Comparison of Usability and Security of Password Creation Schemes
Anne Wildenhain, Jeremiah Blocki, Anupam Datta, Manuel Blum
August 11, 2012
Anyone who wishes to use the internet is confronted by the task of creating passwords. The user is presented with a multitude of different password creation schemes and even a simple Google search provides torrents of—frequently conflicting—advice. Users may not know which scheme to choose and are often unable to gauge the security and usability of the password creation methods suggested to them.
Many of these password creation schemes are also vague in their instructions. Left without guidance, users tend to create passwords that are much weaker than the few examples proffered by the author of the scheme. They find themselves with unfounded confidence in the security of their passwords and ecstatic about their usability, while unbeknownst to them adversaries are systematically breaking into all their accounts.
In this paper, we look at a sample of password schemes found in scholarly papers, National Institute of Standards and Technology publications, and through simple Google searches, all sources that users might investigate when creating their passwords. We describe the schemes and present their pros and cons. We then assign a “gut feeling” value to each scheme’s usability and security. These values are displayed in a table and graphed in a scatter plot. Examples of each password creation scheme are also shown in the table.
This work was supported by the National Science Foundation under grant CCF-0830540.
Scheme Descriptions
(Note: The user does not write anything down unless it is explicitly specified in the scheme description.)
Scheme 1: Control: Just hit enter
User hits enter for all passwords.
Scheme 2: Base password plus derived
http://lifehacker.com/5631203/how-to-update-your-insecure-passwords-and-make-them-easy-to-use
User creates a base password and then attaches characters from the site name to a chosen location in the base password for each individual password.
Scheme 3: NIST Base password plus modification
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
User creates a base password and then attaches a different modification to create each password (different location and/or different characters). This modification does not have to have anything to do with the site name. User then records the location and identity of the modifications and notes which site corresponds to each modification and refers to this guide to log in. User does not write down the base password.
Scheme 4: Base PAO (Person Action Object)
(copied from email from Jeremiah) “Creating a Password: The user first selects three people that is familiar to him (e.g., boss, coworker, brother, father, friend, etc…) The user then randomly selects a random action and a random object (using a computer program for random selection). The user should store the names of the people he selected publically in a convenient location (file on the computer, public web site, printed photo carried in wallet etc…). The user does not need to worry about hiding these names. He should also publically note which account the names are being linked to.
Memorize Password: The user spends a few moments trying to imagine the stories playing out.
Rehearse Password: Rehearse the password after 1 day, then after 4 days, then after 8 days, 16 days ….(logging in to the site counts as a rehearsal.)
Recall Password: The user looks at the names, remembers the corresponding actions/objects and enters his password.
Recommendations: Use a small set of vivid actions and vivid objects (around 80 actions + 80 objects). The user should use separate names/PAO stories for each account.”
Scheme 5: Base Picture Scheme
(copied from email from Jeremiah) “Creating a Password: The user first selects a picture that is interesting to him. The user then randomly selects 16 words from a dictionary (using a computer program for random selection). The user may select 4 of these 16 words to form a password. The user should store the picture publically in a convenient location (file on the computer, public web site, printed photo carried in wallet etc…). The user does not need to worry about hiding the picture. He should also publically note which account the picture is being linked to.
Memorize Password: The user creates a story involving these four words inside the picture. The user can create any story he wants, but we would recommend stories that are unusual or surprising.
Rehearse Password: Rehearse the password after 1 day, then after 4 days, then after 8 days, 16 days ….(logging in to the site counts as a rehearsal.)
Recall Password: The user looks at the picture, remembers the corresponding words and enters his password.
Recommendations: Sort the words so that you don’t have to remember the order. Use a dictionary of 20,000 words so that everyone will be familiar with the words that are selected. The user should have a separate picture/story for each account. The same picture should not be reused for multiple stories.”
Scheme 6: Base password plus derived plus random
http://safeandsavvy.f-secure.com/2010/03/15/how-to-create-and-remember-strong-passwords/
Annika suggests that users first create a “pin” [base password] that is at least three characters long. Users should then create a system that converts the site name into a portion of their password (like with the base password system). To create a password, users combine the characters created from the site name with the pin and then add at least four random characters to the end of the password. She then suggests that the user writes down the portion of the password from the site name and the random characters but not the pin. The random characters are different for each password.
