Requiem for a p455w0rD

Why passphrases are better than passwords

Blog Requiem for a p455w0rD

| 5 min read

Table of contents

Contact us

What would you rather have at your home door: a simple, weak key that needs to be changed every other week, or a one-time-setup, state-of-the-art, virtually unpickable cruciform key?

"Weak vs strong key"

Lock key comparison via Locksmith Ledger.

That’s just the difference between rotating short passwords vs having one good passphrase: the first may be convenient and easy to carry around, and easily replaceable if lost, while the latter might be difficult to wield at first, but once you get used to it, makes an unbreakable defense.

Now, the password is not dead, as some folks at Microsoft claim in order to favor other kinds of authentication. A long password with a healthy mix of upper- and lowercase letters and special symbols is still pretty tough to guess or crack. But they are hard to remember, and that leads to frequent password forgets and resets. Thus most people tend to resort to short, easy to crack passwords. See the 2017 Splash Data 100 worst passwords (PDF) to see the problem. These are vulnerable to brute-forcing, dictionary attacks, and rainbow tables, to name a few of the ways they can be cracked.

In order to avoid these situations, some organizations choose to implement password policies that require users to include special symbols or to change passwords frequently. But that is not without its problems, either [1]: users tend to circumvent these impositions in different ways, such as:

  • replacing letters by similar numbers (v.g. helloh3110, tigger71gg3r)

  • reverting their old password back and forth (qwertyytrewq)

  • switching between simple passwords (password),

  • altering a standard password (passwordpassword1 → …​),

  • not avoiding it, thus getting a very complicated password, but keeping it written down in a piece of paper (danger!).

Furthermore, with the plethora of distributed services around, it is not uncommon for a single person to have to deal with dozens of passwords, leading to the reuse of the same weak ones, which makes the situation even worse.

Possible solutions to the problem with many accounts are Single-Sign-On services and password managers such as Keepass. But these are sometimes infeasible, for example to login to your computer, since you cannot run any software beforehand. And if you do use a password manager, the main password to unlock it should be very strong because if it falls, so do all others. The same argument goes for encrypted files or disks and email. In these mission-critical cases, what you want is a 'passphrase'.

Like the name suggests, a 'passphrase' is a sentence that you use to gain access, just like a password. Since they are usually much longer than password, the mere number of them is considerably larger, making them harder to guess or crack. It’s as simple as that.

Why? Consider this question: how many words are there to choose from? From an alphabet with 26 letters, and allowing words from two to six letters, we can make more than 12 million words. However some of those wouldn’t make sense, such as zzy or edls, so word dictionaries like the one above avoid them and only take real english words. The one used here is modest: it contains only 7,776 words.

But that is enough when you combine them. There are 7,7762 two-word passphrases, and so on. Thus with merely five words we’d have 7,7765 which is around 28 quintillions (28 and 18 zeroes). Assuming a trillion (1 and 12 zeroes) guesses per second, such a passphrase would take about half a year to crack. Append three zeros for each extra word, being conservative, so a seven word passphrase would take about half a million years to crack.

Get started with Fluid Attacks' Security Testing solution right now

You could argue that you already have a password that is long enough. But does it make any sense as a 'word'? How random is it, to be safe from guessing attacks? Is it easy to remember? Most likely not, that bear no relation to the word. In contrast, passphrases are made up of regular words which you can remember by linking them somehow. This comic from xkcd sums it up:

"A comic about passwords vs passphrases"

Passphrases vs. passwords. Adapted from the original at xkcd.

As you see, you can use mnemonic techniques to remember your passphrase, even if it might seem absurd at first. Try to do 'that' with extraneous symbols. Research shows that even 56-bit codes can be learned within 36 tries [2] using a technique called 'spaced repetition'. This also illustrates the problem with difficult-to-satisfy password policies: they force people to end up with absurd, hard to remember passwords with nonsensical number and letter combos.

By now you might be convinced that passwords are the way to go. But it’s not as simple as just grabbing any four words. In order to beat attackers using dictionary and brute force attacks, you want to make your passphrase as random as possible, i.e., it should have a high 'entropy'. Even if you choose some words that you think are random, the inherent structure of language and of our brains implies that we’d be fooling ourselves, and that the chosen phrase is not as random as it might seem.

So how do I create a really random, strong passphrase? Look for true real-word randomness. The easiest way to go would be rolling a dice many times writing down the results, and make that into words using a dictionary that maps sequences of dice rolls to actual english words like this:

Some words from a Diceware dictionary.

 26114 -> code 32236 -> hack 52416 -> rule 52133 -> risk

Thus if you roll first a 2, then a 6, …​ and a 4, the first word in your passphrase will be code. Do this four to seven times and your passphrase will be pretty strong. No time to play dice? No problem. There are plenty of FOSS solutions to generate long, high-entropy passphrases on GitHub and some online.

How often should they be rotated? Truly randomly generated, long enough passphrases are virtually crack and guess-proof. So you only need to protect them from unauthorized sharing or theft. In that case, we can extend a fairly typical monthly renewal period to, say, three to six months. Using randomly generated passphrases thus eliminates the issues of password recycling, minor alterations, common words and guessability, and has the advantages of superior security and memorability.

To illustrate this, let us compare some typical authentication policies:

Table 1. Authentication policy comparison

TypeMinimum lengthVarietyMinimal exampleTime to brute-force
Password8 charactersupper lower num specialPas$w0rd9 hours
Password14 charactersupper lower num specialPas$w0rddddddd204 million (e6) years
Passphrase4 words x 4 lettersnon-random lowercode hacks rule risk41 quadrillion (e15) years
Passphrase4 words x 5 lettersrandom lowerdebased heron passes native343 septillion (e24) years

Just the time to brute-force gives us an idea of the relative strength of these sample password policies: the first is essentially useless since an unaware user can set very easy passwords. Fourteen combined characters is not too bad, but could be obtained via dictionary attacks or guessing from user info. Even a non-random, relatively short passphrase is literally a billion (e9) times better, but could still be guessed. And a short, but highly entropic passphrase is a billion times better than the last.

Our concrete recommendation: a randomly-generated, 44-bit (the lowest setting in, i.e., 4 or 5 words 3 to 8 letters in length) beats any complicated password policy and is easier to remember. Change it every three to six months at your discretion, whatever makes your users happy.

Do keep in mind that while passphrases have the advantages of being harder to crack and easier to remember than complex passwords, you needn’t use them for everything. Regular, even easy passwords still have their place and, contrary to popular wisdom, can be recycled and reused, according to [3]. There is plenty of debate and of course no consensus as to what constitutes the best practice, but now that you know both sides of the coin you can choose what is most appropriate for each situation.


Table of contents


Subscribe to our blog

Sign up for Fluid Attacks' weekly newsletter.

Recommended blog posts

You might be interested in the following related posts.

Photo by FlyD on Unsplash

Software supply chain management in financial services

Photo by Robs on Unsplash

Consequential data breaches in the finance sector

Photo by Towfiqu barbhuiya on Unsplash

Data protection in the financial sector, tips and more

Photo by Jasmin Egger on Unsplash

If the essential security layer is flawed, you're toast

Photo by Christian Wiediger on Unsplash

The need to enhance security within the fintech sector

Photo by Claudio Schwarz on Unsplash

Is your financial service as secure as you think?

Photo by mitchell kavan on Unsplash

Bringing the zero trust model to life

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.