How long should my passwords be?

1P4 icon“How long should my passwords be?”

A question like this depends on what kinds of password we’re talking about. The requirements for your 1Password Master Password, which you need to be able to remember and type, are very different from passwords you generate using the Strong Password Generator, which you never even have to look at.

The advice here isn’t changed at all by the recent news that the GPU-optimized version of hashcat, a password cracking tool, is no longer limited to attacking 15 character passwords. There seems to be some confusion about what that news means, which I’ll address further below.

Passwords from the Strong Password Generator

Wells Fargo: Your password must be 6 to 14 characters

Let’s start with the passwords created by 1Password’s Strong Password Generator.  Obviously, your password can’t be longer than the maximum length enforced by the website, but let’s leave that aside. Let’s suppose that the site or service you are generating a password for does better than my bank. There are lots of nifty options that you can set in our Strong Password Generator, but in order to keep my examples simple and stick to the most conservative assumptions, I’ll just use examples where we set the Strong Password Generator to create mixed case letters only.

Strong Password GeneratorLet’s take a look at a specific example I’ve set. I’ve set the Strong Password Generator to create a password that is 23 characters long, no digits, no symbols and characters are allowed to repeat.

Oops, did I just show what the Strong Password Generator might look like in the 1Password 4 menubar mini app? Wait, did I also just reveal  there might be a menubar mini app coming in 1Password 4 for Mac? And how did my keyboard get so… porous?

Moving on, the first character can be any one of a the letters “a” through “z” or uppercase “A” through “Z”. That is 52 different possibilities for the first of the 23 positions in this password. The second character can also be any one of those 52 letters. If we limited this password to just being two characters long, that would mean we could have 52 × 52 possible passwords; that’s 2704 possible passwords. A password cracker like hashcat or John the Ripper could rip through all of those in an instant.

At three characters long, we have 52 × 52 × 52 possibilities. That’s 140,608 possibilities, but still a joke of a password. When we get up to about 10 characters long we have 52¹⁰ possibilities, otherwise known as a 17-digit number. That will make high-end, specialized password cracking systems really sweat. Now let’s take a look at my 23 character password, as it has 52²³ possibilities. That number is approximately 2¹³¹, which is bigger than 2¹²⁸. As it happens, I wrote about just how hard it is to guess one of 2¹²⁸ possibilities a while back.

Put simply, if the world’s fasted computer could check a password as quickly as it can add two numbers, and if you had a billion of those computers all guessing passwords, it would take more than a million times the age of the universe to go through all of the 52²³ possibilities from a 23 character password created with 1Password’s Strong Password Generator. Put even more simply: nothing is going to crack a password generated with our Strong Password Generator this way.

Length of a Master Password

Your Master Password should be no longer than you can (teach yourself to) comfortably type. It also needs to be something you can remember. As a consequence, it will never be as strong as a 23 character password generated by 1Password’s Strong Password Generator. Because of this shortcoming of the human brain, we’ve taken taken steps to slow down the cracking rate that tools like hashcat and John the Ripper can achieve against a 1Password data file.

XKCD "I'm so random"

You can make a strong, memorable, and managable Master Password by using a truly random process to select words. Thinking them up yourself is emphatically not random.
So the system I describe in Toward Better Master Passwords involves rolling dice against short words from a list. Please see that article for the description. You can also read about how well these sorts of passwords withstand John the Ripper and hashcat. Note that the recent news about hashcat password limits doesn’t change our previous advice about password length, which is why I’m just referring you to those.

55 Character passwords, oh my!

HashcatSome readers may have heard that ocl-hashcat-plus, a spectacularly fast password cracking tool, is no longer limited to cracking 15 character passwords. It can now handle passwords up to 55 characters. This is a massive change to how hashcat operates. I’m sure it pains Jens Stuebe (AKA atom), hashcat’s developer, to surrender some of the brilliant optimizations that came with the 15 character limit, but as more people start to use passphrases, this was a change he had to make.

It is important to realize what this news does and doesn’t mean. Users of hashcat are now free to try to crack longer passwords. They no longer have to switch to some other tool like, say, John the Ripper or a different edition of hashcat, for going after long passwords. It still takes as much time today for hashcat to try a candidate password as it did last week. Actually, the changes that Jens had to make actually slow hashcat down by about 15%, but that really isn’t significant in determining what sorts of passwords are within reach.

Some people appear to have misunderstood the news. They may have mistakenly thought that the work previously needed to crack a 15 character password will now be able to crack a 55 character password. But that isn’t the case at all. A 25 character password is as strong today as it was before the announcement.

