Schneier on Security
A blog covering security and security technology.
« More Plant Security Countermeasures |
| Random Links on the Boston Terrorist Attack »
April 24, 2013
Ellen on Protecting Passwords
Pretty good video. Ellen makes fun of the "Internet Password Minder," which is -- if you think about it -- only slightly different than Password Safe.
Posted on April 24, 2013 at 1:06 PM
• 38 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"only slightly different than Password Safe"
well, it's a hardware solution, rather than software.
she or her writers have clearly identified the security problems with that product.
This is actually real, saw one of those in a bookstore the other day. A nice looking, large in length size, made out of suede cover.
Truth be told, you have to write them down somewhere, might as well a soft copy on your hard drive, backed up online somewhere.
Passwords are not really plain old passwords anymore, they come with all kinds of security identifier questions etc.
For many people, I actually think this is a better solution than having weak passwords everywhere that you can easily remember, sticky notes on the monitor or a cleartext password file on your desktop. It puts your passwords into the realm of physical security and the burglar breaking into your house to steal your stuff is not likely to search your bookcase for one of these things.
But knowing my parents, they would still use this to write down all of their weak passwords that are the same on all websites and then leave it next to their keyboard for easy reference.
Well, it keeps your passwords safe.
From what? Bots and Trojans? Definitly. Snooping spouses? Definitly not.
I actually love this product (when used appropriately). If I ever see one, I am going to pick one up for my mom. My concern for my mom is not physical theft, it is virtual theft. I am sure I can get her to use better and different passwords if I could find a scheme that helps make it easy for her to find and use those passwords. A book like that just might help.
On a similar, but separate note, for home use I am leaning more and more to advising my family to write passwords down. I have a much better chance of them using better passwords and different passwords if they have them written down then if they have to memorize the passwords. By doing this, I am assuming the risk that they are physically robbed is less likely than the risk that a database full of passwords is stolen from some website.
See if you can get them to use something like KeePass or Password Safe. I find Keepass easier to use in general. Right-click;copy username, right-click;paste, right-click;copy password, right-click;paste. So easy.
I save the database in a SpiderOak synced folder so changes are automatically updated between home and work if I make a change to one.
Some people really do use stick notes to store passwords. So this binder is a security upgrade for them. Add in a gabinet with a lock, and it is a good thing for users that have trouble using password managers.
What it could use is a random password generator. I think it is not so difficult to make a paper method. They could include pages of random letters or something. Heh, some people would really find that easier to use because they are more used to printed tools than computers..
That is my ultimate goal. Over time, I want to train my mom how to use Keepass, but during the interim, I think a book designed for password storage would be easier for her than her current method. (A small notepad with a bunch of username/passwords written somewhat randomly throughout.)
What it could use is a random password generator.
How about a 20- or 30-sided die of the sorts used by pencil-and-paper role-playing gamers, imprinted with a collection of letters and/or digits? I think that even Grandma should be able roll one and write down each letter in their Password Minder, then lock it all up in their Password Minder Protector.
And to make people use strong passwords, the Password Minder should have them pre-printed, generated from a good entropy source. It is easy today to print unique items in large volumes.
A user will fill in the username and site details only - and maybe decide the length of the password by striking off some characters at the end (or beginning, for that matter) in case a site doesn't accept long passwords.
Of course such version of the Minder itself should have some tamper-resistant packaging to prevent someone from scanning the passwords before end user gets it.
As a bonus, a few initial pages may be also pre-printed with popular site names like facebook, twitter etc. - only the username field left blank.
A great gift for your grandma...
If you are not worried about theft of the computer, you logically are not worried about theft of the thing next to it. Thus, a binder makes sense. (If you are worried about the theft of your computer, you really need to use drive encryption, considering your web browser remembers them all anyway.)
Of course, if you are not worried about the theft of the computer, than I have to ask where the hell not just keep the passwords _on_ the computer, where it is much easier to copy and paste them?
