Jump to content

Password strength: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m gram
Line 51: Line 51:
|-
|-
|}
|}

===Password strength depends on symbol set and length===
===Password strength depends on symbol set and length===
Increasing the number of possible symbols from which random passwords are chosen will increase the strength of generated passwords of any given length. For example, the printable characters in the [[ASCII]] character set (roughly those on a standard U.S. English keyboard) include 26 letters (in two [[letter case|case]] variants), 10 digits, and 33 non-alphanumeric symbols (i.e., punctuation, grouping, etc.), for a total of 95 symbols (95 if space is included). However the same strength can always be achieved with a smaller symbol set by choosing a longer password. In the extreme, binary passwords can be very secure, even though they only use two possible symbols. See table below. Thus a 14 character password consisting of only random lowercase letters has the same strength (4.7×14 = 65.8 bits) as a ten character password chosen at random from all printable ASCII characters (65.55 bits).
Increasing the number of possible symbols from which random passwords are chosen will increase the strength of generated passwords of any given length. For example, the printable characters in the [[ASCII]] character set (roughly those on a standard U.S. English keyboard) include 26 letters (in two [[letter case|case]] variants), 10 digits, and 33 non-alphanumeric symbols (i.e., punctuation, grouping, etc.), for a total of 95 symbols (95 if space is included). However the same strength can always be achieved with a smaller symbol set by choosing a longer password. In the extreme, binary passwords can be very secure, even though they only use two possible symbols. See table below. Thus a 14 character password consisting of only random lowercase letters has the same strength (4.7×14 = 65.8 bits) as a ten character password chosen at random from all printable ASCII characters (65.55 bits).

Revision as of 11:05, 24 December 2010

Gmail password strength meter

Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and randomness.[1]

However, other attacks on passwords can succeed without a brute search of every possible password. For instance, knowledge about a user may suggest possible passwords (such as pet names, children's names, etc.). Hence estimates of password strength must also take into account resistance to other attacks as well.

Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the authentication system software, particularly how frequently password guesses can be tested by an attacker and how securely information on user passwords is stored and transmitted. Risks are also posed by several means of breaching computer security which are unrelated to password strength. Such means include wiretapping, phishing, keystroke logging, social engineering, dumpster diving, side-channel attacks, and software vulnerabilities.

Determining password strength

There are two primary ways passwords are created, automatically (using randomizing equipment) or by a human. The strength of randomly chosen passwords against guessing or brute force attack can be calculated with precision.

Commonly, passwords are initially created by asking a human to choose a password, sometimes guided (or restricted) by a set of rules or suggestions. This typically happens at account creation time for computer systems or Internet Web sites. In this case, only estimates of strength are possible, since humans tend to follow patterns in such tasks, and those patterns may assist an attacker.[2] In addition, lists of commonly chosen passwords are widely available for use by password guessing programs. Any of the numerous online dictionaries for various languages is such a list. All items in such lists are considered weak, as are passwords that are simple modifications of them. Either can be quickly tried. For some decades, investigations of passwords on multi-user computer systems have shown that 40% or more are readily guessed using only computer programs, and more can be found when information about a particular user is taken into account during the attack.

Automatic password generation, if properly done, can avoid any connection between a password and its user. For example, one's pet's name is quite unlikely to be generated by such a system. For a password chosen from a sufficiently large 'password space,' brute force search time can be made so long as to be infeasible. There are two problems with truly random passwords: they can be tricky to generate (see random password generation), and they tend to be hard to remember.

Entropy as a measure of password strength

It is usual in the computer industry to estimate password strength in terms of information entropy, measured in bits, a concept from information theory. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is the number of "entropy bits" in a password. A password with, say, 42 bits of strength calculated in this way would be as strong as a string of 42 bits chosen randomly, say by a fair coin toss. Put another way, a password with 42 bits of strength would require 242 attempts to exhaust all possibilities during a brute force search. Thus, adding one bit of entropy to a password doubles the number of guesses required, which makes an attacker's task twice as difficult. On average, an attacker will have to try half the possible passwords before finding the correct one.[2]

Random passwords

Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), syllables designed to form pronounceable passwords, or even words from a word list (thus forming a passphrase).