If, however, you use a passphrase that can be found in a book or on Wikipedia, you should change it. As more people – focusing only on password length – start to use such passwords, attackers start crafting their tools to attack them, as you can see from Josh Dustin‘s and Kevin Young‘s presentation at PasswordsCon.

But, of course, actual phrases in a natural language are anything but random.

Password advice should look ahead of the technology

Back in April when I discussed 1Password Master Passwords in light of hashcat’s speed, I studiously did not mention the fact (which I was well aware of) that hashcat was restricted to 15 character or less passwords. I could have said, “just make sure your password is longer than 15 characters and you will be safe from hashcat.” But I did not say that.

John the Ripper

I considered the 15 character restriction in hashcat as a technical, idiosyncratic design choice of one particular tool. It could change any day (as it has) and other tools could exist without that restriction (they do, including both other editions of hashcat and John the Ripper). When devising advice, we need to not limit ourselves to the idiosyncrasies of one particular tool. We need to look at the big picture—not just at what the tools do today, but at would they easily could do tomorrow.

There will still be times when advances in password cracking require an adjustment in what we do. For example, we’ve raised the number of PBKDF2 iterations used in 1Password over the years, and the data format used in 1Password 4 offers even tougher resistance to crackers. But on the whole, we design for the future. As a result, it shouldn’t be surprising when our reaction to some news or other is, “it doesn’t impact 1Password or how people should use it.”

Keep an eye out for our own Greig Allen at iOSDevUK!

Do not give Greig food or drink

Attention iOSDevUK attendees: when you see this gentlemen roaming around in Aberystwyth between September 3-5 (and you will), do not, under any circumstances, give him food or drink after midnight unless you’re looking for a good time.

Yes, AgileBits’ Greig Allen will attend the iOSDevUK indie dev conference the first week in September, and he instructed me to instruct you to say hi! Greig likes football (the real kind), long walks around dev conferences, food, trying his chops at learning how to develop, and possibly showing off 1Password 4 for Mac. In that order.

Keep an eye out for Greig at iOSDevUK and, hey what the heck, feel free to get food and drink involved. YOLO.

Want to help us test Wi-Fi sync in 1Password 4 for Mac and iOS?

I have good news and good news, so I’ll give you the good news first: Wi-Fi sync is coming back in 1Password 4 for Mac and will be a free update to 1Password 4 for iOS. Some of our users want a local, cloud-less option to sync 1Password data, and we aim to deliver it soon.

The other good news is we need your help to test it, so we’re opening our Mac and iOS beta programs again to recruit a few good testers. Wi-Fi sync has been rewritten entirely from scratch and it will be 1Password-4-only, so we’ll need you to beta test both iOS and Mac versions.

Do you have:

  • an inconsolable itch to use Wi-Fi sync in 1Password?
  • a Mac running at least 10.8 Mountain Lion and an iOS 6 device?
  • good-to-great beta testing skills?

Prove it—sign up for our beta list and help us make Wi-Fi sync in 1Password 4 the best it can be.

Please note: we have not announced a release date for 1Password 4 for Mac or for when Wi-Fi sync will arrive as a free update in 1Password 4 for iOS. Right now we’re focused on making Wi-Fi sync great, and we’ll release as soon as we can get it there.

1Password beta crowdsourcing pinpoints OS X Mavericks release date

Mavs calendar iconIt should come as no surprise that we’ve been running a sizable 1Password 4 for Mac private beta for a while to help us test and polish all the great new stuff on the way. If it does surprise you, well, you learned something today!

Naturally, a focus of our beta is to make sure 1Password is ready for when Apple releases Mavericks, the next major OS X upgrade. The only catch is that, as par for the course, no one knows exactly when that release will be, so everyone is left guessing. Since we want to ship 1Password 4 for Mac before the big cat’s California hotspot’s release date, we decided to crowdsource the answer from our beta testers.

We devised and optimized a series of highly scientific survey questions for our testers. One such question involved a prediction for the OS X Mavericks release date, and here’s what we got:

  • average: October 5
  • median: October 1
  • earliest: August 27

Now we have our answer—the crowdsourced release for OS X Mavericks is the first week of October!

Before you ask: no, for a number of reasons, we are in fact not concerned that All Things D made its own prediction for when Apple might hold its expected fall event, partly because no knows whether Mavericks is even on that event’s schedule. On the other hand, one of our testers answered “September 10, 2039” so, as with most predictions, take this all with a grain of salt.

Just in Time Decryption

1Password for iOS icon supersized1Password only decrypts what you need at the time you need it. If Molly (one of my dogs) is using 1Password to log in to SquirrelsAreEvil.net, only her SquirrelsAreEvil Login details are decrypted. Her RabbitRecipies Login, along with all her other hundreds of items, remain encrypted.

