Talk:Password

From Wikipedia, the free encyclopedia

Contents

[edit] Cypherpunk mention?

I wonder if a mention of cypherpunk would be appropriate.

[edit] minus biometrics

I've removed some information about biometrics from the article as it wasn't really about passwords, I'll be moving it to a new article about user identification. --Imran 00:50, 10 Jan 2004 (UTC)

Imran,
You are, strictly, correct. However, password is taken in practice by many of the (non security specialist) user community to be anything which is used as access control. Hence my comments. I was attempting to make the issue of adequacy of access controls explicit, and so to inform the reader on something that is almost always implicitly assumed to be sufficient. Security is an odd thing in that humans characteristically have considerable difficulty in even seeing it (a figure / ground problem I suspect) and when thinking about it, thinking clearly.
My comments were, thus, intended to inform where information was not even suspected to be needed. In a modest sense, of course!
Perhaps a revision of the articles in this area into something like 'access control' which is pointed at by password, biometrics, user identification, ... This would allow some discussion of meta issues not strictly belonging in any of the referencing articles. ??
ww

[edit] randomly generated passwords not good

The article said it was "sensible" for the system to give the user a randomly generated password. Please don't write such things. Don't treat the users as pawns that exist to serve the computer system. It is the other way round. Sorry for venting. Been bitten by this attitude more than once in real life.

Anyway the above is just one example of the fact that this article has a non-obvious type of POV: a security-POV. It assumes that the computer security is the most important thing in the world and everything else is secondary. A perfect example is the last paragraph: If even the smallest possibility exists that the password has become known to anyone other than those to whom it 'belongs', it should be considered compromised, and immediately changed. This is obviously never the case in reality, for no-one can expend infinite amounts of resourced in securing computers, and there's always a tradeoff between the level of security you get and users' productivity.

I'm starting to get the feeling that many other security articles also have this POV. It is no more acceptable than other types of POV, and needs to be fixed. -- Arvindn 03:54, 18 Apr 2004 (UTC)

Arvindn, If security is not the point of using passwords, why bother. If you bother to use them at all, then any chance of compromise ... Not clear this is POV at all for anyone using passwords.
As for the 'sensible' comment, you are not the only one to have been bitten by this. VMS (and other operating systems) had/has(?) an auto password generation option. Every single user I had hated it when we required them to use it after 'too many' passwords got loose. That should be read, by the way, as 'we learned of too many'. How many actually got loose was and remains unknown. It was experience speaking there. And the intent was to convey that '...from an ideal security perspective...' etc. Reword as desired to make this clear if the original intent is acceptable. I agree with the bold faced sentiment, and in the VMS experience noted here, was implementing policy from above.
I considering writing a paragraph or two on adequate alternatives to such passwords, but figured that I'd catch flak for being too long winded. Would you think such a para or two would be appropriate?
ww 17:43, 18 Apr 2004 (UTC)

[edit] UID assigned from username/password combo

IIRC, user rights are determined per UID, and UID is given from a unique username/password combo. On the first UNIX systems (and on some current ones), you may very well have (hopefully) different passwords for the same username, resulting in multiple UIDs.

[edit] "Writing down passwords" suggestion

I removed the following text:

A possible way by which one could get away with having one's password written down would be to have it written in a place in a list of false passwords. If one uses a weak password, the list should be full of false week passwords. If one uses a strong passwords, false strong passwords should be used. Thus, instead of having to recall a seemingly random alphanumeric string, one needs only remember what login goes with which password. Numbering the list can help with that. However, this measure should be taken if there is no other way for the user to remember his or her password.

I don't think this is good advice. If you have a list of passwords and non-passwords, you are dramatically reducing the number of passwords that need to be checked. "Never write down a password" is better and more straightforward advice. --Huppybanny 21:54, Aug 16, 2004 (UTC)

