The concept of entropy is what makes my students at high school use (a) a stronger password, (b) a unique password for each service and (c) a password manager. Thanks for the video, which will enter the list of "interesting videos" on the topic "cryptography".
Yubikey helps you against social engineering attacks (putting your password in a wrong site), but if bitwarden's servers were breached, it's the master password that's used to encrypt it, not yubikey.
Good way to make basically random password you can remember is to think up some personally significant sentences, or something you can easily remember, with numbers, then take first letters of the words and numbers, you then get basically random string of upper and lower case letters, with some numbers. I also add couple symbols in there. As long as this password is 20+ characters it's about as hard as you would need it to be and you have method to remember it too. Though personally I now just remember the password, not memory rule since I have typed it so many times. And for generated passwords inside manager, at least get 40 characters with all characters enabled.
I switched mine to 1,500,000 rounds quite some time ago. It’s definitely a lot slower on mobile (cheap Androids for example) but I can live with an extra 10-15 seconds when I have to login with master.
Bitwarden now allows Argon2id as an alternative to PBKDF2. I don't login using my smartphone so it works for me. But it may slow down logging in with your phone.
@@vandrosia Yeah I’m not switching to Argon any time soon. It feels like they really rushed it out and I’m going to let the dust (and inevitable bugs) settle out first. Good to see them adding it though - DashLane has been running Argon quite awhile already.
@@curtispavlovec Bitwarden removed the cap on iterations. Now you can set 30,000,000+ rounds if you want to. Not that anyone would since your computer would slow down tremendously. But at least they give you the option.
Personally, I have no intention of asking that website to tell me if my password is strong or not. How do you know if that website is keeping your password to later use in an effort to breaking into your account(s)?
I like how Bitwarden allows you to use a PIN after logging in. I use a memorizable PIN locally, but use a randomly generated 256-bit master password (dd if=/dev/urandom of=/dev/stdout bs=1 count=32 | base64). The random master password is encrypted with a PGP key and saved in my cloud backups. In the rare case that I ever need to login on a new device, I just decrypt the master passphrase, copy/paste it in, and then set the PIN on that new device.
100,000 rounds adds 16bits of protection while 1,000,000 rounds adds 19 bits. A 10x increase only adds about 3bits while taking 10x longer. And for whatever reason, some platforms are really slow at PKDF2. Slow javascript?
I have one in my head that there is a logic to that makes it easy for me to remember, it still looks like a bunch of random characters and part of it was randomly generated, I applied the logic around the random characters. Might not be the absolute safest method in the world but should still take centuries to crack it.
I find it more interesting this collided with the Lastpass breach (how they also mention they are rolling out iteration increase). If a company's iteration is secure, why do we look at "others".. To me if they do that, it simply says "we need to be more secure. We never thought about this in the past.. Dunno why ???? but we think its time to change just because someone did" Why wait ? Its YOUR security, why are you looking at the competition for?? Doesn't that decrease your own trust as a company ?
Personally, I think length is far more important than 'complexity' and having a 20+ character passphrase (a sentence basically) that's easy to remember, easy to type [
This is what I recommend to my users for master passwords, difficulty to crack goes up exponentially with number of characters. A 24 character passphrase in lower case has higher entropy than a 16 one with all posible characters mixed. The first is easy to remember and type, the second usually ends up in a note somewhere.
That's also NIST's advise (NIST SP 800-63b). Length is more important than crazy character set requirements. Passwords of up to 64 characters must be allowed. No requirements on specific characters being used (upper, low, number, special). Also, checking whether a chosen password has been discovered in password leaks before (HIBP provides a service for that). Leaked passwords end up in bruteforce lists and rainbow tables. And MFA! Even SMS-based 2FA is better than nothing.
The method I came up with was to take a number, break it up, and make an equation out of it. Take 1337for example. The password would be "Thirteen+ThirtySeven=50" Depending on the numbers you choose, it can get pretty long but remain easy to remember with a good mix of the typical required characters. Though I don't know if its the most secure method.
Bitwarden is in the process of pushing out Argon2, a more advanced stretching algorithm. Wait to get updated to 2023.02 on all of your systems then switch on Argon2!
Strong passwords are not enough on their own in this day in age, hardware token or 3rd factor is really another level. Just remember software bugs are always going to be in existence, and eventually something will be reverse engineered, call me old fashioned, but cloud eventually gets compromised.
Strangely enough I'm now far less concerned about my LastPass vault being out there. My master password is crazy long. Although that being said I did already go through and burn/replace every login that was on it.
Yeah, by the time that's cracked, probably all of the services you've stored in your password manager get directly breached themselves anyway and many of them probably won't be around anymore... and that's just assuming it'll be cracked in our lifetime
A long Diceware password and hardware two factor using a Yubikey with a backup Yubikey and keeping a printout of your master password in a safe place is more than enough security. Put your master password in the Bitwarden vault.
Misspelling is also helpful .. Taking a 15 character password with 1 special character & 3 dictionary words, this comes out at 13 days. Removing 1 letter to misspell the longest word, it comes out at centuries- even though the password is shorter. You can either keep throwing words in to create a really long password, or think about more about the words being used.
Why not just use a completely random password? Harder to remember for sure, but say 16 completely random chars (upper case, lower case, numbers, special keys) should be pretty secure, and not THAT difficult to remember, concidering that going forward, it's the only password you'll need to remember. Took me maybe 3-4 days to learn my master password, typed it enough times to remember.
@@sagichdirdochnicht4653 You can certainly do that, definitely not AS easy to remember & not necessarily stronger. It was just an option that can help to remember more easily & still get a sufficiently strong password, whilst passwords remain a thing.
