use to select the same page and word number from a favourite book. Or memorable date read long ways like FirstJanuaryNineteenEightyFour. You're welcome.

  16. Joe Harrison

    Too much

    A long password for your online banking is obviously sensible. For other stuff not so much - at work my Windows PC locks itself after 10 minutes and I don't fancy typing wrongdonkeyAAcellfastener dozens of times a day. As correctly pointed out by Time Waster strong passwords are a strong nightmare when not using a proper keyboard. Finally a password manager - you're stuffed when you have to use a computer which hasn't got it installed.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too much

      Why would you ever type a password into a computer that was not your own? Good password vaults run on Android, Linux, OSX and even Windows. Mine is locked by three factor authentication (fingerprint, keyfile and long passphrase).

      1. Roland6 Silver badge

        Re: Too much

        >Why would you ever type a password into a computer that was not your own?

        Work?

        Also I can't be bothered to jump through the hoops that are required to get 1Password/LastPass etc. to work across all my devices: Win/OSX/iOS/Andriod/Linux.

        One of the things I dislike about new phones, printers, etc. is connecting them to the WiFi for the first time - so that they can be set up properly - My WiFi uses a 32 character PSK...

  17. Dr Dan Holdsworth
    Boffin

    The only way is OATH

    Basically, this only goes to confirm what the banks have known for ages: passwords are not a secure way to limit access to anything. To do it securely, you need:

    An identifier

    A secret

    A physical token that you can verify possession of

    Hence OATH protocol devices such as Google Authenticator; these are all devices that generate authorisation codes when asked to, and the authorisation code is verification that the intended user has possession of the code-generating device. Some banks even force the end user to remember a secret code to make the authorisation token spit out a code, for added secrecy.

    If you do this, you make the stealing of password hashes pointless, since you also have to steal or otherwise access the OATH token generator. If you make the item to be stolen valueless then thieves will simply try something else.

    1. Andre Carneiro

      Re: The only way is OATH

      It has the name “Google” in it, I’m going to assume it’s insecure.

    2. devTrail

      Re: The only way is OATH

      Basically, this only goes to confirm what the banks have known for ages

      Trouble is that marketing and the necessity to snoop on their own customers is killing the good experience they built over the years. Most of the banks are phasing out tokens and PIN sentries in order to force their customers to install mobile apps on their smartphones. I think the future is bleak, eventually a wave of trojan based attacks will push one or more of those banks into bankruptcy.

      EDIT: I forgot to point out that I don't believe in OATH and other centralised systems that are just a big enormous honeypot for all sorts of hackers. The only safe system for banking and online payments in the PIN Sentry model.

    3. Michael Wojcik Silver badge

      Re: The only way is OATH

      OATH is an industry consortium (the Initiative for Open Authentication), not an algorithm or authentication mechanism.

      Are you perhaps thinking of OAuth (which is not a Google invention) or TOTP (which is also not a Google invention)?

    4. Glen Turner 666

      Re: The only way is OATH

      OATH is fine as a second factor but it lacks enough security to stand on its own. It's easily for TOTP to fall to a machine-in-the-middle attack. HOTP looks fine theoretically, but the re-keying after failure is deeply problematic.

      Having written this, OATH TOTP is far better than nothing, SMS codes, or an 2FA app. There's some fine clients, not just Google Authenticator. For example, andOTP has no Google-derived code but was written from the specification.

      I'd recommend that people look into a secure hardware token. One which does FIDO/U2F for second-factor authentication, FIDO2/Webauthn for account authentication, and does HMAC-SHA1 Challenge Response for securing password databases. Yubikey are the dominant company in this space, but there's a handful of alternatives.

      The hardware token provides key material for the password database. Maybe mix that key material with a trivial password so that a lost key can't be used immediately. The result is strong: the token challenge-response and password generate the key material needed to decrypt the password database, and the password database contains maximal-length, actually-random passwords for the websites which need passwords. KeePassXC provides a good implementation, but there are plenty of alternatives.

      When configuring websites for FIDO/U2F second-factor authentication be careful to disable weaker 2FA alternatives which the website may also offer, such as SMS codes.

      Finally, note that OATH's MITM shortcoming when compared with hardware tokens isn't always a weakness. I use OATH for some accounts as I may need to share the account (eg, some vendor websites only allow one account per client company) or where I may need to read the code over the phone for someone else to log into the account. For those accounts OATH provides better protection than a password alone.

  18. katrinab Silver badge
    Windows

    I thought you needed 15 character passwords for Windows, because, certainly in XP and earlier, it stored anything less than that as two separate passwords of up to 7 characters which could be easily cracked on mid-range hardware from 15 years ago.

