The term password strength is a security measure of passwords. The necessary quality of the password depends on how well the password system limits attempts to guess a user's password, whether by a person who knows the user well, or a computer trying millions of possibilities. In a cryptographic context, the terms can have considerable precision. For example, passwords generally are not suitable for use as encryption keys. However, note that even a 'strong' password may still be stolen, tricked, or extorted from a user, collected from a keyboard logger, intercepted in transit, or otherwise discovered by another person.

Weak passwords

A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes. Passwords that can be easily guessed by acquaintances of the user, such as a birth date and pet's name, are also considered weak.^[1]

Examples of weak passwords include:

• admin -- too easily guessed
• 1234 -- too easily guessed
• abc123 -- too easily guessed
• susan -- common personal name
• password -- trivially guessed, used very often
• p@$$\/\/0rd -- leet speak and other simple letter ciphers are pre-programmed into cracking tools
• rover -- common name for a pet, also a dictionary word
• 12/3/75 -- date, possibly of personal importance
• December12 -- Using the date of a forced password change is very common
• nbusr123 -- probably a user name, and if so, very easily guessed
• asdf -- a sequence of adjacent letters on many keyboards
• qwerty -- a sequence of adjacent letters on many keyboards
• aaaa -- repeated letters, can be guessed

This short list is a very small sampling; there are many other examples that are considered weak for the same or similar reasons.^[2] Additionally, any password that has been published as an example may be considered weak, simply on the basis of its publication.

3.8 percent of passwords are a single word found in a dictionary, and another 12 percent are a word plus a final digit; two-thirds of the time that digit is 1.^[3]

Many users do not change the default password that comes with many computer security systems. Lists of default passwords are available on the Internet.^[4]

A password might be guessable if a user chooses an easily-discovered piece of personal information (such as a student ID number, a friend's name, a birthday, a telephone number, or a license plate number). Personal data about individuals are now available from various sources, many on-line, and can often be obtained by someone using social engineering techniques, such as posing as an opinion surveyor or a security control checker.

The greatest risk of using a short or guessable password is access or attacks from associates known to the user. While a pet's uncommon name or a favorite video game character will not be easily guessed by a complete stranger and is less likely to be found in a dictionary, a disgruntled friend has considerably fewer guessing options to go through and may well need no program assistance at all to be successful.

An example of a poor password against this sort of "known" attacker would be "19YaleLaw78", derived from the victim having graduated from Yale Law School in 1978. While eleven digits long and highly resistant to a brute force attack, the year of graduation from a prestigious professional school is something that any attacker familiar with the victim would know. Thus, while it might take a powerful computer months if not many years to randomly settle on 19YaleLaw78, a jilted business partner could possibly guess it within minutes with only a pen and paper to keep track of variations.

A password is often vulnerable if it can be found in a list. Dictionaries in machine-readable form are available for many languages, and there exist lists of commonly-chosen passwords. In tests on live systems, dictionary attacks are so routinely successful that software implementing this kind of attack is available for many systems.

A too-short password, perhaps chosen for ease of typing, is vulnerable if an attacker can obtain the cryptographic hash of the password. Computers are now fast enough to try all alphabetic passwords shorter than 7 characters, for example.

Departing employees, programmers and systems administrators often know widely disclosed passwords that are rarely changed. Easily guessed passwords may enable expensive losses through mischief, fraud or revenge.

Strong passwords

A strong password is sufficiently long, random, or otherwise producible only by the user who chose it, such that successfully guessing it will require more time than the password cracker is willing to use guessing it. The length of time deemed to be too long will vary with the attacker, the attacker's resources, the ease with which a password can be tried, and the value of the password to the attacker. A student's password might not be worth more than a few seconds of computer time, while a password controlling access to a large bank's electronic money transfer system might be worth many weeks of computer time.

Examples of stronger passwords include:

• t3wahSetyeT4 -- case-sensitive and alphanumerics
• 4pRte!ai@3 -- case-sensitive, alphanumerical, punctuation and one "special" character
• MoOoOfIn245679 -- case-sensitive, alphanumerical
• Convert_100£ to Euros! -- phrases can be long, memorable and contain an extended symbol to increase their strength, but some weaker password hashing methods may be subject to frequency analysis
• 1382465304H -- a string of numerals ending with a letter
• Tpftcits4Utg! -- A mixture of varying-case letters, one numeral, and punctuation. It is memorable as an initialism of "The password for this computer is too strong for you to guess!"
• 5:*35pm&8/30 --Cell phone time and date with two random "special" characters
• EPOcsoRYG5%4pp@.djr -- incorporates a variety of elements including capitalization and special characters

Technically the above examples each have an information entropy (in bits) of more than 3. But as a practical matter, password strength may meet its strength objectives if the time needed to crack the password exceeds the time investment for cracking the password and/or if the protected information becomes obsolete before a cracking effort completes.