Scheme 7: Combining words algorithm
(copied from Sam Wilson’s paper, page 10)
“Algorithms can be developed to help users remember mixed character passwords. The following is an example of an algorithm that could be used:
1. Think of two words easily remembered – airplane wing (for example)
2. Add up the number of characters – 12
3. Take out the vowels and put the number in between – rpln12wng
4. Capitalize the first and last word – Rpln12Wng
5. Change one of the letters to a special character – Rp!n12Wng
6. You now have a secure password that is somewhat easy to remember.”
Scheme 8: NIST Combining words algorithm
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
(copied from NIST publication) “A user can combine two or three unrelated words and change some of the letters to numbers or special characters.” This is the extent of the instructions for this scheme.
Scheme 9: Mnemonic Scheme
http://www.rowan.edu/toolbox/network/username_password/password/index.html
(copied from the Rowan University website) “1. Make up a sentence you can easily remember.” “2. Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety.” One phrase per password.
Scheme 10: NIST Mnemonic Scheme
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
(copied from the NIST publication) “A user selects a phrase and extracts a letter of each word in the phrase (e.g., the first letter or second letter of each word), adding numbers or special characters or both.” Although the directions specify that only one letter is taken per word, two of the NIST examples include words from which more than one letter was taken. Because of this, I concluded that this was permissible for the scheme. Punctuation and capitalization are preserved in the phrases. One phrase per password.
Scheme 11: NIST Altered Passphrase
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
(copied from NIST publication) “A user selects a phrase and alters it to form a derivation of that phrase.” These alterations include phonetic spelling, capitalization changes, and changing letters/words to numbers/special characters. A new phrase is used for each password.
Scheme 12: Inkblots
http://hotsoft.carleton.ca/~sonia/wordpress/publications/
Users are presented with a series of ten computer generated blots and are prompted to think of a word or phrase that describes each one. They are then asked to type only the first and last letter of the word/phrase. For authentication, users are presented with the inkblots in a different order than they saw them for password creation (this order remains the same for all authentications) and are prompted to type their ten two-letter pairs as their password. This process is repeated for each account.
Scheme 13: City, State pair
http://www.soundpuzzle.com/passwords.html
User takes city, state or city, country pair, removes the vowels, and inserts a punctuation mark between the two words. They then substitute some of the letters for ones that can sound the same phonetically and capitalizes these, and some of the letters for numbers that look the same or have some other logic for their substitution. Each password is based on a new pair.
Scheme 14: Control: Random characters
User uses a unique 10 character random string for each password. Characters are taken from the 95 keyboard characters.
Scheme 15: Mnemonic scheme plus street address
http://urbansemiotic.com/2005/12/11/hardening-passwords/
First, David Boles has the user choose a phrase and take the first letter of each word in the phrase (preserving capitalization but not preserving punctuation). He then attaches the number of a street address, followed by the first letter of each word in the street name preserving capitalization. He also incorporates frequent password changes into his system, suggesting a change once every six weeks (by which time the user will have run out of street addresses that they remember).
Pros and Cons
Pros are marked in green. Cons are marked in red.