@@everyhandletaken Of course you are right. And I do completely agree; misspelling words (in a long passphrase) certainly adds complexity, even if shorter, as it makes dictionary attacks a lot harder, maybe even impossible. Tough I would most certainly say, that - given both are the same length - a completely random password would allways beat a passphrase, even when altered. However, all of that only counts for random things. Thinking up a Password or Passphrase wouldn't be a great Idea; this would make it easier for someone to social engineer it. Computers may be bad in random things, but we humans are much worse at it. Much more important then a few more or less digits in the Password tough is 2FA in my Opinion. Say somehow I got Malware on my phone (rather unlikely on my Linux Desktop) and someone could spy out my Master Password, good luck with that. Without my Yubikey(s) that Password is basically completely useless anyway.
@@sagichdirdochnicht4653 100% agree The goal is to do all you can to remain secure & the more complex you can make the situation the better, of course at the sacrifice of some convenience. I would certainly rather see someone that uses “password1234” go for something like “Caetching100fysh@6am” (catching 100 fish at 6am), even if there is only 1 special in there & a dictionary term. Definitely could be better, but a huge improvement ☺️ What I really hate are situations where a service mandates a minimum number of characters, but also a ridiculously small maximum. Also 2FA with SMS only too, no authenticator app or hardware key. Whilst on the topic of YubiKey, I have considered them a number of times- do you have any reasons against them, or are they as good as they seem?
@@everyhandletaken Since I use my Password Manager to generate Passwords for any service, I really don't care (anymore) about minimum requirements, as I allways surpass them. Haven't encountered a problem with maximums tough; but that may be due to the fact, that I use "only" 12 char Pws for most services. Yubikeys are amazing. I use them for two years now. They do exactly what they are supposed to do. I'm not aware of any downsides, and pretty much only had good experiences. The only "downsides" I can imagine aren't really the fault of the Yubikey. s 1. You NEED at least two of them, and this is not for debate. If you lost your only key, you are f.... You need at least one Backup. And those keys ain't cheap. 2. You can not get any Data off your Yubikey. So you can't get a Backup of 2FA Tokens, GPG Keys or whatever you have thrown onto there. This however is by design and very much intended! Just thought I wanna add this, because I've heard people complain. But again, this is a Feautre, not a Bug! 3. It can be annoying to set up 2FA. Those tokens you would usually use with eg. Google Authenticator or whatever - they work with Yubikeys (which is great). And the credentials are stored on the Key. The "Issue" is, that you'll have to setup all your Keys at once, when you setup an account and place the same credential in any of them. You therefore also not revoke a single Key. Not an "issue" with any of the better authentication Methodes, like FIDO or FIDO2, however, this authentication Methode is still the most used and many services do not offer those better alternatives. (4. I've had some trouble getting the Linux App for Yubico Authenticator running on an Ubuntu LTS Release. You need this App in order to use 2FA with Tokens (the equivalent of eg Google Authenticator. Just that your codes are stored on the Key, which is much much more secure). Wasn't a real Issue tough, as the Snap Version runs fine there. ) Well, I really can't think of any more Downsides and I'm using them for over two years now. I 0% regret buying them and would 100% recommend - and that's saying something. If you wanna hear positive things - well, so far nobody has been able to break those things. So they do exactly what they are supposed to do and do it well. Tough when I rambled about in point 3 about how 2FA codes can suck - this is actually where the Keys add alot of convenience. Usually you'd use your Phone to store those Codes and use eg google Authenticator. Therefore everytime you login somewhere you'd need your phone to login and type in the 6 digit code every time. As I am a lazy Fuck, that would be to annoying. I just use the Yubico Authenticator app, click the right entry, touch the yubikey - code copied to clipboard. And nope, I'm not associated with Yubico in any way, shape or form. I'm just 100% satisfied and this only happens very, very rarely these days.
By default I generate 21 character random passwords that are stored in my Bitwarden, I have a 36 character master password with a mix of Upper and lower case, numbers and symbols but is a personalized phrase that nobody but me would even consider, and I use Fido2.
if you have a MAC, consider adding Foreign Language Special Characters to your password. FLSC are created requiring 2-3 keystrokes to add ONE character to your password.
@@LAWRENCESYSTEMS Good to know I can sleep easy, knowing it will take centuries to crack my master password. According to Bitwardens Password Strength Test Website.
Wouldn't really say it adds entropy. Entropy is a measure of the number of yes/no questions you need to ask to find the answer - n bits, 2^n questions. Adding iterations just makes it take longer to get the answer to each question
@@LAWRENCESYSTEMS As it says in that article, it merely _mimics_ randomness and longer key length. I know that may seem like hair-splitting, but this can be confusing to people coming to this stuff for the first time. The article also mentions "If this added effort compares to a brute-force key search of all keys with a certain key length, then the input key may be described as _stretched_ by that same length", which is a reasonable metaphor, but that's for people who already understand what's going on
If you have a master password that a strength calculator (BitWarden) determines would take centuries to crack, is that based on single conventional PC equipped with a powerful GPU? Would that time to crack drop significantly if say, someone were to repurpose a cryptocurrency farm to crack passwords instead?
Look up quantum computers. It's scary powerful that *CAN* crack those password fairly quickly when several of those computers are running at a server farm.
@@Darkk6969 But hackers aren't getting access to Quantum computers in the foreseeable future. I'm talking conventional PC hardware and multiple GPUs being used to attack a very strong master password.
Yes, I've been wondering that too! That 2013 post mentioned in the video was a good comparison for the time, but four 2013 GPUs don't hold much of a candle to a modern crypto farm running dozens of 3090s. @LawrenceSystems: do you have any contacts who could calculate an updated comparison with, say, 100k, 500k, and 1mil PBKDF and 30-200 bits of entropy?
Reading through the comments it would appear that using 2FA does not provide the level of protection some of would have thought in a LastPass breach. Would using the likes of Yubikey have the same weakness? It would be good to produce a video following up explaining what additional controls are effective/not in a LastPass event. Or is master password complexity the only protection?
2FA only provides client access protection, i.e. someone trying to get in from the outside. It does absolutely nothing if the server is compromised, no matter which 2FA method used. I would love to see Yubikey become a part of the encryption process itself, but I'm not sure if that's possible, or even a good idea (how would you recover if the key failed?).