I tell everyone I know 'Look, make a text file on your computer for passwords. Put it on your desktop where you can find it. When you need to make a new password, go there, put in the site, userid, and pound out 12 letters and numbers, and copy that in as the password.'.
It's not 'perfectly safe', but it's a hell of a lot more safe than the statistical level of safeness practiced by people. Granted, all of this is mostly because human beings have absolutely no idea how to manage passwords, and a lot of them have been very very mistrained.
So, this is password archival for...techophobes? I don't actually understand why people would take the step of 'write down passwords' and not finish with '...on the device I use to write things down on that I am always at when I create or need to know a password'.
I guess I can't complain much except, of course, that this is absurdly overpriced. For ten dollars you buy three address books, or five blank notebooks, or an index card file and fill it with index cards and tabbed dividers.
I actually think there would be a nice market out there to undercut these guys. For one thing, that book is _huge_. Who the heck has that many passwords? Wouldn't something wallet-sized be a lot more reasonable, _and_ means you can carry it with you?
A TrueCrypt encrypted computer and plain text files is a perfect choice and the system is protected if stolen. KeePass is also a fantastic choice (I use it on flash drives) and then there is Steganos LockNote. All three programs are free, simple to use and all require a single decent password to use.
TrueCrypt is a bit more complicated to setup but after installation any novice can use it to boot the system. Everyone's computer in my family is protected with it.
That was excellent. Needed a good laugh Bruce! :-)
If you're using KeePass with Firefox, be aware of the Keefox add-on. This provides the missing autofill feature that commercial password managers usually provide.
I find it detects web site login fields maybe 80% of the time. :)
I just picked up a blank journal for a friend so she could use it to keep track of the various passwords and sites she manages.
I'm not so worried about security because the security of having a physical object already improves it. At least now the passwords can be long enough and cryptic enough so that some script kiddie somewhere else in the world cannot crack it remotely. Now they'll have to travel here and steal it.
And remember that most of your on-line passwords aren't going to be cracked like this. As long as you didn't pick one in the short-dictionary-list (password, passw0rd, etc) and the site practices decent X tries before locked out for Y seconds you'll probably lose your password because the computer you're using is already cracked or the site you're typing it into is a phishing site.
And 100% agreement with everyone who recommends pre-generated passwords. And fake answers to "what city were you born in" questions.
"I find Keepass easier to use in general. Right-click;copy username, right-click;paste, right-click;copy password, right-click;paste. So easy."
Ah, you do know that you can do this all in one step, don't you? Just click in the login name box on the target web site to make it active, right-click on the appropriate entry in KeePass, then click "Perform Autotype" in the right click menu. KeePass will type in your login name then a tab character, then your password then Return.
Just make sure Autotype is enabled in the individual entry. Also look for two channel obfuscation option. BTW, KeePass has recently upgraded to V.2.22.
I suspect granny would be happier remembering one password and using something like last pass or keepass or something. Typing in strong passwords is somewhat of a chore, I find. Even if you don't have to go to the trouble of remembering the things.
Ya, and have that file stolen by a trojan or via careless file sharing settings then.
Full disk encryption wont protect against that.
We should stop calling it pass-WORD. that's not the idea you want in the user's head when they are struggling to generate a good secret.
Nobody seems to have mentioned
Ok, I've got my Password Minder Protector Minder. Now where do I store that to keep it safe from prying eyes?
Look no further: my new Password Minder Protector Minder Protector can be yours today! (Available at Walgreens)
This is Granpa! I use LastPass. Works well.
old age is not for sissies
"Ah, you do know that you can do this all in one step, don't you? Just click in the login name box on the target web site to make it active, right-click on the appropriate entry in KeePass, then click "Perform Autotype" in the right click menu. KeePass will type in your login name then a tab character, then your password then Return. "
Great idea. I love it. I am definitely going to steal that idea and teach my mom to use it. :)
lol...I love your attitude. My mom has a similar attitude, she is just a tad bit too trusting at times. :) After her first stint of her bank account being stolen due to a scam, she started listening to me more. I try to slowly introduce better and better security concepts. She is actually doing pretty good now. But there is always room to improve. (I include myself in that statement.) My current focus is to get her using different passwords for everything, but that will be a slow transition. (Not living close by doesn't help either.)
