Wladimir Palant

Password strength is a very confusing concept, which has shown very clearly in the discussion around the #LastPass breach and #Bitwarden flaws. I tried to make it as easy to understand as possible, not sure whether I succeeded.

https://palant.info/2023/01/30/password-strength-explained/

TL;DR:
· Password managers are a single point of failure, so their master password has to be strong.
· What looks strong to you isn’t necessarily a strong password.
· Long passwords aren’t necessarily strong. Case in question: “choose a phrase from a song.”
· I suspect that almost all real-world passwords have less than 35 bits of entropy. Especially with zxcvbn considering 33 bits as “strong” and even password manager vendors not questioning that.
· AFAIK the only realistic way to get a strong password is generating it randomly.
· Diceware is a good way to generate passwords that are both secure and rememberable.
· “Regular” people don’t need more than four words (using a word list for five dice). Valuable targets need five words for better protection, someone who could become a target of a state-level actor should be safe with six words.

Password strength explained

I try to explain how attackers would guess your password, should they get their hands on your encrypted data. There are some thoughts on the strength of real-world passwords and suggestions for your new password.

Almost Secure
Jan 30, 2023 at 4:37pmWeb
Show threadWladimir PalantFeb 4, 2023
Two comments in quick succession under this article confidently proclaiming their (bogus) take on password security. Yes, a link to the article has been posted on Reddit. The SoftwareEngineering community is clearly technical enough to have a strong opinion on passwords, yet not sufficiently security-related to actually understand them.
Show threadPierreJan 30, 2023
@WPalant what happened with Bitwarden?
Show threadWladimir PalantJan 30, 2023
@breadandwater Nothing yet. And hopefully they will fix the issues, so that it will stay this way. https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Bitwarden design flaw: Server side iterations

Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.

Almost Secure
Show threadMichael JarrettJan 30, 2023
@WPalant https://xkcd.com/936/
Password Strength

xkcd
Show threadWladimir PalantJan 30, 2023
@Lownewulf You are welcome to take at least a cursory glance at the article.
Show threadMichael JarrettJan 30, 2023
@WPalant sorry about that. I lost your link in your "TL;DR".
Show threadGraham Sutherland / PolynomialJan 30, 2023
@WPalant very true. the only reservation I have is that we should just stop using "entropy" or "bits" as a measure of password strength. statistical measures of state space make sense when we're talking about keys and probabilistic distributions, but the measure isn't particularly useful in the context of practical attacks, and the numbers and calculations just end up being confusing and misleading when we talk about passwords (or anything chosen by a human).
Show threadWladimir PalantJan 30, 2023
@gsuberland Maybe. But I’m definitely not inventing new terminology right now. 😀​
Show threadHearthstone Office TechJan 31, 2023
@WPalant Forgive my ignorance, but does a product like #1password bolster this single point of failure with its secret key feature?
Show threadWladimir PalantJan 31, 2023
@HstoneTech Yes, it certainly does. That’s the one where “safely encrypted” shouldn’t be a lie.
Show threadHearthstone Office TechJan 31, 2023
@WPalant one would hope. It's a little bit of a trend that these companies seem to stretch the truth about their "security features". Kind of tough to verify as the common person just trying to protect themselves.
Show threadRΥMDΚRΛFTJan 31, 2023
@WPalant Nice! How do you think phrases built by i.e Bitwarden compares to the diceware solution for words? (With perhaps some added variation, but would still be friendlier to enter on, say, a device without a keyboard)
Show threadWladimir PalantJan 31, 2023

@rymdkraft I guess that you mean this password generator: https://bitwarden.com/password-generator/

I checked and it appears to use the same EFF diceware word list that I linked to. So the password strength for a given word count is the same.

Free Password Generator | Create Strong Passwords and Passphrases | Bitwarden

Easy and secure password generator that's completely free and safe to use. Generate strong passwords and passphrases for every online account with the strong Bitwarden password generator, and get the latest best practices on how to maintain password security and privacy online.

Bitwarden
Show threadDavid Schuetz ** looking for work **Jan 31, 2023
@WPalant Did you see the diceware-like challenge that 1Password ran in 2018? Some good information there too, IIRC. https://blog.1password.com/how-strong-should-your-master-password-be-for-world-password-day-wed-like-to-know/
How strong should your 1Password account password be? For World Password Day we’d like to know | 1Password

We recommend that Master Passwords be generated using our wordlist generator using passwords that are four words long. Learn more.

1Password Blog
Show threadWladimir PalantJan 31, 2023
@darthnull Not directly but that’s the challenge they derived their estimates for cracking costs from. Their word lists are longer, but using merely three words resulted in around 600 times weaker passwords than my weakest recommended password.
Show threadHolir_Jan 31, 2023
@WPalant That's a nice article. Thank you.