2fa on all your *non-vault accounts* most certainly adds protection. In fact it's the best line of defense against bad/cracked passwords, so everyone should be using it.
@@jm-lc3jp I stand by what I said, it's completely useless if the backend is compromised. I'm not saying don't do 2FA - absolutely 2FA the crap out of everything you can, but it means nothing if someone steals the database.
@Derryn Jones and if someone steals the database cracks your vault and gets your password and goes to your bank website puts it in and then....oops you enabled 2fa WITH THE BANK = stops the hacker. I think we are talking about different things. 2fa IN GENERAL helps even with valut breaches by protecting your assets downstream of the crack. 2fa with the vault provider doesn't stop a backend theft anymore than a strong (non-vault) website password prevents an attacker who is already on the backend side of authentication
@@jm-lc3jp yeah but it's not just vaults that can be compromised from the back end. Based on the last 12 months of attacks it seems more likely someone inside the bank will leak the credentials to some backend server and take your money from the inside, regardless of how many authentication methods you have. Bank isn't a good example, but it's still possible.
A lot of people, some so called experts, seem to not understand entropy and think something like a long diceware password is "vulnerable" to a dictionary attack
People is always the problem, no matter how long you explain how important an unguessable password is, people turn around and plug their niece name with the date they where born. At least, 2fa is saving their souls (a bit) but still, as we all know, if an ''allowed'' device is compromised, it all comes down to the password again to access the vault.
5:15 Adding words, even though a lot of them, probably does not increase entropy as much as it shows. Such evaluation tools are probably overestimating these cases.
Depends on the attack dictionary size. Every word adds log2(dict size) bits of entropy. So dictionary with a size of 2^13=8192 gives an additional log2(2^13)= 13 bits of entropy. You can convince yourself of the power of words by just calculating keyspace.
@@jm-lc3jp Since the whole word theme is for convenience, than you wouldn't expect average user to use anything other that common obvious words, otherwise they might end up having problems recalling correct spelling let alone meanings associated with passphrase. And average active vocabulary of English speaking person is even smaller than your example. Partly because English is very good at reusing words compared to other languages, not even persons fault. So these dictionaries are probably already compiled long ago, and are easily updated nowadays with modern tricks like huge readily available leaked real password databases and(or) ML combined with good old techniques like web scrapping and generators.
@Leeroy and that's the great thing about xkcd-style passports generation. I could GIVE you the dictionary, the dictionary could ONLY be the size 10000 simple words (rockyou is 14 million) AND I could tell you "it's 5 dictionary words in a row, have at it" and you STILL have to search a keyspace of 10000^5 10^25. At 80 kH/s for 4090RTX you could assume 10000x increase in GPU power 30 years, and 100GPUs attacking at once and it would still take you 6 months to find my pass. Word-space just grows so much faster than character-space--yes even for the most common 10k words in the dictionary (as long as they are not so small as to reduce to character attacks)
It's great too see you are salting your passwords! It's just a shame that you didn't directly mention "salting" as an additional layer of password creation security that people can use alongside Hardware Password Keys or Password Database Software Solutions (Like BitWarden, LastPass, etc). Of course security is all about what's the weakest link. I just wanted to say it encourages confidence in me that people are trying to improve their security when I see "Salting-like" behavioral traits. If I've highlighted a common trait and weakness here in your system of thought then I recommend that you change up how you salt stuff just to give yourself a gap between what you used to do for salting and what you do going forwards. Evolve, Adapt, Secure.
I was testing the bitwarden strength tool. So master-password-master is at centuries to crack. Now if I change it too master-password-master-master I'm down to 3 years. Strange right? I wonder if you have an explanation?
They don't save your secrets, so they can't recompute. They could potentially force you to do so on your next login or something, BUT changing the number of rounds also changes the results, which means your vault has to be re-encrypted with the new values and all of your sessions will be invalidated. While it is best practice to have more rounds, it really doesn't add a whole lot protection. Not worth bothering the customer.
Interesting I just bumped mine up to 600000 and I got logged out and I can not log back in, I know what my Master Password is as I had to use it to change the iterations what's up with that?
@@ВячеславСёмин-с8б It won't even accept blank / no password. Based on what I am seeing in the forums I am not the only one this has happened to so let this be a lesson to all BACK UP YOUR VAULT before doing anything like this.
I start to wonder however... does this really even matter, My point is not just a matter of how long it will take to crack. But if the system is designed to limit you to 5 wrong answers an hour. Even a 4 character password could take you nearly 1,500 YEARS
You can't limit how many times an hour an attacker gets to guess your password if he has a copy of your encrypted data, as in the case of the lastpass hack
2FA is access control not encryption. It doesn't come into play if someone gets the encrypted vault file or the strength of key used to encrypt said vault. A high number of PKDF2 rounds slows down the speed at which an attacker with the encrypted vault can guess the key. 600k is better then 1. It costs almost nothing to increase. Unless you use a potato as a phone. go to 1 or 2 million. Just do it.
Anytime somebody brags that their password has some absurd amount of entropy like "157.3 bits" I suspect that they don't understand what they're talking about. If they understood entropy well enough to say that with true confidence they would generate a much shorter, easier password; note that the 1Password blog table in the video demonstrates that an 80 bit password-which can be half as long as your (supposed) "157.3 bits"-is very strong already. And all that in turn makes me skeptical that their passwords actually have "157.3 bits" of entropy. If you don't understand that you gain nothing from it... how can I trust that your entropy estimate is accurate in the first place?
The encryption algorithm only provides 128bits of strength. Your password is half a billion times stronger than the encryption. You can make it shorter and not lose any protection. In fact you might gain protection because the more time the password is being entered in, the longer it can be scraped. More in principle than practice.