The longer the password and the wider the variety of symbol choices, the more intensive the password cracking effort (or well-matched the Rainbow table) must be to defeat the password, assuming that suitable password hashing and protection methods are in place. Furthermore, not using a single word in and of renders brute force attacks far less effective.

Note that some systems do not allow symbols or so-called "special characters" like #, @ and } in passwords, and in addition they may be hard to find on different keyboards. In such cases, simply adding another letter or numeral may offer equivalent security: alphanumerics with letters of one case provide a character set of 36, whereas case-sensitive alphanumerics provide a character set of 62.

The above examples, having been published in this article as password examples, are no longer good choices; examples from publicly-accessible discussions about passwords are obviously good candidates for inclusion in a dictionary to be used for a dictionary attack. However, beware that even "strong" passwords (by this limited criterion), and especially human-chosen passwords, are not equivalent to a strong encryption key, and should not be used as such, if for no other reason than that they contain no unprintable characters. Passphrases and password-authenticated key agreement methods have been used to address this limitation.

Another form of strong password is a made-up or partially random word(s) with varying capitalization and one or more numbers or symbols added. Passwords such as these, while being almost entirely alphabetical and easy for the user to remember, are very long and require a brute force password generator to test all letters in both cases as well as all numbers and keyboard symbols in each digit, as symbols and numbers are present somewhere in the word. As discussed in the below paragraph, this will handily defeat a brute force attack with realistic resources.

Passwords can be found by using so-called brute force password generators. In the simplest case, these are small programs that simply try all possible combinations. A 3 GHz processor can generate approximately 3 million passwords a second. A ten letter password such as '4pRte!ai@3', because there are about 95 keys available, is one of 95¹⁰ possibilities, which would take approximately 632,860 years to be found assuming purely random possible password generation. A password containing fifteen random upper-case letters would be just as safe (provided that the system in question was case-sensitive and allowed for the use of symbols) and might be easier for some people to remember and type.

One of the strongest password systems in widespread use is found at the log-in screen for the online roleplaying game World of Warcraft. The WoW log-in screen, while accessible from any computer running a copy of the game and thus highly vulnerable on its face to remote account access, allows for the use of "strong" and lengthy independent user names and passwords, both of which must be entered correctly at once and transmitted to the server for authentication. This transmission takes several seconds, with entry of the next combination only possible after rejection. This time to check a single entry is critical, as it makes brute force attacks on the log-in screen extremely impractical. However, World of Warcraft accounts have been routinely compromised by keyboard logger viruses.

However, certain weak password hashing methods can betray a password much more quickly by reducing the number of combinations needed or increasing the speed at which guesses may be rejected to crack an otherwise "strong" password. Further, certain precomputed tables such as rainbow tables can increase the cracking speed considerably.

A formula which calculates the number of possible passwords is: maximumCombinations = nrAvailableChars^{PasswordLength}. Using only the 26 lowercase letters and a password length of 7 characters the number of combinations is relatively small: 26⁷ = 8.03 billion combinations. This may appear large to some, but in a time when common computers can generate 3 million passwords a second, it will only take 45 minutes to find the password.

Passwords longer than 7 characters using non-dictionary words are therefore to be preferred in an attempt to use 'good' passwords. However, the majority of computer users don't observe such precautions, in part because they are hard to remember.

A simple example can be used to investigate the resistance of passwords to brute force search.^[5] Experimenting with this program will make clear that a password such as apple is very easy to discover, since it can be found in less than 30 seconds by an exceptionally simple approach.

Random passwords

The most secure passwords are long, random strings of characters, but such passwords are generally the most difficult to remember. For the same number of characters, a password is stronger if it includes a mix of upper and lower case letters, numbers and other symbols (when allowed). The difficulty in remembering such a password increases the chance that the user will write down the password, which makes it more vulnerable to a different attack (in this case the paper being lost or stolen and the password discovered). Whether this represents a net reduction in security depends on whether the primary threat to security is internal or external.

Forcing users to use system-created random passwords ensures the password will have no connection with that user and shouldn't be found in any dictionary. Several operating systems have included such a feature. Many also include password aging, requiring users to choose new passwords regularly, commonly after 30 or 45 days. Many users resent such measures, particularly in the absence of effective security awareness training. The imposition of strong random passwords may encourage users to write down passwords, store them in PDAs or cellphones, or share them with others as a safeguard against memory failure, increasing the risk of disclosure.

The following measures can increase acceptance of random password use, if carefully used:

• Create a training program. The initial advantages of random passwords need to be laid out for people. Also, update training for those found to disclose passwords.
• Reward users of random passwords by reducing the rate of forced password changes to periods longer than 3 months. Typically 4, 6 or 12 month forced password reset periods work. Spreading out the password change process may have an advantage to human memory processes.
• Compensate for disclosed passwords by building a vigilant account closure process for departing users and/or a process to show each user a last login notification banner.
• Automate a password reset system as a safety net. This will also reduce Helpdesk call volume concerning password resets. This must be done with care, however, because easily guessable password reset keys bypass the advantages of a strong password system!