The strength of random passwords depends on the actual entropy of the underlying number generator; these are often not truly random, but pseudo random. Many publicly available password generators use random number generators found in programming libraries that offer limited entropy. However most modern operating systems offer cryptographically strong random number generators that are suitable for password generation. it is also possible to use ordinary dice to generate random passwords. See Random password generator#Stronger methods. Random password programs often have the ability to ensure that the resulting password complies with a local password policy; for instance, by always producing a mix of letters, numbers and special characters.

For passwords generated by a process that randomly selects a string of of symbols of length, L, from a set of N possible symbols, the number of possible passwords can be found by raising the number of symbols to the power L, i.e. NL. The strength of a random password as measured by the information entropy is just the base-2 logarithm or log2 of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password's information entropy, H, is given by the formula

where N is the number of possible symbols and L is the number of symbols in the password. H is measured in bits.[2][3]

Entropy per symbol for different symbol sets
Symbol set Symbol count N Entropy per symbol H
Arabic numerals (0–9) (e.g. PIN) 10 3.322 bits
hexadecimal numerals (0–9, A-F) (e.g. WEP keys) 16 4.000 bits
Case insensitive Latin alphabet (a-z or A-Z) 26 4.700 bits
Case insensitive alphanumeric (a-z or A-Z, 0–9) 36 5.170 bits
Case sensitive Latin alphabet (a-z, A-Z) 52 5.700 bits
Case sensitive alphanumeric (a-z, A-Z, 0–9) 62 5.954 bits
All ASCII printable characters 94 6.555 bits
Diceware word list 7776 12.925 bits

Password strength depends on symbol set and length

Increasing the number of possible symbols from which random passwords are chosen will increase the strength of generated passwords of any given length. For example, the printable characters in the ASCII character set (roughly those on a standard U.S. English keyboard) include 26 letters (in two case variants), 10 digits, and 33 non-alphanumeric symbols (i.e., punctuation, grouping, etc.), for a total of 95 symbols (95 if space is included). However the same strength can always be achieved with a smaller symbol set by choosing a longer password. In the extreme, binary passwords can be very secure, even though they only use two possible symbols. See table below. Thus a 14 character password consisting of only random lowercase letters has the same strength (4.7×14 = 65.8 bits) as a ten character password chosen at random from all printable ASCII characters (65.55 bits).

Minimum lengths L of randomly generated passwords to achieve desired password entropy H for symbol sets containing N symbols.
Desired password entropy H Arabic numerals Case insensitive Latin alphabet Case insensitive alphanumeric Case sensitive Latin alphabet Case sensitive alphanumeric All ASCII printable characters
32 bits 10 7 7 6 6 5
40 bits 13 9 8 8 7 7
64 bits 20 14 13 12 11 10
80 bits 25 18 16 15 14 13
96 bits 29 21 19 17 17 15
128 bits 39 28 25 23 22 20
160 bits 49 35 31 29 27 25
192 bits 58 41 38 34 33 30
224 bits 68 48 44 40 38 35
256 bits 78 55 50 45 43 40
384 bits 116 82 75 68 65 59
512 bits 155 109 100 90 86 79
1024 bits 309 218 199 180 172 157

Note that the full strength associated with using the entire ASCII character set (numerals, mixed case letters and special characters) is only achieved if each character in the password is chosen randomly from that set. Capitalizing a letter and adding a couple of numbers and a special character to a password will not achieve the same strength. If the numbers and special character are added in predictable ways, say at the beginning and end of the password,[4] they could even lower password strength compared to an all letter random password of the same length.

Because national keyboard implementations vary, not all 94 ASCII printable characters can be used everywhere. This can present a problem to an international traveler who wished to log into remote system using a keyboard on a local computer. See keyboard layout.

