There are two general approaches to password generation and management:
Password Managers which store passwords and have the flexibility to apply different complexity rules to each password or to store a pre-existing password - often required when a password needs to be shared between a team of people. The downside of the storage approach is that the password storage (file/database) needs to be managed carefully - secured, backed up and synchronised to all the devices where you will need to use the passwords. If the password store is lost or corrupted you will lose all the passwords! Destructive viruses such as CryptoLocker can also make a password store unreadable.
Password Generators which use a hash function, like the SS64 password generator, are easy to use and will repeatedly regenerate the same password when given the same inputs but they do have some limitations, the only way to change a password is to enter a different main password or a different salt value. All the generated passwords are the same length.
The capacity of a password can be calculated from length + complexity, to give a measure of password entropy. A password containing only upper- and lower-case characters has 52 possible characters in each digit, adding numerals and other characters will increase this further. Although the calculation of entropy uses a log function, doubling the password length will (approximately) double the entropy.
Entropy denotes the uncertainty in the value of a password and is conventionally expressed in bits. If a password of k bits is chosen at random there are 2k possible values
Complexity Password Length
Numbers
0-9a-z a-z, A-Z, 0-9 8 26 bits 37 bits 47 bits 10 33 bits 47 bits 59 bits 11 36 bits 51 bits 65 bits 12 39 bits 56 bits 71 bits 13 43 bits 61 bits 77 bits 14 46 bits 65 bits 80 bits 15 49 bits 70 bits 89 bits 20 66 bits 94 bits 119 bits 50 166 bits 235 bits 297.5 bits Adding keyboard symbols to the above ($£&^[];!@¢/\> etc ) can be used to further increase the complexity. Randomly including symbols will increase password entropy by around 10% and so is equivalent to making the password one character longer. Unfortunately, keyboards vary in the symbols they support and not all websites accept all characters, some will even silently remove them. Common substitutions such as E => 3 or S => $ are so well known that in practice they do nothing to improve security.
Maximum Time to crack a password based on its entropy:
Entropy Maximum Time to crack
at 350 billion guesses/Sec47 bits 0.223 Hours 59 bits 457.50 Hours 65 bits 3.342 Years 71 bits 213.92 Years 77 bits 13,690 Years 80 bits 109,527.95 Years 89 bits 56078315.93 Years. 119 bits 6.0213633 e+16 Years High password entropy will help to protect against 'old school' brute force attacks, but passwords like qwertyuiop or schoolofhardknocks or any common phrase or saying will still be less secure than a random string of the same length. This is because a rainbow table can be used to lookup almost any known phrase or pattern very quickly.
For non-random passwords the calculation of entropy can be modified by applying a set of rules to account for typical language patterns (Shannon Entropy). A Non-Random password will make the Maximum Time to crack much much shorter than any of the figures above.
NIST recommend 80 bits for the most secure passwords to resist a brute force attack. There is no definitive answer to the question of the minimum password strength required to avoid all types of attack; it is a moving target; over time we all need to use longer passwords.
Sensitive systems or situations will demand longer passwords, but high entropy long passwords containing random characters and numbers are more difficult for anyone to memorize. Truly secure passwords quickly become impractical unless you use software to automatically retrieve (or generate) the passwords.
Pass phrases (also known as Diceware) a long password consisting of several random words such as correct horse battery staple have been popularised by XKCD. Pass phrases don’t offer any significant advantage or disadvantage compared to a traditional password of the same entropy: Research paper (PDF). n.b. entropy is not the same as length, a 20 digit diceware password has lower entropy than 20 random characters. Novice typists may find the longer length difficult to type and they can exceed the maximum password length limitations of some websites.
Some badly coded websites only store the first 10 or 15 characters of a password, if a long password is silently truncated to correcthorse that’s suddenly a lot less secure than you would expect. Up until 2012 Microsoft Hotmail did this.
Good password management solutions should be able to cope when a website changes its URL e.g. signup.example.com changes to login.example.com
It is possible that an intruder could attack a popular password generator by passing a rainbow table of common passwords through the same hash algorithm to generate potential passwords in bulk. To prevent this, it is still important when using any password manager to choose the main password carefully, a long, random, difficult-to-guess string.
Many password managers offer browser plug-ins that will automatically fill-in password and other things like credit card details. Most password generators just generate the password and require you to copy and paste the password using the standard clipboard.
Some issues to consider with this:
- If you are using a machine that is compromised/has a key logger installed, then it may be possible to read the contents of the clipboard. Although if the machine is already compromised you are likely to have problems with any solution when entering a master password.
Websites accessing the clipboard were a serious problem when Adobe Flash was still in use.- If a password is left on the clipboard, you may inadvertently paste it somewhere else, revealing the password to 3rd parties.
- Plugins which auto-fill details have been known to go catastrophically wrong with some shopping cart pages: example where a $10 monthly subscription cost $2,023.
Although rarely enforced for website logins, there are some advantages to changing passwords on a regular basis. If the length of your password means that it could be brute force cracked in 50 days, then changing the password every 49 days makes it impossible for such an attack to succeed.
Conversely if the password is truly strong, there is little to be gained in changing it. Mathematically, moving from never changing one’s password to changing it at every single login attempt (pass or fail) will on average only double the number of attempts it would take to brute force the password. In comparison, adding a single extra character to the password length will make it an order of magnitude more secure.
The one advantage of forcing password changes is that it makes it more difficult for people to reuse the same password on multiple sites.
If a sensitive password has been discovered by a third party, then changing it after 30 days will revoke that access, but in many cases, this will be locking the stable door after the horse has bolted, most organised attacks use the stolen credentials within 2-3 days.