I’d like to explain why this is such an important security feature, as well as why it’s vital for Molly’s security tool to lock her 1Password data when she steps away from her computer. Limiting what is decrypted, and for how long, provides some concrete benefits, though it also raises some interesting questions. Read on to see what I mean.

Keeping secrets small

It is easier to keep sixteen bytes of data secret than it is to keep sixteen megabytes of data secret. Quite simply, it is much harder to handle and manage sixteen megabytes of data in a secure way than it is to keep just sixteen bytes secret. This is true for both people and for computer systems. You can manage your 1Password Master Password securely (in your head), but you could not do the same with all of your passwords and logins. After all, that’s why you use 1Password in the first place.

1Password enables you to turn a large secret—all of your various login information for services, secure notes, WiFi passwords, bank account details, credit cards, etc.—into a small one that you can manage—your 1Password Master Password. This is what I mean when I say that encryption allows you to turn big secrets into small ones.

Just as it is hard for a human brain to handle large secrets securely, it can also be difficult for computers. When computers are running short of working memory, they might have to make temporary notes of what is “in their heads” (writing to swap files). If a program crashes, it might write to disk some of what is in its memory (core dumps), and there are various other ways that a computer or computer program can accidentally mishandle secrets.

big-and-small-secrets

There are tools that systems and programmers can use to make it harder to accidentally reveal secrets, but these methods work best for little secrets. So it would be much better for a computer to only have to manage one little secret. Like you, the computer can be good at managing such secrets. Of course, a little secret (one that fits in sixteen or thirty-two bytes of data, for example) can be very very important. Note that, when I talk about “big” or “little” secrets here, I only mean the size of the data.

The way to turn big secrets into little secrets on a computer is to encrypt the big secrets with an encryption key. After that, the encryption key (or the password from which the key is derived) becomes the secret. The encrypted data, because it is encrypted, does not need to be kept secret. With the encrypted data and the key, there is no need to keep the unencrypted secret data around.

Throwing away the key

When you lock 1Password or it locks through auto-locking, 1Password throws away the key (the details are a bit more complicated as there are multiple keys and these are handled slightly differently in different versions and platforms. But let’s stick with this for now). Without the key, the encrypted data cannot be decrypted, nor is there any way to steal the key since it’s been destroyed.

The only way to decrypt data once the key has been destroyed is to make a new key, and making a new key requires your Master Password. Making keys from your Master Password is called “key derivation”. It is a subtle, but crucial, part of the design of any cryptographic system. For those interested, you may read the gory details of key derivation in 1Password 4.

When to throw away the key

When I’m working, I often get up and pace around the room. Too often I pace all the way to the refrigerator and grab a snack. This is not great for my health, but it also means that someone might walk over to my computer and take a look at the passwords I have stored in 1Password. If my computer account is accessible and if 1Password has the key, then an attacker can get at my data.

autolock-1P3-8

If I worked in a crowded office with people coming and going, that would be something I should be concerned about. In such a case, I would go to 1Password > Preferences > Security and set Auto-Lock to lock after only a few minutes of computer inactivity. I would also set these preferences to lock when the screensaver is activated or when the computer goes to sleep. This would mean that I might have to type my Master Password a few more times a day, but it will help immensely with keeping my secrets, well, secrets. Plus, typing my Master Password a few more times each day will help ensure that I never forget it.

Is Auto-Lock helpful?

An argument can be made that even the most aggressive auto-lock settings provide no meaningful security. I think that Auto-Lock is important, but let me first outline the argument against it.

Suppose Molly (one of my dogs) is working at her computer and runs off to chase a rabbit. She has set up auto-lock so that 1Password will be lock quickly. Molly knows that Patty (the other dog) is trying to find out where the bones are buried, a secret Molly keeps in a Secure Note in 1Password. When Molly is off chasing a rabbit, Patty goes up to Molly’s computer and sees that 1Password is locked. Patty cannot find out where the bones are buried.

But Patty came prepared. Patty doesn’t care that 1Password is locked because Patty replaces the copy of 1Password on Molly’s computer with a bogus copy of 1Password. After all, Patty has as much access to Molly’s computer as Molly would have, and that typically involves being able to install software. When Molly returns (without a rabbit) she sees what appears to be 1Password, nice and securely locked. She types in her Master Password, but the imposter version of 1Password sends that Master Password to Patty.

So the question remains, what good does locking 1Password do?