Authentication programs (e.g., those which determines access to a computer system) vary in which characters they allow in passwords. Some do not recognize case differences (e.g., the upper-case "E" is considered equivalent to the lower-case "e"), others prohibit some of the other symbols. In the past few decades, systems have permitted more characters in passwords, but limitations still exist. Many hand held devices, such as PDAs and smart phones, require complex shift sequences to enter special characters. Systems also vary in the maximum length of passwords allowed, with some older systems limited to eight characters.

Human-generated passwords

People are notoriously remiss at achieving sufficient entropy to produce satisfactory passwords. Some stage magicians exploit this inability for amusement, in a minor way, by divining supposed random choices (of numbers, say) made by audience members.

Thus, in one analysis of over 3 million eight-character passwords, the letter "e" was used over 1.5 million times, while the letter "f" was only used 250,000 times. A uniform distribution would have had each character being used about 900,000 times. The most common number used is "1", whereas the most common letters are a, e, o, and r.[5]

NIST suggests the following scheme to estimate the entropy of human-generated passwords:[2]

  • the entropy of the first character is four bits;
  • the entropy of the next seven characters are two bits per character;
  • the ninth through the twentieth character has 1.5 bits of entropy per character;
  • characters 21 and above have one bit of entropy per character.

This would imply that an eight-character human-selected password has about 18 bits of entropy.

Users rarely make full use of larger characters sets in forming passwords. For example, hacking results obtained from a MySpace phishing scheme in 2006 revealed 34,000 passwords, of which only 8.3% used mixed case, numbers, and symbols.[6]

Bit strength threshold

As a practical matter, passwords must be both reasonable and functional for the end user as well as strong enough for the intended purpose. Passwords that are too difficult to remember may be forgotten and so are more likely to be written on paper, which some consider a security risk.[7] In contrast, others argue that forcing users to remember passwords without assistance can only accommodate weak passwords, and thus poses a greater security risk. According to Bruce Schneier, most people are good at securing their wallets or purses, which is a "great place" to store a written password.[8]

Some basic benchmarks have been established for brute force searches in the context of attempting to find keys used in encryption. The problem is not the same since these approaches involve astronomical numbers of trials, but the results are suggestive for password choice. In 1999, an Electronic Frontier Foundation project broke 56-bit DES encryption in less than a day using specially designed hardware.[9] In 2002, distributed.net cracked a 64-bit key in 4 years, 9 months, and 23 days.[10] As of August 17, 2010, distributed.net estimates that cracking a 72-bit key using current hardware will take about 48,712 days or 133.5 years.[11] Due to currently understood limitations from fundamental physics, there is no expectation that any digital computer (or combination) will be capable of breaking 256-bit encryption via a brute-force attack.[12] Whether or not quantum computers will be able to do so in practice is still unknown, though theoretical analysis suggests such possibilities.[citation needed]

As a result, there can be no exact answer to the somewhat different problem of the password strength required to resist brute force attack in practice. NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 95-character choice (e.g., the original ASCII character set) with a 12-character random password (12 x 6.5 bits = 78).[2] A 2010 Georgia Tech Research Institute study also recommended a 12-character random password, but as a minimum length requirement.[13][14]

Guidelines for strong passwords

Common guidelines

Common guidelines for choosing good passwords are designed to make passwords less easily discovered by intelligent guessing:[15][16][17][18]

  • Password length should be around 12 to 14 characters if permitted, and longer still if possible while remaining memorable
  • Use randomly generated passwords where feasible
  • Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., dates, ID numbers, ancestors names or dates).
  • Include numbers, symbols, upper and lowercase letters in passwords if allowed by the system
  • If the system recognizes case as significant, use capital and lower-case letters
  • Avoid using the same password for multiple sites or purposes
  • If you write your passwords down, keep the list in a safe place, such as a wallet or safe, not attached to a monitor or in an unlocked desk drawer

Additional guidelines

Double a character consecutively, to discourage shoulder surfing, the technique whereby someone observes the typing over a shoulder. Don't triple a character and don't double more than one character. If the typist is fast, it's hard to see how many times a key was consecutively pressed.[19]

As a user might need access from a phone with a small keyboard, consider which nonalphanumerics appear on all models, if any do.[20]

Individuals and businesses can also choose to use devices or cloud-based applications that generate a one-time password, which are functional for only one session or expire after a limited amount of time. One-time password generator solutions are available using cloud-based services, mobile phone applications, a security token and other methods.