If you do need to change passwords regularly then a password manager with an encrypted database will allow individual passwords to be changed as required.
A hash function is mathematically a one-way operation that cannot be reversed, however it is possible that someone could guess which password generator / hash function was used and could then form an attack by passing a dictionary of common passwords through that same hash function one at a time to generate thousands of potential passwords. If they manage to generate a match with the known password, then they have found the main password. A hash function that has been applied to commonly known words, names or numbers is therefore vulnerable to frequency analysis.
To prevent this, it is important when using any password manager to choose the main password carefully, a long, random, difficult-to-guess string that will not be in any dictionary or rainbow table. That just leaves the option of a brute force attack - trying every possible combination. From the figures above, you will see that a suitably long/strong main password will take years to brute force.
On-line services often provide a password restore function that can be used to reset the password. It is good practice to select complex answers to such security questions particularly if the 'true' answer would be very simple for an attacker to discover. Password reset answers should be managed just like actual passwords.
As shown by the 2014 celebrity photo leaks, even a strong password can be vulnerable to a targeted social engineering attack based on user name, security questions and reset/recovery options. One extra defence against this is to have a separate email address which is not tied to your identity in any obvious way and is used only for website logins. So, for example you might have Joe.Bloggs@outlook.com as your real email address and Fred.Flintstone@gmail.com used only for logins.
| Password Hash (Stateless) | Password Store (requires database sync & backup) |
|---|---|
SS64 Extra Strong Password Generator - JavaScript password generator that creates passwords for several popular websites in one step + a custom option for others. SS64 15 digit Password Generator - As above but shorter and with a visual display on screen, for websites that ask for digit 4 + digit 7 etc |
KeePass Password Safe Port for Windows, Linux and MacOS: KeePassXC. |
| Master Password App Stateless password generator, versions for: iOS, MacOS, Homebrew, Desktop (Java), Terminal (C), Android (Beta) and Web (Beta) Passwords are encrypted using scrypt. Master Password also implements a hybrid solution allowing you to save custom passwords in the app. Free software licensed under the GPLv3 By default, MasterPasswordApp creates 14-character passwords |
Pass - A Unix and Mac (homebrew) command line password manager. The very active community has produced many clients and GUIs for other platforms as well as extensions for pass itself. $ pass generate Email/example.com 15 The generated password to Email/example.com is: $(-Qs&Q=IN4nFBx Free software licensed under the GPLv2 |
| Pwdhash (MD 5 hash) A JavaScript password generator from Stanford security lab. Creates domain-specific passwords with defence against password phishing scams. The default password length is proportional to the length of the main password chosen. Supported on: IE, Firefox, Chrome, Safari and anything else that can run a web browser. |
Bitwarden Windows, macOS, and Linux, web browser extensions, apple iOS and Android clients and secure cloud sync. Command-line interface also available. Open source code. Free for individuals, Teams require a licence. |
| PfP: Pain-free Passwords (SHA-1 hash) An open-source JavaScript password generator. Installable (requires node.js) and online versions available. Like PasswordMaker above, this has configurable length, complexity and a revision no. The cost of this is having to remember all the options you have chosen in order to regenerate the same password. By default Easy passwords creates 16-character passwords with symbols. |
PasswordSafe (free download) Free open-source software that encrypts passwords in a storage database. Created by Bruce Schneier and Counterpane Labs for Windows and Linux. This is a popular option with Linux users. To sync between devices either copy the password database manually or use cloud storage. By default, PasswordSafe creates 12-character passwords. Supported in: Windows, Linux, Password Gorilla (cross platform port). |
| Labnol/CtrlQ - A free JavaScript/jQuery password generator. Passwords are variable length and include punctuation charaters (@#&>'*\[%]=;+^) which might not be accepted on all websites. github (bcrypt hash) | Padloc An open-source password generator for Chrome, iOS and Android. By default, Padloc creates 10-character passwords but this is fully customisable, so can be adjusted to the needs of individual websites. Free for up to 50 passwords. The passwords are stored on the device and can optionally be shared/synchronised between devices using Padlock Cloud. |
Secrets.app |
|
| 1Password A commercial application that encrypts passwords in a storage database. It has a browser plug-in to automate website logins, a strong password generator and an option to sync between devices. Now only available as a subscription service. Integration with cryptocurrency tokens and NFTs via Solana wallet. The CLI option has to be used with caution. By default, 1Password creates 20-character passwords but this is fully customisable. Supported on: MacOS, Windows, Linux, iOS, Andriod (read only). |
|
| RoboForm A commercial application that encrypts passwords in a storage database. Strong support for Enterprise features. It has a browser plug-in to automate website logins and a strong password generator. The passwords are encrypted and stored on individual clients or optionally on a USB Flash Drive. By default RoboForm creates 8-character passwords but this is customisable via policy. Supported on: Windows, Firefox, Internet Explorer, Chrome, Safari, iPhone, iPad, Android, Blackberry. |
“I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them” ~ Jesper Johansson (Microsoft)
A really strong password is one that nobody else has ever used - Joseph Bonneau (University of Cambridge)
NIST password recommendations (PDF)
Let them paste passwords - The UK National Cyber Security Centre.
zxcvbn - Realistic password strength estimation
Kerckhoffs’s principle - A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Password entropy does not improve security Florida State University (PDF)
Research paper on browser-integrated password managers
Tavis Ormandy on Password Managers - Tavis recommends your Browser’s password manager, but that restricts you to one web browser.
XSS risks around bookmarklets.
GPU computer clusters can cycle through as many as 350 billion guesses per second.