Mnemonic passwords

Some users develop mnemonic phrases that generate seemingly random passwords—for instance, the first letter of each word. Another way to make "random" passwords more memorable is to use random words (see diceware) or syllables instead of randomly chosen letters.

Patterned passwords

Any pattern in a password makes guessing (automated or not) easier. As of October 2005, employees of the UK Government are advised to use passwords of the following form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example pinray45). This pattern is called an Environ password and is case-insensitive.

This pattern of alternating vowel and consonant characters causes the password to be pronounceable and thus more memorable. Unfortunately, such patterns severely reduce the password's information entropy, making bruteforce password cracking considerably more efficient.

Training

In large password files the awareness of password strength may be roughly measured by the time it takes to crack 50% of the password hashes present. With a large password file, using a standard Pentium 4 system, Microsoft password hashing techniques and an under-trained user group making password choices, it may be safely estimated that 50% of the password hashes will crack in less than two minutes. However, with careful attention to password strength advice, password choices can outlast the patience of a password cracking effort.

User training versus a cracking time metric for large user base password files:

Note: times are based on reports from authorized password cracking efforts that used John the Ripper, without a dictionary, on Microsoft LM Hashes, run on a Pentium 4, 2 GHz system. Only results from password files containing greater than 3,000 password hashes are included.

Pre-computed rainbow tables represent a determined computing investment. The greater the range of keys included and the length in password places covered, the greater the number of combinations to compute, and the greater the expense of time or money to obtain them.

Factors to consider

• Key space
• Investment in computer time
• Parallel computing team coordination
• Raw patience of a determined computing effort
• Predictive accuracy
• Encryption type
• Storage space
• Distribution or purchase costs

Rainbow Table Defenses

• Exceeding the password length of commonly available tables.
• Exceeding the keyspace of commonly available tables.
• Avoiding the use or exceeding the useful length of old hashing methods.
• Preventing the capture of password hashes.
• Using salts.

Passwords weakened by hashing vulnerabilities

Knowing which password hashing methods are used to protect your password can help you choose a more effective one. In this training example the effect of position in password selection is illustrated. Microsoft has updated its password hashing methods over time, but the LM hashing method often remains because of backward compatible features of newer Microsoft systems.

Training Samples to avoid.

Why are these sample passwords at risk?

• Each 7 places in a Microsoft LM password hash may be cracked separately.
• These passwords show unfortunate placement problems in LM hashing protection.

• LM hashing is only used by Microsoft for passwords of 14 places or less.
• Longer passwords will not be subject to backward compatible hashing weakness.
• By evading LM hashing, substantial improvements in cracking delay are added.
• An extra password place beyond 14 can frustrate a cracking effort by millions of years by avoiding LM password hashing.
• Such a plan can work even inside a network where shorter passwords are backward compatible to LM hashing.
• Support and use of LM hashes can be turned off if no pre-Windows 2000 systems are in use.^[6]

Guarding user passwords

Computer users are generally advised "never write a password down anywhere, no matter what" and "never use a password for more than one account." These maxims, while sound in theory, ignore the reality that an ordinary computer user may have dozens of password-protected accounts. The multitude of accounts often ends up with users having the same password everywhere. A user's attempt to comply will often result in many forgotten passwords, even for important accounts.

If passwords are written down, they should never be kept in obvious places such as address books, Rolodex files, under drawers or keyboards or behind pictures. Perhaps the worst, but all too common, method is a note near the computer. Better locations are a safe deposit box or a locked file approved for information of comparable sensitivity to that protected by the password. Software is available for popular hand-held computers that can store passwords for numerous accounts in encrypted form. Another approach is to use a single password for low security accounts and select separate, strong passwords for a smaller number of high-value applications such as online banking. Manual or offline forms of this approach are also in use. For example, a phone directory may be used to keep a map between computer accounts and password hints.

The problem of password overload is quite real. Certain IT professionals may manage from 25 to 250 privileged passwords at any one time. In such cases, some safe storage area for password hints, private key or encrypting password become unavoidable.

At a 2005 security conference, an expert from Microsoft was quoted as saying: "I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."^[7]

Whether it is worse to use weak passwords that are memorized or strong passwords that are written down can provoke fierce debate among experts. Practical security often requires balancing conflicting imperatives such as security requirements and human factors.