@rayjaymor charsets aren't binary so they don't marry up perfectly with the log2 of entropy calculations which is why one lowercase letter adds log2(26) = 4.7 bits of entropy
I really wish that people would stop saying things like password hashing "stretches" or "adds" entropy. It's literally not true-it doesn't make the attacker's password guesses any more uncertain. Maybe you could excuse that if it was helpful for a less technical audience... but no, it's not helpful for them either. What costly password hashing does is make it slower and costlier for the attacker to try out lots of password guesses-a simple enough concept that the table from the 1Password blog that the video shows demonstrates perfectly.
@@LAWRENCESYSTEMS The linked page manages not to misuse the term "entropy," which is my point. In fact the one place they mention it is this: "This process does not alter the original key-space entropy." I mean, anybody can understand that increasing the number of iterations makes the password cracking proportionately slower. Bringing the word "entropy" into this doesn't make it any clearer.
What is entropy when talking about cryptography? I only know of the physics definition of entropy: the level of disorder in a system, or when talking about thermodynamics - the amount of unusable energy in a closed thermodynamic system. Low-key it really bothers me that I don't know why he keeps talking about entropy for a password manager. My degree is in computer science after all. Though I do want a master's in physics.
It's a common term in cryptography and defined by NIST as: "A measure of the amount of uncertainty an attacker faces to determine the value of a secret. Entropy is usually stated in bits. A value having bits of entropy has the same degree of uncertainty as a uniformly distributedn-bit random value."
@Tom, and this is why I never rely exclusively on a master passphrase for my passphrase manager. I use KeePass2, because the entire KeePass database is fully encrypted, and not merely the passphrases, unlike LastPass. Also, it offers plugins which allow me to use a Yubikey alongside my master passphrase. This way, my master passphrase doesn't need to be as strong, since it's only a portion of what is used to derive the master encryption key. If someone ever managed to factor the master encryption key for the KeePass database, I can simply generate a new master key by changing the random secret on my Yubikey, and having KeePass generate a new master key and re-encypt my KeePass database. No need to memorize a new master passphrase. Then, I can simply change all my passphrases, and the attacker won't be able to access my accounts, because they won't be able to unlock the new database to get the new passphrases. This is something I do on a regular basis, and which ensures me that by the time anyone ever manages to crack the database, the information they get will be useless to them. Although, I actually use a decently long, and somewhat random master passphrase, for good measure. Call me paranoid, but it can't hurt. It's always a good idea to change your passphrases often, because the service provider could get compromised, or you might fall for a phishing attack, or a man-in-the-middle attack, or whatever. I think, it's best to operate on the assumption that it's never a matter of if, but of when the passphrases will become compromised. Planning strategy around a "what then" scenario is the correct way to think about security. Not having a dissaster recovery strategy is a recipe for dissaster. It's also a good idea to regularly test your strategy to ensure that it works as intended. Also, building checks and balances into the equation is important. You should never place all your eggs into one basket, like trusting in the strength of your passphrase, or hashing mechanism, or whatever. The people who created our Constitution even knew better than that. All, good reasons why I actually practice what I preach.
KeePass is great for personal use. But it's substantially less practical if you're managing passwords for an organization; especially for people that aren't super tech literate and manging access for more than one person (ie at work my team all use the same login for some apps) But otherwise I agree. If you are only using passwords for you - KeePass is awesome.
I use KeepassXC with password and keyfile to protect the database. It gets sync'd with in house Nextcloud server. Don't forget to increase the default rounds to something higher.
@@Darkk6969 There is also a plugin for KeePass2 to allow encrypting the database with two cyphers. This allows you to have two passphrases, and it even lets you use two Yubikey challenge-responses, in case you're extra paranoid. This doubles the amount of information you'd have to crack, and means you'd have to break more than one algo. Overkill much? Also, KeePass2 uses Argon2, which is probably better than PBKDF2.
The concept of entropy is what makes my students at high school use (a) a stronger password, (b) a unique password for each service and (c) a password manager. Thanks for the video, which will enter the list of "interesting videos" on the topic "cryptography".
Strong master password + Yubikey helps me sleep at night.
I do not think that the yubikey is used to derive that encryption key
@@ejbevenour And if the Yubikey was used to derive the vault encryption key, I'd be too terrified to lose that Yubikey or just that it'd break in time
@@sacundim that's why you get a backup yubikey.
Yubikey isn't used for encryption (unfortunately) only for 2FA to log into bitwarden
Yubikey helps you against social engineering attacks (putting your password in a wrong site), but if bitwarden's servers were breached, it's the master password that's used to encrypt it, not yubikey.
Clear and concise summary and advice as always Tom!
Glad you enjoyed it
Appreciate the increased activity on the Channel
Don't forget 2FA too!
arguably 2FA doesn't help you in the event that the vault itself is obtained, this is about decrypting the vault - not so much logging into it.
@rayjaymor well 2fa on your bank and other accounts help if vault is stolen
Good way to make basically random password you can remember is to think up some personally significant sentences, or something you can easily remember, with numbers, then take first letters of the words and numbers, you then get basically random string of upper and lower case letters, with some numbers. I also add couple symbols in there. As long as this password is 20+ characters it's about as hard as you would need it to be and you have method to remember it too.
Though personally I now just remember the password, not memory rule since I have typed it so many times.
And for generated passwords inside manager, at least get 40 characters with all characters enabled.
I switched mine to 1,500,000 rounds quite some time ago. It’s definitely a lot slower on mobile (cheap Androids for example) but I can live with an extra 10-15 seconds when I have to login with master.
Bitwarden now allows Argon2id as an alternative to PBKDF2. I don't login using my smartphone so it works for me. But it may slow down logging in with your phone.
@@vandrosia Yeah I’m not switching to Argon any time soon. It feels like they really rushed it out and I’m going to let the dust (and inevitable bugs) settle out first. Good to see them adding it though - DashLane has been running Argon quite awhile already.
@@curtispavlovec Bitwarden removed the cap on iterations. Now you can set 30,000,000+ rounds if you want to. Not that anyone would since your computer would slow down tremendously. But at least they give you the option.