Examples of weak passwords

As with any security measure, passwords vary in effectiveness (i.e., strength); some are weaker than others. For example, the difference in weakness between a dictionary word and a word with obfuscation (i.e., letters in the password are substituted by, say, numbers— a common approach) may cost a password cracking device a few more seconds– this adds little strength. The examples below illustrate various ways weak passwords might be constructed, all of which are based on simple patterns which result in extremely low entropy:[5]

  • Default passwords (as supplied by the system vendor and meant to be changed at installation time): password, default, admin, guest, etc. All are typically very easy to discover.
  • Dictionary words: chameleon, RedSox, sandbags, bunnyhop!, IntenseCrabtree, etc., can be automatically tried at very high speeds.
  • Words with numbers appended: password1, deer2000, john1234, etc., can be easily tested automatically with little lost time.
  • Words with simple obfuscation: p@ssw0rd, l33th4x0r, g0ldf1sh, etc., can be easily tested automatically with little additional effort.
  • Doubled words: crabcrab, stopstop, treetree, passpass, etc., can be easily tested automatically.
  • Common sequences from a keyboard row: qwerty, 12345, asdfgh, fred, etc., can be easily tested automatically.
  • Numeric sequences based on well known numbers such as 911 (9-1-1, 9/11), 314159... (pi), or 27182... (e), etc., can easily be tested automatically.
  • Identifiers: jsmith123, 1/1/1970, 555–1234, "your username", etc., can easily be tested automatically.
  • Anything personally related to an individual: license plate number, Social Security number, current or past telephone number, student ID, address, birthday, sports team, relative's or pet's names/nicknames/birthdays/initials, etc., can easily be tested automatically after a simple investigation of person's details.

There are many other ways a password can be weak,[21] corresponding to the strengths of various attack schemes; the core principle is that a password should have high entropy (usually taken to be equivalent to randomness) and not be readily derivable by any "clever" pattern, nor should passwords be mixed with information identifying the user.

Examples that follow guidelines

The passwords below are examples that follow some of the published guidelines for strong passwords. But note carefully that, since these example passwords have been published in this article, they should never be used as actual passwords as their publication have rendered them and derivates of them as weak passwords. The listed passwords are only for usage as examples.

  • 4pRte!ai@3 – mixes uppercase, lowercase, numbers, and punctuation. This suggests a large character set which increases an attacker's work factor, a desirable property.
  • Tp4tci2s4U2g! – builds from a phrase a user can memorize: "The password for (4) this computer is too (2) strong for you to (4U2) guess!" — mixes types of character. If the phrase is not 'well-known' (e.g., published in any quotation compendium – online or in print, no matter how obscure to you), this password should have high entropy for an attacker, and be easier to remember than many passwords. Note: since this example is now available, it should not be used as a password.
  • tDI"60Hs7Q – are characters selected from two poetry stanzas by different methods from a page selected using an honest die, but likely to be hard to memorize.
  • l52@36291QBs( – represents the serial number of a US currency bill with added elements that should be random, e.g. chosen via the honest die mentioned above. The bill and its serial number are likely to be hard to connect to the user and thus present high entropy to an attacker. Note that some currency may use predictable serial numbers (e.g., adding check digits, padding, type codes and the like, often covertly) and, if so, will have less entropy than might be expected.
  • BBslwys90! – is loosely based on a phrase that a user might memorize: "Big Brother is always right (right angle = 90°)!" – also mixes character classes, which increases an attacker's work factor.
  • B1g bRother |$ alw4ys riGHt!? - is an example of an extremely strong, easy to remember yet hard to guess password created by using a passphrase as a password. Key features are multiple words, length, random punctuation, random capitalization, and random simple substitutions. If a user can remember these small changes and chooses a phrase that is obscurely personal (the user associates it with something, but any other person would not generally make this assumption), the result should be a strong password that needn't be written down.