Scheme 1: Control: Just hit enter
Very easy to use, no memorization
All passwords the same, so no confusing one with another
All passwords the same, so adversary gains access to everything when gets one
Horrible security even if adversary does not have any other passwords
Knowing the scheme immediately gives adversary all passwords
Some sites do not allow this as a password, user would have to have a fall-back plan
Scheme 2: Base password plus derived
User only has to remember base password and algorithm
Once the system is in place, making/remembering more passwords is no extra effort
Site name used as cue
User creates algorithm (not provided by computer), takes effort, will most likely not be complicated
If adversary obtains one password, likely able to determine base and algorithm and crack all others, if adversary obtains two passwords, definitely able to get base
Even if adversary is unable to determine the algorithm but has base, would be able to brute force that portion of the password
Scheme 3: NIST Base password plus modification
User only has to remember base password
Modification not determined by site name, so, in theory, adversary would be unable to derive it
Modifications placed in different locations in the password, less predictable
User has to carry paper with them, causes hassle and security issues
User has to invent each password’s modification and each modification’s location in the password
If adversary obtains one password, likely able to determine base and crack all others, if adversary obtains two passwords, definitely able to get base
Scheme 4: Base PAO (Person Action Object)
All memorization is cued
Adversary not aided by cue
Learning any number of passwords is not an advantage to the adversary
Knowing the scheme not an advantage for adversary
Takes advantage of chunking
Easy to type words without capital letters, special characters, numbers
Rehearsal schedule makes forgetting less likely
Rehearsals required
Some sites may not accept a password 20 characters long, need a fall-back plan
Long password takes time to type, more possibility for mistakes
User required to select people to use as cues
Possible for multiple passwords to include same action or object, could cause interference.
Scheme 5: Base Picture Scheme
All memorization is cued
Adversary not aided by cue
Learning any number of passwords is not an advantage to the adversary
Knowing the scheme not an advantage for adversary
Takes advantage of chunking
Easy to type words without capital letters, special characters, numbers
Rehearsal schedule makes forgetting less likely
Rehearsals required
Some sites may not accept a password 20 characters long, need a fall-back plan
Long password takes time to type, more possibility for mistakes
Requires user create a story to memorize the words, may be difficult for some users
Requires user choose picture for cue
Scheme 6: Base password plus derived plus random
User only has to remember base password
Once the system is in place, making/remembering more passwords is no extra effort
Site name used as cue
User creates algorithm (not provided by computer), takes effort, will most likely not be complicated
User required carrying paper with them, causes hassle and security issues
System asks that users write down derived components, which compromises the component’s security and is unnecessary
Length of components not long enough to resist brute force attack if one of the components is compromised
Scheme 7: Combining words algorithm
Number, special character, capital letters required by scheme
Identity and location of number and capital letters dictated by algorithm
Takes advantage of chunking
Location and identity of special character must be memorized
User (not computer, random selection) has to choose words that are adequate
No cue, no linking of the specific password with its specific site
Adversary able to create dictionary if discovers system
Scheme 8: NIST Combining words algorithm
Takes advantage of chunking
User required to create algorithm used to connect words
Requires the user to choose “unrelated” words
Word choice not random (would benefit security) or related (would benefit memory)
Location and identity of capital letters, special characters, and numbers must be memorized
No cue, no linking of the specific password with its specific site
Adversary able to create dictionary if discovers system
Scheme 9: Mnemonic Scheme
No obvious words in the password, would not be broken by a dictionary attack using English words
Phrase memorized as one chunk
User has to think of new phrase for each new password
Phrase likely one from popular culture, adversary able to create a dictionary to use to crack
No cue, no linking of the specific password with its specific site