  19. Wellyboot Silver badge

    Before NTLM there was just LM

    NTLM was made backward compatible with the older MS Lan Manager (P O donkey S) and had a separate LM hash table which used passwords split into 2x 7 char blocks & padded with nulls. Dictionary attack times for the 7 chars was never very long and if the 2nd block was all nulls it gave the same hash every time. I believe the backward compatiblility could only be turned off once the entire AD domain was using NTLM2.

    This was back in the early '90s when DES (56 bit) was standard and the US didn't allow export of anything better than 40 bit.

    Some things scar the memory for life.

  20. agragr

    Diceware

    Diceware is a method for creating truest random pass phrases, like the five words recommended, using ordinary dice.

  21. Tom Paine

    Up to a point

    "The eight character password is dead."

    But if an attacker's got your password hashes it's probably game over already, because of the level of access that implies. No?

    1. matthewdjb

      Re: Up to a point

      No.

    2. el_oscuro

      Re: Up to a point

      Get SQLi on some shitty website, dump the usernames and passwords, then follow this procedure:

      https://xkcd.com/792/

  22. Anonymous Coward
    Anonymous Coward

    bad programmers

    Anyone who writes a database where its possible to SELECT from the hashed password tables is an idiot. Last time I set up a password system the salted hashed password challenge was sent to a stored procedure that could only return a 1 or a 0, and select functions disabled on the table. Note I am not a software engineer or a security expert, and if I can do it...

    1. doublelayer Silver badge

      Re: bad programmers

      Usually, an attacker has more than a database session (if they do, it's unlikely they have one with rights to the password table anyway). If they have access to the disks or the shell, they simply take a copy of the files implementing the database and open them at their leisure. Your solution only helps if they are able to get a database session and nothing else, and a proper database for passwords shouldn't allow remote accesses anyway. It's a nice tweak, but probably won't solve much.

  23. Anonymous Coward
    Anonymous Coward

    Is this sercure?

    I have passwords based on a phrase giving me a 15 character string (mixed upper case, lower case, numeric and special characters). When I need to register on a site that requires a secure password I apply a prefix or suffix to the base string. I only need to note down the prefix or suffix as the 15 characters is locked in my head (e.g El Reg could be noted as ER_ or _ER). The system does require a bit of tweaking where passwords must be shorter than 17 characters.

  24. Anonymous Coward
    Anonymous Coward

    scott

    tiger

    1. Stevie

      Re: scott

      AC because who wants to admit to working with Oracle in these pages?

  25. David 18

    Plenty of financial institutions need to buck up.

    I always point people to the XKCD when they extol complex passwords, and always use pass phrases where possible.

    It grips my shit when sites then LIMIT you to 8-20 characters (I'm looking at you NS&I), prevent you using spaces or certain special characters. What god-awful sort of plain text, crappy storage are they using behind the scenes to warrant that downright negligence. Arseholes.

    1. Sean o' bhaile na gleann

      Re: Plenty of financial institutions need to buck up.

      And there's no 'change password' function on the web page(s) either. If you want to change your password, you have to contact NS&I by phone, then they send you a 'reset' code by snail mail...

    2. Glen Turner 666

      Re: Plenty of financial institutions need to buck up.

      The XKCD algorithm seems suspect to me. Its basic assumption is that people can make a random choice of common words -- without reference to a dictionary and without using any random number generation.

      I just asked 15 coworkers to give me three random words -- there were 7 words appearing twice and two words appearing four times. This sample suggests that the size of the in-practice word pool may be small.

      Given the skew in lotto number selections, we know that humans can't make random choices from a pool of ~50 selections even when it is in their financial interest to do so.

      Given the apparently small size of the pool and human's poor ability to choose randomly, I suspect the in-practice XKCD-algorithm key size may be substantially less than that suggested by the author's back of the envelope calculation. I'd want to see a controlled study before recommending its use.

  26. Aladdin Sane

    Password?

    Luggage code is 12345

  27. small and stupid

    From another angle.

    Part of the problem is that every fucker wants a password. I can remember a strong password. Or three.

    So, what are the risks if my password is cracked for:

    El Reg, or any typical messageboard. Apart from embarass me, or get me banned.

    My utility account password (no card details saved)

    A one off purchase from a site (again, no card details saved)

    Or am i being naive?

  28. chubby_moth

    NTLM?

    NTLM? I can recall brute forcing NTLM pw from sam files in 1997 using L0phtCrack for NT3.51 and NT4. Any characters above 7 were discarded in the challenge so brute forcing it with a derelict 486 took me a night. Is this another NTLM or is this the still basically the same? For many years hacking MSos was kidsplay if you had access to the .sam file (as any user on running machine would).