Password policy

A password policy is a guide to choosing satisfactory passwords. Some are controversial. They are usually intended to:

  • assist users in choosing strong passwords
  • ensure the passwords are suited to the target population
  • recommendations to users with regard to the handling of their passwords
  • a requirement to change any password which has been lost or compromised, and perhaps that no password be used longer than a limited time
  • some policies prescribe the pattern of characters which passwords must contain

For example, password expiration is often covered by password policies. Password expiration serves two purposes:[22]

  • if the time to crack a password is estimated to be 100 days, password expiration times fewer than 100 days may help ensure insufficient time for an attacker.
  • if a password has been compromised, requiring it to be changed regularly should limit the access time for the attacker

Some argue that password expirations have become obsolete,[23] since:

  • asking users to change passwords frequently encourages simple, weak passwords.
  • if one has a truly strong password, there is little point in changing it since the existing password is already strong. Changing passwords which are already strong introduces risk that the new password may be less strong. Since any compromised password is weak by definition, the possibility of compromise must be considered in estimating password strength.

Creating and handling passwords

Among the hardest passwords to crack are long, high-entropy character strings; they resist brute force attacks (because there are many characters) and guessing attacks (due to high entropy). However, such passwords are often also the hardest to remember in practice. The imposition of a requirement for such passwords in a password policy may encourage users to write them down, store them in PDAs or cellphones, or share them with others as a safeguard against memory failure. Some people consider each of these user resorts to increase security risks. In practice, others suggest recognizing the reality of multiple complex passwords. Security expert Bruce Schneier recommends writing down your password:

Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

— Bruce Schneier 2005

The following measures may increase acceptance of strong password requirements, if carefully used:

  • a training program. Also, updated training for those who fail to follow the password policy (lost passwords, inadequate passwords, etc.).
  • reward strong password users by reducing the rate, or eliminating altogether, the need for password changes (password expiration). The strength of user-chosen passwords can be estimated by automatic programs which inspect and evaluate proposed passwords, when setting or changing a password.
  • mandate a thorough and rapid account closure process for departing users and/or a process to display to each user the last login date and time in the hope that the user may notice unauthorized access, suggesting a compromised password.
  • allow users to reset their passwords via an automatic system, which reduces help desk call volume. However, some systems are themselves insecure; for instance, weak (or easily guessed, or insufficiently frequently changed) password reset keys bypass the advantages of a strong password system.
  • use automatically and semi-randomly generated passwords that do not allow users to choose their own passwords. Truly random passwords are very hard to generate, though there are several ways to generate pseudo-random passwords.
  • use a separate device or system to generate random appearing material that can be used as a password or used to generate a password. There are now hand held devices small enough to carry which can generate pseudo-random sequences (e.g., some calculators or purpose built "security token generators"). One suggestion involves use of any of suitable spreadsheet programs to produce a character grid, modify it with the internal pseudo-random function (not truly random being a finite state calculation, and an undirected passage of one's eyes over the result. Such schemes are very unlikely to be random, but rather more likely to be personally unpredictable which is quite a different thing.