Auto-Lock *is* helpful

Even though it is possible for Patty to defeat Auto-Lock’s security, it is, in practice, much harder for her to do so than to simply read the data she wants when 1Password is unlocked. Even if Patty had a good imposter of 1Password at hand, and even if she could install it quickly and easily, she runs a much higher risk of getting caught because she has made large changes to Molly’s system.

There may also be barriers to installing an imposter 1Password on Molly’s machine (or otherwise changing the security system of the machine). An administrator password may be required for a normal software install. Something like Gatekeeper may detect that new software is running and ask for an administrator password. It is true that all of these can be worked around if Patty has enough time at Molly’s computer, but these all make it ever more difficult in practice for Patty to tamper with Molly’s computer in a way that will work, can be done quickly, and won’t be detected.

Raising the attack bar

We can never (well, … hardly ever) protect a computer against someone who has unsupervised physical access to it. It can be tampered with down to the boot loader. Suppose Molly is using full disk encryption (FDE) with Filevault 2 on the Mac, and she shuts down her computer completely. Patty might disguise herself as a maid (she is evil that way) and when cleaning Molly’s dog house physically replace the boot ROM on Molly’s computer. Patty can then ensure that the next time the machine boots up, it captures a copy of the disk encryption password and also installs whatever changes to the operating system and software that Patty wants.

In principle, there is little we can do practically to defend against such attacks. But it is far harder to execute an evil maid attack than to simply look at someone’s unlocked passwords. By locking 1Password, Molly makes Patty have to work that much harder (and increase her risk of getting caught) than if Molly didn’t lock 1Password.

Requiring a login password from the screensaver further increases the difficulty (and thus reduces the plausibility) of a successful attack. Using Full Disk Encryption raises the attack bar even higher.

These are cases where the good guys actually have the advantage. There are simple and relatively costless things we can do that very substantially raise the cost to the attacker.

Defending against practical attacks

We have to look not only at theoretical attacks, but the practical arsenal of attackers. We build defenses to increase the amount of work an attacker has to do. If the amount of work the an attacker has to do is beyond what that particular attacker can (or is willing to do), then we have successfully defended against that attack.

Auto-Lock features, like 1Password’s, can successfully defend against what might otherwise be common attacks. It may not defend you against a specially trained spy who has lots of time with your computer, but it will defend you against the nosy officemate who takes the opportunity to grab what she or he may when you briefly leave the room. The world has many more nosey officemates than trained spies.

Summary

We keep as little of your 1Password data decrypted as possible, and only for the shortest amount of time, because it is far easier to manage small secrets securely than large secrets. Features like Auto-Lock can’t always defend against everyone who gets access to your computer, but they do make the job of the attacker substantially more difficult. Indeed, it makes the difficulty of an attack prohibitive for the kinds of attackers we most often find for this category of threat.

[Updated] If you use 1Password 3 for iOS and Dropbox sync, take action by September 1

Update

Our sale ended September 6, thanks everyone!

—–

We’ve used Dropbox in 1Password for… forever. It’s a fantastic way to sync your data between all your devices. Dropbox continues to improve and innovate, making the service more accessible, faster, and even more secure. As part of this progress, Dropbox will disable its legacy API—the bridge that lets apps talk to Dropbox—in favor of its next-generation API on September 1st.

As we all know, sync and innovating are hard work, so we sympathize with Dropbox’s need to retire an old API that’s done its bit for king and country. If you use 1Password 3 for iOS and sync through Dropbox, you need to take action before September 1. If you use any other 1Password apps, they are already built for Dropbox’s next-generation API; you don’t need to do anything.

State of 1Password and Dropbox sync

In other words:

  • 1Password 3 for Mac and 1Password 1 for Windows sync directly to the Dropbox folder on the local file system and will continue to sync with Dropbox just fine.
  • 1Password 4 for iOS (released last year) uses the latest version of the Dropbox API and will continue to sync with Dropbox just fine.
  • 1Password 1 for Android also uses the latest version of the Dropbox API and will continue to sync with Dropbox just fine.
  • 1Password 1 for Windows Phone uses an open source API based on the latest Dropbox API and will continue to sync just fine.
  • 1Password 3 for iOS, which was removed from the App Store last year, used the legacy Dropbox API. Come September 1st, this old version of 1Password will no longer be able to sync with Dropbox.

If you use 1Password 3 for iOS and sync with Dropbox, please read on for alternative sync options.

What should 1Password 3 for iOS users do?

iOS-Versions-AffectedUsers of 1Password for Mac, Windows, Android, and Windows Phone, as well as 1Password 4 for iOS, have nothing to do. If you use 1Password 3 for iOS and sync through Dropbox, you need to take action before September 1.