The problem was addressed in an interesting way by Steve Gibson during his "Security Now" podcasts with Leo Laporte; he suggested creating not a password, but a password algorithm that could be universally applied to a company name or other unique indicator. A simple algorithm, such as using every other letter from a name, would generate the password wkpda for a Wikipedia password; although this example is a fairly low-security password, minor variables to include numbers, capitalization and symbols can generate a password which is seemingly random, difficult or impossible to remember, but easy to re-generate at any time.

Rather than writing the passwords themselves, some write lists of cryptic clues to their own passwords that have relevance through personal experience. For example, if your favorite movie was Terminator and your cat's birthday was 2007-04-10 you could describe the password "terminator0410" as "Favorite movie cat is born without years".

In case that it may happen that you need to type the password while being abroad on a different PC, then consider that the PCs abroad may have a different keyboard layout than yours, and you should avoid passwords containing characters that are not present in other keyboard layouts.

Password discovery

Passwords can be discovered by watching as they are entered (shoulder surfing), burglary, extortion, blackmail, threats, or other methods. Information diving is surprisingly fruitful where sensitive printed data is discarded carelessly without being shredded; it is said to have contributed to the recent rise in identity theft. Approximate password length can be discovered even without shoulder surfing by simply counting keyboard clicks or noting finger motions. Research published by IBM in 2004 shows that each key on a keyboard has a distinctive acoustic signature, allowing keyed-in data, including passwords, to be recovered by analyzing recordings from a covert listening device or "bug." See: Acoustic cryptanalysis.

It is also possible for equipment located perhaps in a van parked outside a building to display the contents of screens in the building and intercept data sent to printers by picking up leaked electromagnetic radiation. Where the greatest security is required it is possible to protect locations against this type of attack, but it is not straightforward and must be done by expert professionals. One protection is to ensure that passwords are never displayed on screen under any circumstances, either when entering them or when creating lists or doing system maintenance.

Obtaining passwords by psychological manipulation of users described as social engineering. An attacker might telephone a user and say "Hi. Systems Control here. We're doing a security test. Can we have your password so we can proceed?" Systems administrators and other support staff will very rarely, if ever, need to know a user's password in order to perform their jobs. System administrators with "root" or superuser privileges can change the users' passwords without their permission, so they have no need whatsoever to ask for it. In addition, they will go out of their way not to ask for a password, precisely because they do not want to encourage the habit of giving passwords to anyone. Users do not generally appreciate that any of this is so, and are thus too often vulnerable to social engineering. Passwords should only be given to people who are known to the user and authorised to know the password.

Password Betrayal is a method that takes advantage of a mixed mode technique. It uses the combined effect of differing strengths of password hashing and people's habit re-using the same password many times. A classic example of password betrayal would be a person re-using the same password on two independent computer systems. On one computer system the strong password is strongly protected. But on the other computer system the password protection is easily defeated. The under-protected password is then re-used with other accounts known to belong to the same person. This password capture method can work even if the password is a strong or complex password choice.

Single sign-on solutions can be an advantage in reducing the risk of password betrayal. However, a person may access separate systems with differing password encryption strengths, password complexity rules, single sign-on product vendors and computer security vulnerabilities.

To help, a person can keep an index of which password is in use with multiple accounts. This strategy can mitigate this risk to some extent. The password use index allows the person to change groups of accounts with identical passwords as needed. But, a password use index should only contain obscure hints rather than actual passwords. Care should be taken to protect a password use index from easy duplication, sharing, exposure or capture.

Strong passwords not always needed

If system administrators require too much security, the result due to the human factor is often to decrease real security. Enforcing system-supplied passwords like hJdk74jNd#' encourages users to write their passwords down and keep them at hand.

Strong passwords require some thought to create and are often difficult to remember without notes. The inconvenience of creating, remembering, and typing in multiple strong passwords is, however, not justified in many cases. Services often enforce the use of login names and passwords when the user requires little or no security. E.g., strong security is as a practical matter unnecessary for many websites available to all without payment—product support, discussion forums, many wikis—and it is sufficient to use, and have to remember, the same login name and much the same password in these cases.

When mild security is required, simple, easily remembered passwords may be sufficient. These are cases where the user has little or nothing to lose, and a potential exploit would yield nothing of use.

Strong unique passwords which are computationally intractable are, on the other hand, highly advisable for sensitive sites such as banking, eBay, root login to servers, etc.

References

External links

• Choosing Good Passwords -- A User Guide.
• Password Policy Guidelines.
• Examples of common (and hence weak) passwords
• The Memorability and Security of Passwords -- Some Empirical Results (Study done by Cambridge University Computer Laboratory)
• Bruce Schneier (December 14, 2006). MySpace Passwords Aren't So Dumb.
• Rainbow tables
• Simple rules for choosing a good password
• SecurityStats's password strength meter
• Microsoft's Javascript password strength meter
• CertainKey's password strength meter, which includes information entropy (in bits) as a criterion of sufficient randomness
• Choose A Password password generator