Btw, on a side note, I love this site and the constructive discussions that go on. I mostly lurk and rarely post, but I love reading the conversations on this site when I have time.
Right at the end she cracks the one about sending your passwords to her for safekeeping... Isn't that what Lastpass does?
Can't trust them that much myself...
@ Mark J Blaire
"How about a 20- or 30-sided die of the sorts used by pencil-and-paper role-playing gamers, imprinted with a collection of letters and/or digits?"
Awesome to see someone else thinking about using those die. In 2010 or 2011 I wrote a program that turns die roll results into random keys (after running it through a hash function). The die I used were eight-sided D&D die. I noticed that 2^3 = 8 so there was a perfect, unbiased correlation between an 8-sided dice and 3 bits. So to make at least n truly random bits, you need to roll n/3 times plus 1 if there's a remainder. Worked like a charm. Throw a bunch in a shoe box, shake it and dump it on the floor for quick bits.
Next step was 16 sided die for 4 bits. I later aimed for economy (and deniability) by using a deck of cards for the same thing. Trick was to take out cards so that what was left would have a similar correlation. For instance, 8 (2^3) possible ranks and four (2^2) suits. So, each card represented 5 bits.
Then I discovered LavaRnd and VIA C3's Padlock Engine w/ onboard TRNG. Today, the dice and cards just collect dust in a box in my closet.
Lastpass uses client side encryption for your passwords. They only have a random chunk of data from you on their servers, which they cannot decrypt.
So no, they do something completely different.
Yes, using dice is a nice simple trick if you need some strong key material in moderate amounts. For random website password, I use /dev/random. Not as good, but good enough.
dd if=/dev/random bs=1 count=9 | base64
@ Nick P, Peter A., Mark J. Blair,
How about a 20- or 30-sided die of the sorts used by pencil-and-paper role-playing gamers, imprinted with a collection of letters and/or digits?
Whilst more sides at first sight suggests the less throws you need make, the problem is the more the number of sides you've got, the more bias and the more easily recognised it is in your resulting output .
Also a power of two (ie 2, 4, 8, 16, 32 etc) would at first sight appear to be better than other numbers of sides but in the words of the song "That ain't necessarily so..." as it actually makes a bias more obvious.
To help remove bias it is easiest to use two or more random elements and then combine their results such the bias is spread across all of them. However this has to be done with care lest you change the probability distribution .
There is also the questions of "availability" and occasionaly "suspicion" in using anything other than two (coin) or six (regular die) sides. For instance a 20 sided dice is generaly only available through specialist educational suppliers or role playing games outlets which are not exactly thick on the ground. Further going through a check / customs point is likely to turn up a 20 sided die and one or two questions' where as a couple of packs of cards and a couple of ordinary six sided dice are going to be less questioned and more easily explained. Whilst a pocket of lose change is so ordinary as to attract more suspicion if you did not have lose change...
So how to convert the throw of two dice to a number of bits. One simple way is by matrix. Draw up a six by six grid and fill in the squares with numbers from 0 to 35 in any order. Along the top of the grid write 1-6 and likewise down the left hand side of the grid. Have the dice marked in some way (different coloured bodies or dots etc) that does not add bias and use one to pick the left number the other the top and throw them from the cup at the same time as a pair. Read the result from the grid, if the number is outside your required range (0-31) discard the result and throw again. Keep going untill you have the required number of bits or more.
If however you want letters and numbers fill in the grid randomly with A-Z,0-9 or just letters fill in A-Z randomly and leave the other squares blank. If just numbers then use 0-9 three times and randomly and leave six squares blank.
It's a process that has been used several times over the years to generate "One Time Pads" and I wrote a little program many years ago that fits nicely onto a floppy disk along with the MS OS that prints out two neatly formated pages for the pads to be easily used. It also keeps a running tab on the numbers looking for bias.