“Extra punctuation” requires the user choose to add it, choose to place it
“Extra punctuation” difficult to remember
Scheme 10: NIST Mnemonic Scheme
No obvious words in the password, would not be broken by a dictionary attack using English words
Phrase memorized as one chunk
User has to think of new phrase for each new password
Phrase likely one from popular culture, adversary able to create a dictionary to use to crack
No cue, no linking of the specific password with its specific site
“Extra punctuation” requires the user choose to add it, choose to place it
“Extra punctuation” difficult to remember
Scheme 11: NIST Altered Passphrase
Utilizes chunking
User required to invent new phrase per password
No guidelines for alteration of phrase
User must remember how they altered their phrase, will either forget or use common, predictable alterations
No cue, no linking of the specific password with its specific site
Scheme 12: Inkblots
All memorization is cued
Adversary not helped by the cue
Ten cues per password, user possibly unable to distinguish the cues
Some sites may not accept a password 20 characters long, need a fall-back plan
No rehearsals, likely user will forget passwords not often accessed
Scheme 13: City, State pair
Includes all four character sets
Location random, user not required to invent it
Knowing other passwords would not aid adversary much
Possible for user to have difficulty obtaining random location
Very possible that user does not know of the city in the first place
No cue, no linking of the specific password with its specific site
Adversary able to create dictionary if discover system
Scheme 14: Control: Random characters
Learning any number of passwords is not an advantage to the adversary
Knowing the scheme not an advantage for adversary
Provable security
User not required to create anything by themselves, just memorize
Very difficult to memorize
No cue, no linking of the specific password with its specific site
No rehearsals, likely user will forget passwords not often accessed
Scheme 15: Mnemonic scheme plus street address
Includes numbers and capital letters
Takes advantage of chunking
Not necessary for phrase to be specifically “good” (as in, includes other character sets)
New phrase, new street address needed for each new password
User must think of phrases
User will run out or reuse street addresses
Requires password change every 6 weeks
No cue, no linking of the specific password with its specific site
Passwords follow pattern: numbers in the same location, last letter most likely A(venue), S(treet), L(ane), R(oad) or D(rive)
Security |
Usability |
Other Examples |
Examples provided by site |
Scheme |
Usability and Security from Gut Feeling Scale: 10 is best, 0 is worst |
0 |
10 |
|
-- |
1 |
Control: Just Hit Enter |
2 |
9 |
12amazon34 (same user) 12yahoo34 |
**amelolynneon** (three users) ASDFYHAO GMLT10AMA |
2 |
Base Password plus Derived |
3 |
8 |
passwordA1! (same user) B2@password A1!passwordB2@ |
42*G00dTimes (same user) G00dTimes*42 42*G00d#23Times |
3 |
NIST Base Password plus Modification |
9 |
7.5 |
canning rib signing patty fuming tiger searing rat chipping nail sipping waffle |
-- |
4 |
Base PAO (Person Action Object) |
9 |
7.5 |
administrator beastly hurry longbow bill extraterrestrial livid prescription |
-- |
5 |
Base Picture Scheme |
4 |
7 |
baseama=g%V (amazon) (same user) baseyahFgbi (yahoo) basegma4A<c (gmail) |
aMa229925! (amazon) (same user) 25!gMaxy76 (gmail) |
6 |
Base Password plus Derived plus Random |
5 |
6 |
Tw8Wrd$ Ps$8wrd |
Rp!n12Wng |
7 |
Combining Words Algorithm |
6 |
5.5 |
fi$H$tring EggD0g |
B@nkC@mera m4!lf0N3 |
8 |
NIST Combining Words Algorithm |
7 |
4 |
Titptmga. (This is the password to my gmail account.) Icrtpbiiap. (I can remember this password because it is a phrase.) Ttlshiwwya. (Twinkle, twinkle…) |
Ih2k:JaJ. (I have 2 kids: Jack and Jill.) IlteB&J'ic. (I like to eat Ben & Jerry’s ice cream.) N,tcoNJ'G! |
9 |
Mnemonic Scheme (phrase) |
7 |
4 |
Timp. (This is my password.) HaYOUt? (How are YOU today?) |
Pbmbval! (Please be my best valentine.) TitwcIhedimLIFE! Iady#1f. (I am definitely your #1 fan) |
10 |
NIST Mnemonic Scheme |
7 |
4 |
th1s.!s.my.Pa$$phr@$3 1ce,up0n,@,t1me |
2.be.0r.nOt@to0.bEE Dressed*2*the*9z |
11 |
NIST Altered Passphrase |
8 |
4 |
byywperdslftbsgnbe (ButterflY, YelloW, PurplE, ReD, SmalL....) |
-- |
12 |
Inkblots |
2.5 |
2 |
plK,p1nd (Plock, Poland) llt*b1v (El Alto, Bolivia) |
b1r.C2Zs (Beeler, Kansas) |
13 |
City, State pair |
10 |
1 |
kj”zH<~aJ5 L@uWf+8VQy |
-- |
14 |
Control: Random characters |
7 |
0 |
Tqbfjotld220MB (The quick brown fox jumps over the lazy dog. + 220 Main Building) Timp5000FA |
Yhdemr6321CA (Yes, her dog eats marble rye. + 6321 Carleton Avenue) |
15 |
Mnemonic Scheme plus Street Address |