Great information about keeping your passwords safe.
love your vids man... keep it up... you are making the world a better (and more secure) place for ordinary people (like me)!
thanks for the link to the password strength testing tool. Mine came out as centuries, phew!!!
Personally, I have no intention of asking that website to tell me if my password is strong or not. How do you know if that website is keeping your password to later use in an effort to breaking into your account(s)?
I like how Bitwarden allows you to use a PIN after logging in. I use a memorizable PIN locally, but use a randomly generated 256-bit master password (dd if=/dev/urandom of=/dev/stdout bs=1 count=32 | base64). The random master password is encrypted with a PGP key and saved in my cloud backups. In the rare case that I ever need to login on a new device, I just decrypt the master passphrase, copy/paste it in, and then set the PIN on that new device.
What if you lose access to that cloud service? Wouldn't your master password be gone forever?
@@h2oish2olikely got an offshore untouched copy. Cloud service for regular use plus on the go onboarding of new devices
wtf?
You use a digitally stored PGP key & digitally stored master password.....
that is absolutely the worst practice I've ever heard of.
@@permacultureecuador2925 what if the PGP is being done with a couple Yubikeys?
100,000 rounds adds 16bits of protection while 1,000,000 rounds adds 19 bits. A 10x increase only adds about 3bits while taking 10x longer. And for whatever reason, some platforms are really slow at PKDF2. Slow javascript?
I have one in my head that there is a logic to that makes it easy for me to remember, it still looks like a bunch of random characters and part of it was randomly generated, I applied the logic around the random characters. Might not be the absolute safest method in the world but should still take centuries to crack it.
I find it more interesting this collided with the Lastpass breach (how they also mention they are rolling out iteration increase).
If a company's iteration is secure, why do we look at "others".. To me if they do that, it simply says "we need to be more secure. We never thought about this in the past.. Dunno why ???? but we think its time to change just because someone did"
Why wait ? Its YOUR security, why are you looking at the competition for?? Doesn't that decrease your own trust as a company ?
Personally, I think length is far more important than 'complexity' and having a 20+ character passphrase (a sentence basically) that's easy to remember, easy to type [
This is what I recommend to my users for master passwords, difficulty to crack goes up exponentially with number of characters. A 24 character passphrase in lower case has higher entropy than a 16 one with all posible characters mixed. The first is easy to remember and type, the second usually ends up in a note somewhere.
Mine is 36 characters, symbols, upper and lower case and numbers, easy to remember, easy to type.
Isn't that just high complexity in the number of words instead of characters?
That's also NIST's advise (NIST SP 800-63b). Length is more important than crazy character set requirements.
Passwords of up to 64 characters must be allowed. No requirements on specific characters being used (upper, low, number, special).
Also, checking whether a chosen password has been discovered in password leaks before (HIBP provides a service for that). Leaked passwords end up in bruteforce lists and rainbow tables.
And MFA! Even SMS-based 2FA is better than nothing.
The method I came up with was to take a number, break it up, and make an equation out of it. Take 1337for example. The password would be "Thirteen+ThirtySeven=50" Depending on the numbers you choose, it can get pretty long but remain easy to remember with a good mix of the typical required characters. Though I don't know if its the most secure method.
Bitwarden is in the process of pushing out Argon2, a more advanced stretching algorithm. Wait to get updated to 2023.02 on all of your systems then switch on Argon2!
Strong passwords are not enough on their own in this day in age, hardware token or 3rd factor is really another level. Just remember software bugs are always going to be in existence, and eventually something will be reverse engineered, call me old fashioned, but cloud eventually gets compromised.
Yes, iCloud will eventually get compromised.
Strangely enough I'm now far less concerned about my LastPass vault being out there. My master password is crazy long.
Although that being said I did already go through and burn/replace every login that was on it.
Yeah, by the time that's cracked, probably all of the services you've stored in your password manager get directly breached themselves anyway and many of them probably won't be around anymore... and that's just assuming it'll be cracked in our lifetime
A long Diceware password and hardware two factor using a Yubikey with a backup Yubikey and keeping a printout of your master password in a safe place is more than enough security. Put your master password in the Bitwarden vault.
Got a new account last week and mine was on 100K changed it now to 600K and used the url for checking Pw strength.
In any good password manager, you can put your Master password in it and it will tell you whether it has good entropy or not.
Misspelling is also helpful ..
Taking a 15 character password with 1 special character & 3 dictionary words, this comes out at 13 days.
Removing 1 letter to misspell the longest word, it comes out at centuries- even though the password is shorter.
You can either keep throwing words in to create a really long password, or think about more about the words being used.
Why not just use a completely random password? Harder to remember for sure, but say 16 completely random chars (upper case, lower case, numbers, special keys) should be pretty secure, and not THAT difficult to remember, concidering that going forward, it's the only password you'll need to remember.
Took me maybe 3-4 days to learn my master password, typed it enough times to remember.
@@sagichdirdochnicht4653 You can certainly do that, definitely not AS easy to remember & not necessarily stronger.
It was just an option that can help to remember more easily & still get a sufficiently strong password, whilst passwords remain a thing.
@@everyhandletaken Of course you are right. And I do completely agree; misspelling words (in a long passphrase) certainly adds complexity, even if shorter, as it makes dictionary attacks a lot harder, maybe even impossible.
Tough I would most certainly say, that - given both are the same length - a completely random password would allways beat a passphrase, even when altered. However, all of that only counts for random things. Thinking up a Password or Passphrase wouldn't be a great Idea; this would make it easier for someone to social engineer it. Computers may be bad in random things, but we humans are much worse at it.
Much more important then a few more or less digits in the Password tough is 2FA in my Opinion. Say somehow I got Malware on my phone (rather unlikely on my Linux Desktop) and someone could spy out my Master Password, good luck with that. Without my Yubikey(s) that Password is basically completely useless anyway.
@@sagichdirdochnicht4653 100% agree
The goal is to do all you can to remain secure & the more complex you can make the situation the better, of course at the sacrifice of some convenience.
