Understanding password strength meters
Hello agilebits & users,
I just purchased 1Password 30 minutes ago and I have to say it's quite a nice application. But I've come along a HUGE problem not only with 1Password, but also with your forums, which lets me start to doubt you guys know what you're doing.
When I had to setup a master password I typed my regular password with capital and lower letters, special characters, which gave me 80% security. I then tried (for fun) asdasdasdasdasd as password, so is basically chained asd, which gave me 100% strong password. Like what the f are you even doing not scanning for keychains and giving all lower letters, without any numbers or special characters a 100% strong?
This is real bullshit, any open source application (keepass) can do that better. Please fix that, because it's issuing huge concerns inside me, letting me think that if you don't even have one of the easiest thing for a password manager, that I don't even want to know how badly coded the source code is elsewhere considering security and encryption.
Regards,
a concerned purchaser
Comments
-
Since I seem to be unable to edit this post I'd also like to add a feature request. Could you add a password generation button to the toolbar, next to find or something, since I can not even find the generation tool in the context menus.
edit: For the windows version this is.0 -
The bad news
The sad fact of the matter is that all password strength meters are unreliable, including our own. This is because the strength of a password can only determined by understanding the "system" that was used to generate it. This is not something that can be reliably inferred from a single instance of a password.
Explaining the bad news
Let me quote from an exaggerated example we've used to illustrate a different, but related point:
The passwords
F9GndpVkfB44VdvwfUgTxGH7A8tandrE67AjbDCUotaju9H49sMFgYszAeach look like extremely strong passwords. Based on their lengths and the use of upper and lower case and digits, any password strength testing system would say that these are extremely strong passwords. But suppose that the system by which these were generated was the following: Flip a coin. If it comes up heads useF9GndpVkfB44VdvwfUgTxGH7A8t, and if it comes up tails userE67AjbDCUotaju9H49sMFgYszA.That system produces only two outcomes. And even though the passwords look strong, passwords generated by that system are extremely weak.
Beyond this, there isn't even a consensus on how to define the strength of a password (which is a separate problem from calculating it.). In a talk (slides, video) at PasswordsCon 2013, Las Vegas, I pointed out the well known problems with using Shannon Entropy for this purpose, the less well known problems with using Guessing Entropy as definition of password strength, and I proposed one built upon Guessing Entropy. But even if my proposed definition is a good or useful one, it isn't useful for the construction of password strength meters.
Lines of improvement
Now it would be possible for our password strength meter to check whether all of the letters chosen come from a single row on an a qwerty keyboard. Also, I suppose, we could check for chaining by trying to compress the password to measure redundency. And perhaps these will be ways in which we will improve the password strength meter.
Of course one way to build a password strength checker is to try to "crack" the password. We could count how many guesses it talks to crack a password using some rule set from a password cracker like John the Ripper. But tying up your CPU for days, weeks, months, years to estimate the strength of a password is not useful.
There is some interesting work being done Peter Kecherginsky, which could be used to analyze a specific password and see which cracking rule would catch it. Here is a video of his talk. Although this wasn't his intent, it might be usable this way. But at this point we haven't experimented with it to see if it does make a better password strength meter.
There are also a couple of projects that attempt to "build a better password strength meter". Most notably Dropbox's zxcvbn. It relies heavily on the notion of Shannon Entropy (which we know is inappropriate for human generated passwords). But it might be something to incorporate.
Human and non-human generated passwords
Our password strength meter doesn't know if the password it is looking at is the result of our own Strong Password Generator or if it is something that was created by a human. (This gets back to the point about needing to know the system under which the password was created.) And to be extra conservative it always assumes that it was human generated. As a consequence, our own strength meter massively and systematically undervalues the strength of our own generated passwords.
The good news
The good news is that even though nobody has a good password strength measure, the ones that we do have work effectively to encourage people to use better passwords.
[Edit: An earlier version of this contained a bad link to the Defining Password Strength presentation slides. Use the updated one instead.]
0 -
@schlumpfpirat wrote:
feature request. Could you add a password generation button to the toolbar, next to find or something, since I can not even find the generation tool in the context menus. edit: For the windows version this is.
That is a great suggestion. I can't promise anything about feature requests, but you might notice that the move from 1Password 3 to 1Password 4 on Mac and iOS involve many more places where the Strong Password Generator is available. If you haven't signed up for the 1Password 4 Beta for Windows, I'd suggest you do so: http://blog.agilebits.com/2013/11/13/1password-4-for-windows-is-coming-want-to-help-beta-test/
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0