Memory techniques

Password policies sometimes suggest memory techniques to assist remembering passwords:

  • mnemonic passwords: Some users develop mnemonic phrases and use them to generate high-entropy (more or less random) passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Silly ones are possibly more memorable.[24] Another way to make random-appearing passwords more memorable is to use random words (see diceware) or syllables instead of randomly-chosen letters.
  • after-the-fact mnemonics: After the password has been established, invent a mnemonic that fits.[25] It does not have to be reasonable or sensible, only memorable. This allows passwords to be random.
  • password patterns: Any pattern in a password makes guessing (automated or not) easier and reduces an attacker's work factor.
    • In an example from the UK in October 2005, employees of the British government were advised to use passwords of the following form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example pinray45). This pattern is called an Environ password[citation needed] and is case-insensitive. The pattern of alternating vowel and consonant characters was intended to make passwords more likely to be pronounceable and thus more memorable. Unfortunately, such patterns severely reduce the password's information entropy, making brute force password attacks considerably more efficient.

Protecting passwords

Computer users are generally advised to "never write down a password anywhere, no matter what" and "never use the same password for more than one account." However, an ordinary computer user may have dozens of password-protected accounts. Users with multiple accounts needing passwords often give up and use the same password for every account. When varied password complexity requirements prevent use of the same (memorable) scheme for producing high-strength passwords, overly simplified passwords will often be created to satisfy irritating and conflicting password requirements. A Microsoft expert was quoted as saying at a 2005 security conference: "I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."[26]

If passwords are written down, they should never be kept in obvious places such as address books, Rolodex files, under drawers or keyboards, or behind pictures. Perhaps the worst, but all too common, location is a Post-It note on the computer monitor. Better locations are a safe deposit box or a locked file approved for information of sensitivity comparable to that protected by the password. Most locks on office file cabinets are far from adequate. Software is available for popular hand-held computers that can store passwords for numerous accounts in encrypted form. Another approach is to encrypt by hand on paper and remember the encryption method and key.[27] And another approach is to use a single password or slightly-varying passwords for low-security accounts and select distinctly separate strong passwords for a smaller number of high-value applications such as for online banking.

Time needed for password searches

One way to judge the strength of a password is to estimate the time and computing power required for cracking. The time to crack a password is related to bit strength (see above), which is a function of the password's information entropy. Most methods of password cracking require the computer to produce many candidate passwords, each of which is checked. Brute force cracking, in which a computer tries every possible key or password until it succeeds, is the lowest common denominator of password cracking. More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc., attempt to reduce the number of trials required and will usually be attempted before brute force.

The ability to crack passwords using computer programs is a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be quite large. If not, the rate depends on whether the authentication software limits how often a password can be tried, either by time delays, CAPTCHAs, or forced lockouts after some number of failed attempts.

Individual desktop computers can test anywhere between one million to fifteen million passwords per second against a password hash for weaker algorithms, such as DES or LanManager. See: John the Ripper benchmarks A user-selected eight-character password with numbers, mixed case, and symbols, reaches an estimated 30-bit strength, according to NIST. 230 is only one billion permutations and would take an average of 16 minutes to crack.[2] When ordinary desktop computers are combined in a cracking effort, as can be done with botnets, the capabilities of password cracking are considerably extended. In 2002, distributed.net successfully found a 64-bit RC5 key in four years, in an effort which included over 300,000 different computers at various times, and which generated an average of over 12 billion keys per second.[10]

Despite their capabilities, desktop CPUs are slower at cracking passwords than purpose-built password breaking machines. In 1998, the Electronic Frontier Foundation (EFF) built a dedicated password cracker using FPGAs, as opposed to general purpose CPUs. Their machine, Deep Crack, broke a DES 56-bit key in 56 hours, testing over 90 billion keys per second.[9] The hashes widely used for storing passwords, such as MD5 and the SHA family, are designed for efficient implementation in hardware. Using key stretching algorithms, such as PBKDF2, to form password hashes can significantly reduce the rate at which passwords can be tested. In 2010, the Georgia Tech Research Institute developed a method of using GPGPU to crack passwords, coming up with a minimum secure password length of 12 characters.[13][14][28]

Perhaps the fastest way to crack passwords is through the use of pre-computed rainbow tables. These encode the hashes of common passwords based on the most widely used hash functions and can crack passwords in a matter of seconds. However, they are only effective on systems that do not use salt, such as Windows LAN Manager and some application programs.