I would certainly rather see someone that uses “password1234” go for something like “Caetching100fysh@6am” (catching 100 fish at 6am), even if there is only 1 special in there & a dictionary term. Definitely could be better, but a huge improvement ☺️
What I really hate are situations where a service mandates a minimum number of characters, but also a ridiculously small maximum. Also 2FA with SMS only too, no authenticator app or hardware key.
Whilst on the topic of YubiKey, I have considered them a number of times- do you have any reasons against them, or are they as good as they seem?
@@everyhandletaken Since I use my Password Manager to generate Passwords for any service, I really don't care (anymore) about minimum requirements, as I allways surpass them. Haven't encountered a problem with maximums tough; but that may be due to the fact, that I use "only" 12 char Pws for most services.
Yubikeys are amazing. I use them for two years now. They do exactly what they are supposed to do.
I'm not aware of any downsides, and pretty much only had good experiences.
The only "downsides" I can imagine aren't really the fault of the Yubikey. s
1. You NEED at least two of them, and this is not for debate. If you lost your only key, you are f.... You need at least one Backup. And those keys ain't cheap.
2. You can not get any Data off your Yubikey. So you can't get a Backup of 2FA Tokens, GPG Keys or whatever you have thrown onto there.
This however is by design and very much intended! Just thought I wanna add this, because I've heard people complain. But again, this is a Feautre, not a Bug!
3. It can be annoying to set up 2FA. Those tokens you would usually use with eg. Google Authenticator or whatever - they work with Yubikeys (which is great). And the credentials are stored on the Key. The "Issue" is, that you'll have to setup all your Keys at once, when you setup an account and place the same credential in any of them. You therefore also not revoke a single Key.
Not an "issue" with any of the better authentication Methodes, like FIDO or FIDO2, however, this authentication Methode is still the most used and many services do not offer those better alternatives.
(4. I've had some trouble getting the Linux App for Yubico Authenticator running on an Ubuntu LTS Release. You need this App in order to use 2FA with Tokens (the equivalent of eg Google Authenticator. Just that your codes are stored on the Key, which is much much more secure). Wasn't a real Issue tough, as the Snap Version runs fine there. )
Well, I really can't think of any more Downsides and I'm using them for over two years now. I 0% regret buying them and would 100% recommend - and that's saying something.
If you wanna hear positive things - well, so far nobody has been able to break those things. So they do exactly what they are supposed to do and do it well.
Tough when I rambled about in point 3 about how 2FA codes can suck - this is actually where the Keys add alot of convenience. Usually you'd use your Phone to store those Codes and use eg google Authenticator.
Therefore everytime you login somewhere you'd need your phone to login and type in the 6 digit code every time. As I am a lazy Fuck, that would be to annoying. I just use the Yubico Authenticator app, click the right entry, touch the yubikey - code copied to clipboard.
And nope, I'm not associated with Yubico in any way, shape or form. I'm just 100% satisfied and this only happens very, very rarely these days.
By default I generate 21 character random passwords that are stored in my Bitwarden, I have a 36 character master password with a mix of Upper and lower case, numbers and symbols but is a personalized phrase that nobody but me would even consider, and I use Fido2.
if you have a MAC, consider adding Foreign Language Special Characters to your password. FLSC are created requiring 2-3 keystrokes to add ONE character to your password.
2FA won't help if Bitwarden is hacked in the same way Lastpass and the vaults are exported, right?
Yup, that is why I did not even bring that up (but probably should have mentioned it)
@@LAWRENCESYSTEMS Good to know I can sleep easy, knowing it will take centuries to crack my master password. According to Bitwardens Password Strength Test Website.
Wouldn't really say it adds entropy. Entropy is a measure of the number of yes/no questions you need to ask to find the answer - n bits, 2^n questions. Adding iterations just makes it take longer to get the answer to each question
It's called which does increase the entropy en.wikipedia.org/wiki/Key_stretching
Correct, it doesn't add entropy, the number of possible combinations, it adds to the length of time required per guess
@@LAWRENCESYSTEMS As it says in that article, it merely _mimics_ randomness and longer key length. I know that may seem like hair-splitting, but this can be confusing to people coming to this stuff for the first time. The article also mentions "If this added effort compares to a brute-force key search of all keys with a certain key length, then the input key may be described as _stretched_ by that same length", which is a reasonable metaphor, but that's for people who already understand what's going on
If you have a master password that a strength calculator (BitWarden) determines would take centuries to crack, is that based on single conventional PC equipped with a powerful GPU? Would that time to crack drop significantly if say, someone were to repurpose a cryptocurrency farm to crack passwords instead?
Look up quantum computers. It's scary powerful that *CAN* crack those password fairly quickly when several of those computers are running at a server farm.
@@Darkk6969 But hackers aren't getting access to Quantum computers in the foreseeable future. I'm talking conventional PC hardware and multiple GPUs being used to attack a very strong master password.
Yes, I've been wondering that too! That 2013 post mentioned in the video was a good comparison for the time, but four 2013 GPUs don't hold much of a candle to a modern crypto farm running dozens of 3090s. @LawrenceSystems: do you have any contacts who could calculate an updated comparison with, say, 100k, 500k, and 1mil PBKDF and 30-200 bits of entropy?
Thank god I am from a small country with obscure language, screw them dictionary attacks
Reading through the comments it would appear that using 2FA does not provide the level of protection some of would have thought in a LastPass breach. Would using the likes of Yubikey have the same weakness? It would be good to produce a video following up explaining what additional controls are effective/not in a LastPass event. Or is master password complexity the only protection?
2FA only provides client access protection, i.e. someone trying to get in from the outside. It does absolutely nothing if the server is compromised, no matter which 2FA method used.
I would love to see Yubikey become a part of the encryption process itself, but I'm not sure if that's possible, or even a good idea (how would you recover if the key failed?).
2fa on all your *non-vault accounts* most certainly adds protection. In fact it's the best line of defense against bad/cracked passwords, so everyone should be using it.