First, confirm you are using 1Password 3 for iOS. To do this, look at the 1Password icon on your home screen and see if it matches one of the icons on the right. Now that you have confirmed your version, you have the following options.

Upgrade to 1Password 4 for iOS

1Password 4 for iOS is a brand new app from pixel to bit. It’s a single, universal app for iPhone and iPad that brought over 20 major new features and a ton of little ones like an incredible, full-featured web browser, Favorites, quick Action Bar, folders, private item sharing. It was also designed to use Dropbox’s latest sync technology.

To make this transition as easy as possible, we’re putting 1Password 4 for iOS on sale! Update: The sale ended September 6, thanks everyone!

You can switch to Wi-Fi Sync

1Password 3 for iOS supports Wi-Fi sync with 1Password 3 for Mac. We have a support document & video to help you set this up, and our stellar customer support team stands by to answer any questions. Note: 1Password for Windows does not currently support Wi-Fi sync.

FAQs

Why don’t you update 1Password 3 for iOS?

The short answer is: we’d like to, but we can’t. When we launched 1Password 4 for iOS last year, we removed our three previous versions of 1Password 3 for iOS from the App Store to avoid confusion. Apps removed from sale can no longer be updated.

As a small team we need to focus our development efforts on making the current versions of 1Password even better.

Do you still support 1Password 3 for iOS?

Absolutely! While 1Password 3 for iOS will no longer be updated, our Customer Support team is always willing and able to help you with any questions you have for 1Password 3 for iOS.

What if my device cannot run iOS 6?

1Password 4 for iOS requires iOS 6, which is compatible with:

  • iPhone: iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5
  • iPod touch: iPod touch 4th & 5th generation
  • iPad: iPad 2, iPad 3, iPad 4, iPad mini

If your device cannot run iOS 6, your next option is to sync with 1Password 3 for Mac over Wi-Fi, as mentioned above.

If you have any questions about how you are impacted, please contact our support team.

Apps that Love 1Password: Tappd That for tracking your beer to-dos, to-done

tappd_that_icon_300It’s time to kick back with Apps that Love 1Password and open a proverbial cold one. The latest app to add 1Password integration is Tappd That, an offline companion for Untappd, a beer and bar discovery service.

Untappd gives you personalized beer recommendations and helps you find the best bars wherever you are. You can catalog and review beers you’ve had and add beers you aspire for to a wishlist. Tappd That makes all this even better by letting you take your check-in history and wishlist offline. The next time you take a journey to experience the best, most remote beer known to humanity? Tappd That will have your list even if you’re so far off the grid, you may as well be in Canada.

As of the Tappd That 1.0.4 update, a new 1Password button on the Untappd login form will let you switch to 1Password with an “untappd” AutoSearch. Just swipe across your Untappd Login item, tap the clipboard to copy the password, then switch back, paste it in, and you’re ready for a beer.

Tappd That 1.0.4 is available now in the App Store.

Happy birthday to our friends at Readdle, grab their apps on sale through August 3!

Scanner Pro heroTurning six is a pretty big milestone in an app company’s life, so can you think of a better way for our friends at Readdle to celebrate than by putting all their printing, PDF-ing, calendaring, and Shakespeare-ing apps on sale for up to 70 percent off?

I bet you can’t, so it’s the perfect time to head over and pick ’em up before the sale ends on August 3. Yep, you have just under 48 hours to grab:

  • Scanner Pro for $1.99 – Turn your iPhone or iPad into a portable scanner. Digitize your notes into PDFs.
  • PDF Expert for $4.99 – As powerful as your desktop editor. Read, annotate, sign, and fill forms.
  • Printer Pro for $1.99 – Print documents, attachments, and tickets right from your iOS device.
  • Calendars+ for $1.99 – Everything you wanted from a calendar app. More than 1.3 million people use it.
  • PDF Converter for $1.99 – As powerful as your desktop PDF editor. Read, annotate, sign, and fill forms.
  • Shakespeare Pro for $1.99 – Enjoy the full works of William Shakespeare. Glossary, facts, pictures.

In fact, to sweeten the deal, we have 10 App Store codes to share for PDF Expert. First come, first served:

E9A37JENWLLX
HTMLYPFP7WAE
LRWNFLTLET9N
RLYRWPYYW3N7
EXHMNNHHNH37
M9JRXPP4EM3N
EEJH4TAHAXPM
FP9T6TKNTLPP
7L37MYKAXWLE
6HAXTXY34TPN

Happy birthday to Readdle, and we hope you enjoy some of our favorite document apps for iPhone and iPad before the 70-percent-off sale ends on August 3!