References

  1. ^ "Cyber Security Tip ST04-002". Choosing and Protecting Passwords. US CERT. Retrieved June 20, 2009.
  2. ^ a b c d e f "Electronic Authentication Guideline" (PDF). NIST. Retrieved March 27, 2008.
  3. ^ Schneier, B: Applied Cryptography, 2e, page 233 ff. John Wiley and Sons.
  4. ^ http://www.microsoft.com/protect/fraud/passwords/create.aspx
  5. ^ a b Burnett, Mark (2006). Kleiman, Dave (ed.). Perfect Passwords. Rockland, MA: Syngress Publishing. p. 181. ISBN 1-59749-041-5.
  6. ^ Bruce Schneier. "MySpace Passwords aren't so Dumb". Wired Magazine. Retrieved April 11, 2008.
  7. ^ A. Allan. "Passwords are Near the Breaking Point" (PDF). Gartner. Retrieved April 10, 2008.
  8. ^ Bruce Schneier. "Schneier on Security". Write Down Your Password. Retrieved April 10, 2008.
  9. ^ a b "EFF DES Cracker machine brings honesty to crypto debate". EFF. Retrieved March 27, 2008.
  10. ^ a b "64-bit key project status". Distributed.net. Retrieved March 27, 2008.
  11. ^ "72-bit key project status". Distributed.net. Retrieved March 31, 2008.
  12. ^ Bruce Schneier. "Snakeoil: Warning Sign #5: Ridiculous key lengths". Retrieved March 27, 2008.
  13. ^ a b "Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World's Password Security System". Georgia Tech Research Institute. Retrieved 2010-11-07.
  14. ^ a b "Want to deter hackers? Make your password longer". MSNBC. 2010-08-19. Retrieved 2010-11-07.
  15. ^ Microsoft Corporation, Strong passwords: How to create and use them
  16. ^ Bruce Schneier, Choosing Secure Passwords
  17. ^ Google, Inc., How safe is your password?
  18. ^ Bidwell, Teri re (2002). Syngress Publishing. ISBN 1931836515. {{cite book}}: Missing or empty |title= (help)
  19. ^ Nick, Re: Password Security Tips, November 14, 2009 (topic post), as accessed January 20, 2010
  20. ^ E.g., for a keyboard with only 17 nonalphanumeric characters, see one for a BlackBerry phone in an enlarged image in support of Sandy Berger, BlackBerry Tour 9630 (Verizon) Cell Phone Review, in Hardware Secrets (August 31, 2009), both as accessed January 19, 2010. That some websites don’t allow nonalphanumerics is indicated by Kanhef, Idiots, For Different Reasons (June 30, 2009) (topic post), as accessed January 20, 2010.
  21. ^ Bidwell, p. 87
  22. ^ "In Defense of Password Expiration". League of Professional Systems Administrators. Retrieved April 14, 2008.
  23. ^ Eugene Spafford. "Security Myths and Passwords". The Center for Education and Research in Information Assurance and Security. Retrieved April 14, 2008.
  24. ^ Mnemonic Devices (Indianapolis, Ind.: Bepko Learning Ctr., University College), as accessed January 19, 2010
  25. ^ Remembering Passwords (ChangingMinds.org), as accessed January 19, 2010
  26. ^ Microsoft security guru: Jot down your passwords, News.com.com Retrieved on 2007-05-07
  27. ^ Simple methods (e.g., ROT13 and some other old ciphers) may suffice; for more sophisticated hand-methods see Bruce Schneier, The Solitaire Encryption Algorithm (May 26, 1999) (ver. 1.2), as accessed January 19, 2010, and Sam Siewert, Big Iron Lessons, Part 5: Introduction to Cryptography, From Egypt Through Enigma (IBM, July 26, 2005), as accessed January 19, 2010.
  28. ^ Walters, Dave (2010-09-02). "The Rise of The Programmable GPU – And The Death Of The Modern Password". Techdrawl. Retrieved 2010-11-07.