@@jm-lc3jp I stand by what I said, it's completely useless if the backend is compromised. I'm not saying don't do 2FA - absolutely 2FA the crap out of everything you can, but it means nothing if someone steals the database.
@Derryn Jones and if someone steals the database cracks your vault and gets your password and goes to your bank website puts it in and then....oops you enabled 2fa WITH THE BANK = stops the hacker. I think we are talking about different things. 2fa IN GENERAL helps even with valut breaches by protecting your assets downstream of the crack. 2fa with the vault provider doesn't stop a backend theft anymore than a strong (non-vault) website password prevents an attacker who is already on the backend side of authentication
@@jm-lc3jp yeah but it's not just vaults that can be compromised from the back end. Based on the last 12 months of attacks it seems more likely someone inside the bank will leak the credentials to some backend server and take your money from the inside, regardless of how many authentication methods you have.
Bank isn't a good example, but it's still possible.
Isn't it 10,000 vs 45,000 (not 450,000)? Thanks for the info!
Haha, yup.
My master password is so good, I had to write it down so I can remember it.
Thanks Tom
A lot of people, some so called experts, seem to not understand entropy and think something like a long diceware password is "vulnerable" to a dictionary attack
I use a local database and throw in a key file for good measure. It's no yubikey but free is free.
KeePassXC for the win!!
People is always the problem, no matter how long you explain how important an unguessable password is, people turn around and plug their niece name with the date they where born. At least, 2fa is saving their souls (a bit) but still, as we all know, if an ''allowed'' device is compromised, it all comes down to the password again to access the vault.
5:15
Adding words, even though a lot of them, probably does not increase entropy as much as it shows.
Such evaluation tools are probably overestimating these cases.
Depends on the attack dictionary size. Every word adds log2(dict size) bits of entropy. So dictionary with a size of 2^13=8192 gives an additional log2(2^13)= 13 bits of entropy. You can convince yourself of the power of words by just calculating keyspace.
@@jm-lc3jp Since the whole word theme is for convenience, than you wouldn't expect average user to use anything other that common obvious words, otherwise they might end up having problems recalling correct spelling let alone meanings associated with passphrase.
And average active vocabulary of English speaking person is even smaller than your example. Partly because English is very good at reusing words compared to other languages, not even persons fault.
So these dictionaries are probably already compiled long ago, and are easily updated nowadays with modern tricks like huge readily available leaked real password databases and(or) ML combined with good old techniques like web scrapping and generators.
The evaluation is assuming that the words were chosen at random. Which of course in this case was not.
@Leeroy and that's the great thing about xkcd-style passports generation. I could GIVE you the dictionary, the dictionary could ONLY be the size 10000 simple words (rockyou is 14 million) AND I could tell you "it's 5 dictionary words in a row, have at it" and you STILL have to search a keyspace of 10000^5 10^25. At 80 kH/s for 4090RTX you could assume 10000x increase in GPU power 30 years, and 100GPUs attacking at once and it would still take you 6 months to find my pass. Word-space just grows so much faster than character-space--yes even for the most common 10k words in the dictionary (as long as they are not so small as to reduce to character attacks)
If I had a weak master password when I created bitwarden, and changed it Since then, do I need to rotate the account encryption key as well??
After checking Bitwarden's help it seems that you should do it, but make a backup just in case
Hmm. I thought my password was pretty good but maybe not. I need to find that online tool and run some tests.
Bitwarden Password Strength Testing Tool
bitwarden.com/password-strength/
It's great too see you are salting your passwords!
It's just a shame that you didn't directly mention "salting" as an additional layer of password creation security that people can use alongside Hardware Password Keys or Password Database Software Solutions (Like BitWarden, LastPass, etc).
Of course security is all about what's the weakest link.
I just wanted to say it encourages confidence in me that people are trying to improve their security when I see "Salting-like" behavioral traits.
If I've highlighted a common trait and weakness here in your system of thought then I recommend that you change up how you salt stuff just to give yourself a gap between what you used to do for salting and what you do going forwards.
Evolve, Adapt, Secure.
I see I need to change my master password.
Somebody somewhere in 12 billion years is going to find it and access my accounts.
With all the hacks happening I think some companies are using 123456 for their password.
I was testing the bitwarden strength tool. So master-password-master is at centuries to crack. Now if I change it too master-password-master-master I'm down to 3 years. Strange right? I wonder if you have an explanation?
master-password-master should be 24 years.
why dont they just change everyone to 600K by default?
They don't save your secrets, so they can't recompute. They could potentially force you to do so on your next login or something, BUT changing the number of rounds also changes the results, which means your vault has to be re-encrypted with the new values and all of your sessions will be invalidated. While it is best practice to have more rounds, it really doesn't add a whole lot protection. Not worth bothering the customer.
Got my master password at a length of 55 characters/words is that good :)
Hmmm, might want to go 56😀
Wait what, @Tom - don't you mean PBKDF2 and not PKDF2? - I think we all get what is meant, but just to avoid confusion?
Acronyms are hard
It always comes back to XKCD 936
Interesting I just bumped mine up to 600000 and I got logged out and I can not log back in, I know what my Master Password is as I had to use it to change the iterations what's up with that?
@@CH-vo7fu No Bitwarden / Cloud based
Try blank password, may be you just forgot to enter new master password on same page where you change iterations?
@@ВячеславСёмин-с8б It won't even accept blank / no password. Based on what I am seeing in the forums I am not the only one this has happened to so let this be a lesson to all BACK UP YOUR VAULT before doing anything like this.
@@Boston_Pete Bitwarden recommends/warns/encourages everyone to BACKUP the vaults, B4 changing the iterations, just in case.
I start to wonder however... does this really even matter,
My point is not just a matter of how long it will take to crack.
But if the system is designed to limit you to 5 wrong answers an hour.
Even a 4 character password could take you nearly 1,500 YEARS
You can't limit how many times an hour an attacker gets to guess your password if he has a copy of your encrypted data, as in the case of the lastpass hack
My master password has 157.3 bits of entropy, and I have 2FA enabled.