    1. doublelayer Silver badge

      Re: NTLM?

      That was LM, not NTLM, although NTLM 1 worked similarly and was also bad. This is a newer NTLM that is much better for its time, but not good enough for 2019.

  29. PaulVD
    WTF?

    There are 203 passwords in my password manager

    Most of them unique, and many of them used maybe a couple of times a year.

    No rules for password complexity, passphrases, or other similar solutions come close to dealing with the problem that I have to remember 203 of them, and I have to remember which memorable phrase was used for which site or account login. It ain't going to happen.

    One of my banks supplies a dongle for two-factor authentication, and a few sites offer my phone as a second factor. But carrying round a keychain full of dongles is not going to happen either.

    There is simply no alternative to a password manager.

    1. It's just me
      Thumb Up

      Re: There are 203 passwords in my password manager

      I agree. If everyone would implement an open standard such as FIDO U2F or FIDO2 then you could use one Yubikey dongle for all sites. Another open protocol I'm watching which is nearing release is grc.com's SQRL.

    2. devTrail

      Re: There are 203 passwords in my password manager

      There are 203 passwords in my password manager

      So what?

      dealing with the problem that I have to remember 203 of them

      If you have a oassword manager it means you don't have to remember 203 of them.

      There is simply no alternative to a password manager.

      No, wait. You use a password manage, I use an encrypted partition and that's all right. But you can't assume that all PCs with a password manager are trojan free. Some credentials like those for online payments are too sensible to be put on a PC or even worse on a mobile phone (unfortunately too many banks lately are choosing this option). For them the only way os via hardware, be it token or PIN Sentry. If you pick out the most sensible like banking and unique ID for government services you don't need so many of them.

  30. N2

    So how long for 16?

    Would you kindly tell that sack of shit organisation called 'Lloyds Bank PLC' that its insistence to use 16 char passwords without the use of !@£$%^&*() is just plain fucking wrong.

    Morons, with an even bigger one at the top - that is all.

  31. cambsukguy

    The requirement mentioned earlier about ensuring that your passowrds are not 'remembered' by someone watching you type it is not a problem for password managers.

    When setting up a PC for my son I used his MS password about 8 times in several different cases across two PCs (old and new) as well as a phone.

    Despite typing it that many times, I could not, under any circumstance, recall the password when trying to type it, even after a delay a few minutes.

    This is because password manager passwords can be made eminently un-memorable; you would have to be the mentalist to remember 12 characters, case and all, just by watching someone type them.

    I was typing from a displayed password and I still couldn't recall it.

    Of course, we use 2FA so OneDrive etc. are even less likely to get hacked even if the correct password is entered on a new device, so the hacker would have to access the PC, steal the phone, know the phone PIN *and* have the password.

    Hardly worth the effort to see his student debt (always assuming they managed to access the bank).

    I think the honest truth is that £24 a year for four (I think) people to have LastPass is very good value indeed and it really does make site login (and address/CC details entry) super easy.

    What was disappointing was not knowing if 12 random characters (with specials where allowed) is enough - from the looks of the article and the fact that NTLM is weaker than most systems in use - it seems so. I assume that it adds perhaps another 28 bits making brute forcing that much harder.

    But how much is what I would like to know.

  32. Captain Badmouth
    Paris Hilton

    I suggest

    supercallousflagellisticexpertcunnilingus

  33. bigtreeman

    unicode ?

    Does anyone use a few unicode characters in passwords ???

  34. Jorge_The_Custard_Stripper

    23BatteryPoweredHorses!

    146BrightEyedRainbowTables

    2bornot2bITSNOTAQUESTION!

    Occasionally,IAmRapedBy23Dingos

  35. Big_Boomer Silver badge

    Security SUX

    All these passwords are a PITA to remember & manage, even with password managers, yet despite this nobody has managed to come up with a viable secure replacement for them. Bio-metrics seems to have died away (apart from fingerprint login on your phone) and so called face recognition is very insecure since it's dead easy to fool. Besides, once someone manages to hack your Bio-metrics, you are well and truly f***ed!

    Perhaps it's time to go back to a physical device coupled with questions and answers. The physical device is personal (ring, watch, rfid card) and it identifies you, but when you login it asks questions only you know the answer to. Now you just have to remember the answers to your questions and most importantly not give that info away on FaceTwit. If you lose your device it can be replaced and new logins can be setup. If you are the kind of moron who loses stuff all the time, then you get the device embedded in your body with a nail-gun :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like