Password Compromises

There are many problems with passwords; Ed Felten explained the issues very well a few months ago.  One big problem is that they can be stolen: the bad guys can somehow get hold of your password and use it themselves.  But how can this happen?  It turns out that there are many different ways, each of which requires a different protective strategy.

The first risky spot is your own computer.  There’s a class of malware — malicious software — known as keystroke loggers, programs that copy everything you type.  Such programs can record what websites you log into, your userid, and your password.  (How do these programs know it’s a login screen?  Apart from seeing words like “password” before a text box, how do you know when you’re entering one?  Easy – characters in passwords aren’t echoed as you type them.  The malware notices the same thing.)  Keystroke loggers are one of the most common threats.

The best defense here is the obvious: run a clean computer.  Keep current on patches, run up-to-date antivirus software, don’t install software from untrusted sources, and don’t visit dubious web sites that might infect your computer.

A second way passwords are stolen is during transmission: an attacker can eavesdrop on the login sequence.  Encryption is the obvious countermeasure, and it works very well.  Most web sites are very good about using encryption for login pages, though a distressing number of mail servers don’t.  Even without encryption, though, eavesdropping on passwords isn’t that big a threat for home users – it’s difficult for the attacker to get to the right place, and the payoff is low because of the ubiquity of encryption.  Think of it as “herd immunity” for computers: even if you don’t use encryption, you’re protected by all of the other folk who do.  All that said, you should use encryption whenever possible, especially on your home wireless network; there are many other threats that encryption can avert.  WiFi in a public place – a coffee shop, a hotel, an airport, etc. – is a different matter; never send an unencrypted password from such a network!

Passwords can also be stolen from servers: web sites, mail systems, and so on.  This is a high-payoff attack for the bad guys; they can steal millions of passwords with a single attack.  The defensive onus here is on the server operator (and it’s hard for users to tell if site operators are doing it properly); among other things, sites should “hash” – mathematically irreversibly scramble – user passwords, generally after incorporating a “salt”.  (For a good discussion of hashes, see Ed Felten’s post. I’ll write more on salting some other time.  )  This means that password recovery – being able to send you your old password, as opposed to you or the site creating a new one – is a dangerous ability, since it implies that the passwords haven’t been hashed.

What about everyone’s least favorite aspect of passwords, their “strength”?  Where does strength come in?  We’ve known for more than 30 years that many people pick easy-to-guess passwords, things like “123456” or “password”.  An attacker with a suitable list of likely guesses (and such lists can include multiple languages, names of movie or book characters, etc.) can try each guess in turn.  This may be done online – repeatedly trying to log in as you – or it may be an offline attack against a hashed password file stolen from a hacked server.  (Salting makes guessing in offline attacks much more expensive for the attacker, which is why it’s a good idea.)  Strong passwords help defeat guessing, but they do nothing to protect you against keystroke loggers or phishing sites.  Against online attacks, the best defense is to limit the number of guesses an attacker can make, or at least limit the rate of guessing.  Think of it this way: if the password dictionary has 1,000,000 entries (and that’s actually a small dictionary) and guesses are limited to one per second, it will take more than 11 days to try every possibility.  If the rate limit changes to one every 10 seconds after the first five failures, it will take several months.  The risk, of course, is that the legitimate account owner can be locked out by an attacker’s attempts, but there are more sophisticated variants that can minimize that problem.  Rate-limiting doesn’t help against offline attacks, but there’s another defense: the attacker first has to break into the server.

What, then, should a user do?  The single most important defense is to avoid reusing passwords.  That way, if a site is compromised you only have to change your password in one place, not several dozen.  No one can remember many different strong passwords; you have to record them somewhere.  A piece of paper may be ideal – no hacker is going to reach into your wallet, Hollywood movies notwithstanding – but you do need to keep it safe.  Safe from whom?  Protect it from anyone who might want to get access to your accounts; that can include disgruntled coworkers, family members, and so on.  You may want to leave a few very high value passwords, such as online banking credentials, off the list; those can and should be memorized.  Consider using a password manager program; these will encrypt the list, and perhaps provide easy synchronization across different computers and mobile devices.  (The encryption password you choose should of course be very, very strong.)  Remember that you need to guard the password list against loss, too; this means that the file should be backed up or the piece of paper copied.  Don’t use an ordinary, unencrypted file on your computer, however obscurely named; similarly, don’t store passwords in an email account.

Finally, for sites that offer you the option, opt for two-factor authentication (often using something like a text message to your phone), especially for high-value accounts.  Two-factor authentication can be somewhat inconvenient to use, but it offers a very large increase in security, and largely nullifies the problem of password theft.