So yeah, I guess the 500.000 fewer rounds won't make any difference. ^^
2FA is access control not encryption. It doesn't come into play if someone gets the encrypted vault file or the strength of key used to encrypt said vault. A high number of PKDF2 rounds slows down the speed at which an attacker with the encrypted vault can guess the key. 600k is better then 1. It costs almost nothing to increase. Unless you use a potato as a phone. go to 1 or 2 million. Just do it.
Anytime somebody brags that their password has some absurd amount of entropy like "157.3 bits" I suspect that they don't understand what they're talking about. If they understood entropy well enough to say that with true confidence they would generate a much shorter, easier password; note that the 1Password blog table in the video demonstrates that an 80 bit password-which can be half as long as your (supposed) "157.3 bits"-is very strong already.
And all that in turn makes me skeptical that their passwords actually have "157.3 bits" of entropy. If you don't understand that you gain nothing from it... how can I trust that your entropy estimate is accurate in the first place?
The encryption algorithm only provides 128bits of strength. Your password is half a billion times stronger than the encryption. You can make it shorter and not lose any protection. In fact you might gain protection because the more time the password is being entered in, the longer it can be scraped. More in principle than practice.
hang on, 157.3 --- how do you get a fraction of a bit??
@rayjaymor charsets aren't binary so they don't marry up perfectly with the log2 of entropy calculations which is why one lowercase letter adds log2(26) = 4.7 bits of entropy
That says 45 thousand not 450 thousand.
Oh 2 mins to crack my password. Maybe need to change it.
You keep saying 450,000, but your chart says 45,000
Yes, I mispoke
First
Or just host your own instance that nobody knows about, helps a million fold!
I really wish that people would stop saying things like password hashing "stretches" or "adds" entropy. It's literally not true-it doesn't make the attacker's password guesses any more uncertain. Maybe you could excuse that if it was helpful for a less technical audience... but no, it's not helpful for them either.
What costly password hashing does is make it slower and costlier for the attacker to try out lots of password guesses-a simple enough concept that the table from the 1Password blog that the video shows demonstrates perfectly.
Key Stretching is the term en.wikipedia.org/wiki/Key_stretching
@@LAWRENCESYSTEMS The linked page manages not to misuse the term "entropy," which is my point. In fact the one place they mention it is this: "This process does not alter the original key-space entropy."
I mean, anybody can understand that increasing the number of iterations makes the password cracking proportionately slower. Bringing the word "entropy" into this doesn't make it any clearer.
What is entropy when talking about cryptography? I only know of the physics definition of entropy: the level of disorder in a system, or when talking about thermodynamics - the amount of unusable energy in a closed thermodynamic system.
Low-key it really bothers me that I don't know why he keeps talking about entropy for a password manager. My degree is in computer science after all. Though I do want a master's in physics.
It's a common term in cryptography and defined by NIST as: "A measure of the amount of uncertainty an attacker faces to determine the value of a secret. Entropy is usually stated in bits. A value having bits of entropy has the same degree of uncertainty as a uniformly distributedn-bit random value."
[whoa]...check the title on this vid...yo...someone help this guy in there...holy s***
Why do people use Bitwarden? It sounds like Bitwarden is only slightly more secure than putting your passwords on a post-it note under your keyboard.
Lmfao smh 🤦♂️
I swear why does he repeat himself so mucch??
To see if you are paying attention and to see if you are paying attention.
@Tom, and this is why I never rely exclusively on a master passphrase for my passphrase manager. I use KeePass2, because the entire KeePass database is fully encrypted, and not merely the passphrases, unlike LastPass. Also, it offers plugins which allow me to use a Yubikey alongside my master passphrase. This way, my master passphrase doesn't need to be as strong, since it's only a portion of what is used to derive the master encryption key. If someone ever managed to factor the master encryption key for the KeePass database, I can simply generate a new master key by changing the random secret on my Yubikey, and having KeePass generate a new master key and re-encypt my KeePass database. No need to memorize a new master passphrase. Then, I can simply change all my passphrases, and the attacker won't be able to access my accounts, because they won't be able to unlock the new database to get the new passphrases. This is something I do on a regular basis, and which ensures me that by the time anyone ever manages to crack the database, the information they get will be useless to them. Although, I actually use a decently long, and somewhat random master passphrase, for good measure. Call me paranoid, but it can't hurt. It's always a good idea to change your passphrases often, because the service provider could get compromised, or you might fall for a phishing attack, or a man-in-the-middle attack, or whatever. I think, it's best to operate on the assumption that it's never a matter of if, but of when the passphrases will become compromised. Planning strategy around a "what then" scenario is the correct way to think about security. Not having a dissaster recovery strategy is a recipe for dissaster. It's also a good idea to regularly test your strategy to ensure that it works as intended. Also, building checks and balances into the equation is important. You should never place all your eggs into one basket, like trusting in the strength of your passphrase, or hashing mechanism, or whatever. The people who created our Constitution even knew better than that. All, good reasons why I actually practice what I preach.
KeePass is great for personal use. But it's substantially less practical if you're managing passwords for an organization; especially for people that aren't super tech literate and manging access for more than one person (ie at work my team all use the same login for some apps)
But otherwise I agree. If you are only using passwords for you - KeePass is awesome.
I use KeepassXC with password and keyfile to protect the database. It gets sync'd with in house Nextcloud server. Don't forget to increase the default rounds to something higher.
@@Darkk6969 There is also a plugin for KeePass2 to allow encrypting the database with two cyphers. This allows you to have two passphrases, and it even lets you use two Yubikey challenge-responses, in case you're extra paranoid. This doubles the amount of information you'd have to crack, and means you'd have to break more than one algo. Overkill much? Also, KeePass2 uses Argon2, which is probably better than PBKDF2.
@@TheChadXperience909 Cool to see it can do double ciphers via the plugin. Currently my database is using Argon2d.