Bertrand Florat Tech articles Others articles Projects Cours et papiers CV Contact

How I manage my passwords

Bertrand Florat - Aug 16, 2014

With so many websites and system credentials we have to remember, settling down to an acceptable password policy is challenging. After years of trial and error, I'm approaching something I eventually find convenient and safe enough.

UPDATE 2020

For type-1 passwords according to my categorization, I now use this method from ANSSI (French Security Agency) : create a memorable passphrase and use only the first letters. For instance : When I go to work, I always stop at Bob's becomes : wig2w,IasaB's .

What I learned

  • Don't use the same password for all credentials : if one is cracked, attackers will go straight to the similar resources (like Facebook after Twitter) and gain access to them. Using small variants is not enough, especially of the pattern if obvious (like mypassword_facebook and mypassword_twitter ) .

  • Change often your passwords (I have still some work to be done here).

  • Use passphrases or long passwords because the most important thing for a credential is the length, not the estimated complicity. Check out this excellent website, it explains it ways better than I would.

  • Human are extremely predictable, never trust yourself when choosing a password, only trust randomness and maths.

  • Never use a generated password from the Web, you never now if the website is safe or if the communication between you and this website is (even under HTTPS, the communication can be intercepted and store for further analysis by malicious governments for instance).

  • Don't trust password "strength" evaluators that are based upon the kind of characters, their case, the special characters presence and so on but doesn't deal with emerging patterns that would dramatically reduce the entropy and makes the password trivial to guess. For example, aBcDeFgHiJ1234567 is evaluated as very strong but would be broken down in minutes by any attacker.

  • Only rely on randomness from the real word (like using dices or coins), not on pseudo random number generators (like /dev/urandom under Gnu/Linux). However, I feel free to use random number generators when available ( /dev/random under Gnu/Linux). OK, I know it is less safe than using physical stuffs but I feel it's an acceptable trade-of between security and convenience.

  • Don't let your browser to remember the most important passwords and perform regular cleanups of every passwords you already stored into it. However, I for one make exceptions for low to moderate importance passwords GIVEN THAT 1) I NEVER leave my computer unlocked, even for a few minutes 2) all my personal data is stored on FDE or LUKS/dm-crypt encrypted volumes.

  • There are two types of passwords :

    • [Type 1] The passwords you need to remember because you often need them (like login on your systems) or because you must remember them when you don't have your computer with you, when traveling for instance (Paypal, Online bank, webmail passwords etc.). You should create a strong yet memorable passphrase for each of them. The best method to achieve it is probably using the Diceware method. If you aren't already familiar with it, I can't advice you enough to read it and its FAQ.

    • [Type 2] The passwords you don't need to remember because you don't use them often. In this case, free your mind and store them using a wallet program like keepass or an encrypted raw text file. Don't use proprietary program that could contain backdoors but only Free/Open Source softwares.

  • Not all passwords have to be equally safe. The more a password is safe, the more it is difficult to remember and the longer it is to type, hence altering user experience. When dealing with 'stored' passwords, you should always use very long and complex passwords because there is no inconvenient to do so in this case. You can use a (local) password generator of very length random strings with many numbers, different letter cases and special characters because you don't have to remember them anyway but only to copy/paste them from the wallet (BTW, most of them come with a convenient feature of pushing temporary the passwords into the clipboard and can generate new passwords as well). The length and complexity of the passwords to remember, for their part, can be calibrated according different levels. For example : 4 diceware words for low/medium security level and 6 words and case/special characters variations for the most sensible credentials.

  • Use a personal salt (a salt is a string we add to a password to make sure that an attacker cannot use pre-computed rainbow tables and break your password in seconds). Most websites don't actually store your password but only a MD5/SHA-1 hash of your password along with a salt set on a per user basis. This is the current state of the art but this is not always the case and you can't expect all the websites you use to enforce this basic rule. Using your own salt is an additional precaution in the case where the website stores the passwords hashes without salt. Of course, it is useless if the website stores the password in clear.

The errors I made

  • I used online password generators. Some are cool because they map easy to remember passphrases to strong passwords. So. what's the problem ? 1) You have to come back to their website every time you need the password ; 2) same as before, you can't trust the website or the communication anyway; 3) What if the online service shuts down ? answer : you loose all your passwords (you don't even know the algorithm they use to map a passphrase to a strong password so you can't rewrite it by yourself to get back your passwords from the passphrases you still remember).

  • I tried various methods to remember my passwords. Some are based upon a base password on which we apply a transformation (like a->@, i ->! and so on) and that we specialize according to the website (like MyP@wd-f@cebooK and MyP@wd-Tw!tteR ). What's wrong with that ? 1) The special characters substitution is often hard-coded into the attacker dictionary and has nearly zero advantage in comparison with the initial character; 2) Imagine that in my case an attacker cracks my Facebook password, do you think it will be difficult for him to find the Twitter one once he knows my pattern ?

The final solution I set up

Disclaimer : while most of the tools or methods exposed here are proved, the adaptations of my own may reveal wrong, I don't claim to be a security expert.

For type 1 passwords

I use the raw Diceware method or a small free software password generator running locally on my desktop without any external dependency and made of only few hundred of lines of code (that I checked). I also hacked the program to use /dev/random instead of /dev/urandom. The program used the diceware 8k dictionary. For medium security level, I use a Diceware three words scheme + a salt. For high security passwords, I use a five Diceware words scheme (that I'll call the 'base') + a salt + a random number/special character pattern. To increase the passphrase entropy, I use this following personal method*. The basic idea is to use the passphrase base itself to add entropy without adding things to remember like positions of special characters :

  • The salt is made of the concatenation of each first letter of the Diceware words and a '+' character.
  • The five Diceware words are expressed in lower case without separator (never use space between words because of the noise made by the space bar, you would give a significant hit to a spy).
  • A special character + three number (like '''587'') I'll have to remember in addition to the base passphrase. The location of the pattern is given using this basic algorithm : the word number is given by the alphabetical order of the base password, then the location of the pattern into the matching word is given by the alphabetic order of word letters itself (I don't detail the boundary limits cases here).
  • Example of resulting password for this Diceware pass phrase : ''dec scan labile deify shafer'' becomes : ''dslrs+decscanlabiledeif'587yshafer'' (d of 'dec' = 4 so the pattern is included in the 4th word, deify and 'd' in 'deify' gives 4th position in 'deify' word).

(*) The Kerckkoffs security principle states that knowing the security tools or methods in use doesn't provide any significant advantage to the attacker, I hope this is still the case here.

For type 2 passwords

I don't like much wallet programs because I find them too 'formal' and too cumbersome to add new entries. I finally use a HTML/Javascript small free software page I run locally. My passwords are AES-256 encrypted on a file I open using any text editor. Then I paste the encrypted text into this web page, type the master password and the clear text with passwords is then displayed in a text area, ready for copy/paste or CTRL-F searches. I read the Javascript code to check for backdoors and hacked it slighly, adding a timer to clear the password and the clear text area after a short delay so the passwords information is hidden automatically even if I forget to close the browser tab.