Importantly create the matrix anew for each random sequence you need and then destroy it afterwards as being in posetion of it is a dead give away as to what you are using the dice for.
 It's been shown a number of times that it is actually quite dificult to make an unbiased mechanical object such as a coin or die. However for most uses the slight bias can be ignored or where important (cryptography etc) de-biased. The von newman de-biaser of taking two succesive and thus otherwise unbiased coin flips and using them to provide one unbiased bit is one of very many .
 As a simple example take six ordinary dice and throw them from a cup and count up all the spots you get numbers in the range 6-36 as you would expect but after a few throws or moments of thought you will realise that the probability distribution is not flat but a close approximation of the bell curve. However take the result mod 6 and you will get the equivalent of a single die being thrown but the bias of each of the six dice is reduced and spread across all the numbers making the probability nearer being flat.
@Clive: Nice description of rolling random numbers with dice for dummies. It is obviously not good to just add the spots and assume the sum is evenly distributed, I think Nick P. and I just assumed everyone knows that from basic probability classes. Thank you for spelling it out for the wide public.
By the way, I am completely puzzled by your comment about a non-standard die getting attention of customs/whatever. What's wrong or unusual with it? Anyway, if one is so paranoid, he can carry some other role-playing accessories along to complete the picture of a gamer. What's wrong with this?
@Clive & Nick: shuffling a deck of cards properly is tricky. Rolling a die or tossing a coin is much easier. I'd go for the latter.
I've been writing down my high entropy passwords and keeping them in a safe for years. I think that's a perfectly reasonable defense against most threats. There are multiple ways an attacker can compromise a passwords stored in (encrypted) soft format (keylogger of safe password, compromise system, break algorithm, brute force encrypted file etc.); there are far fewer ways to compromise a safe, and they all require physical access.
And who am I more concerned about having my password list: a burglar, or the type of threat agent who can defeat KeePass?
File sharing compromising a TrueCrypt volume is a pathetic argument to use against using Keepass/TrueCrypt. File Sharing is a major security risk which can negate any other security measures in place. If you have to run that service for a legit reason do it on an otherwise unused box or in a virtual machine. The "I can poke a hole in any security measure so do not bother with security" argument is for the unwise and arrogant. Unfortunately the computer security world has an oversupply of such. Spare us.
That's not the point I was trying to make. It was directed at people saying they should just keep their passwords in a textfile on the desktop, cause the HDD is encrypted.
I love truecrypt and use it all the time. My whole point was that it's not going to protect the unsecure password managing "system" people suggested.
@clive -- seems awfully complicated.
I used to have to set up shared secret VPN's, so needed a random hex string. My solution was just a penny, nickel, dime, and quarter (us coins). Generally always had it with me, and seemed to provide good entropy... (sidebar: it would probably not be surprising to walk into a "high security" environment to find that the shared secret was 0xFEEDFACE. Alas, the security officers were more hungry than careful...)
@ woody weaver,
My solution was just a penny,...
As I said,
Whilst a pocket of lose change is so ordinary as to attract more suspicion if you did not have lose change..
It is a working method but you have to watch you don't fall into a predictable pattern such as using the penny for every fourth bit etc.
The reason for using dice, belive it or not is way to many don't know how to flip a coin "fairly" where they show no such problems with dice (go figure, it's puzzeled me for many years).
@ Peter A.,
By the way, I am completely puzzled by your comment about a non- standard die getting attention of customs/whatever. What's wrong or unusual with it?
It's the fact it's "unusual" it makes people look at you differently and thus much much more likely to remember you or even think you "hinky" thus add you to their daily list.
As was once remarked by a famous physicist who liked to pick locks as a cure for being subject to excessive security,
The sound of a scientific discovery is not Eurica, but "that's odd".
Which is also often the sound of somebodies 'legend' (back / cover story) starting to unravel.
It's interesting how some surprisingly positive comments are pretty much identical on different sites reporting about this, uhm, phantastic product.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.