I agree with this removal (in fact, I'd planned to do it myself when I came in today...); has any security expert endorsed this idea? — Matt 23:41, 16 Aug 2004 (UTC)
I agree having a list of false passwords does not provide good cover and is not significantly more secure than having the password written down. However, "Never write down a password" is not strictly correct. It depends on your threat model. Peter 03:38, 18 Aug 2004 (UTC)
Indeed; writing down your password can provide better security in many situations. Schneier: "You can't memorize good enough passwords any more, so don't bother. Create long random passwords, and write them down. Store them in your wallet, or in a program like Password Safe. Guard them as you would your cash." (emph mine) [1] — Matt 02:29, 19 Aug 2004 (UTC)
Matt, Much as I admire Schneier, I think he's wrong on this. Password Safe (his freeware password database program) is probably very good and all, and 'long random passwords' are certainly good in many respects, but anything which lets the user shuffle off his responsibilities to safeguard these little chunks of key data to something or someone else is wrong psychologically. Even if PSafe were to be perfect, it would still be bad advice. We h sap don't do this sort of stuff very well, and apparently need have our noses rubbed in it more or less continuously to do even as well as we can. Peter's observation above about dependence on your threat model is quite relevant. Missing in Schneier's comment, and exceptionally hard to sensibly apply, but quite relevant. ww 16:34, 20 Aug 2004 (UTC)
Well, it does depend on the threat model. We're happy to carry around keys to things like cars and houses on our person; this is considered an acceptable risk, even though there's a chance the keys could be stolen. In many cases passwords protect less valuable information (think Hotmail). For these cases, why is it a horrendous security failing to write down a password and keep it in your wallet? There's a compelling argument to use an unguessable password stored in your wallet rather than memorise a guessable password. Regardless, getting back to the article, we clearly need to modify statements such as "most observers regard written down passwords as necessarily insecure". — Matt 07:13, 21 Aug 2004 (UTC)

[edit] Diceware

Perhaps we should mention diceware?

This is the best system for producing a strong password:

  • Diceware can provide very strong passwords.
  • The password/passphrase is fairly easy to remember.
  • The password/passphrase is truly random.
  • It is possible to quantize the strength associated with a diceware password.

The only drawback of diceware is that the passwords are quite long. They take longer to type. So it works best for high-security situations (such as protecting a private PGP key).

This is my first time contributing to Wikipedia. I want to make sure I don't step on anyone's toes. Would it be alright if I add a Wiki page about diceware and then add a section to the Password page about diceware?

Go for it, your contribution would be very welcome! I'd encourage you to try and write in a neutral fashion about Diceware (even though it's great) — try and avoid advocacy, if you can. If you need any help on formatting / other queries, I'd be glad to help. — Matt 02:19, 19 Aug 2004 (UTC)
Dcarrera, Always glad to see bravery in those new to WP! I second Matt's comment (Go for it!), and agree with his observation about P(oint)O(f)V(iew). An example of such is "This is the best system for producing a strong password:". A point which would be hard to defend against a claim of POV. Some attention might also be paid to the "...password is truly random." observation. This is a veritable tarpit of confusion, trapping many insufficiently suspicious folk, probably because of the many oh so tempting! (but wrong) ways of thinking about random and randomness.
But on the question of password choice, usability is relevant in real world situations (see Arvindn's comment above), and must be considered lest users rise up and lynch the system admins for making their lives secure, but hell on earth otherwise. When people are involved, sensible security design becomes something of a black art and requires the patience of Job, the knowledge/perspective of a Turing, the ruthlessness of a Bismark, and the luck of the Irish. Since these are seldom available simultaneously, security design in the real world becomes the art of the possible. An infuriating situation for those who like clarity, logic, and finality. Much like herding cats, really.
Don't worry over much about stepping on toes. By getting involved here, you agree not to object, and so did everyone else. It's good for egos which need a little reshaping. Nonetheless, it's an interesting place, and I applaud your concern for others. It's a trait WP needs more of, albeit while being BOLD in editing. If you're interested in security and crypto (not quite the same things, mostly) you might wish to check in at Wikipedia:WikiProject Cryptography to see how things are (somewhat) organized in the WP crypto corner. ww 16:29, 20 Aug 2004 (UTC)

[edit] Randomness a good thing?

Ignoring for the moment, the problem of computer generated random numbers, is total randomness in a password inherently good? Here's my thought. If a password is used that is highly random in nature, a file search for entropy would detect it if in a file. Also, the more random the password is, the less chance of remembering that password. From an admin standpoint, is it better to reset passwords when forgotten, or to have fewer helpdesk tickets?

One thing I have done is tried to teach how to come up with strong passwords, that meet arbitrary password criteria/limits/etc, that CAN be remembered. There are very few resources online that help typical users come up with passwords. The article does so, but only one such technique.

First time on WP. :) Hope it works.

Regarding storage of random passwords, you could store the password information in a very redundant form if you were worried about an attacker searching for it specifically. In actual systems, passwords are normally stored hashed anyway, so if you've chosen a sufficiently strong password it's unlikely to be recovered by an attacker if the password file is compromised. — Matt Crypto 13:20, 10 November 2005 (UTC)

[edit] Writing down password - security flaw or not?

It appears that Microsoft's Jesper Johanssen thinks that users should write down passwords. See [2]. Perhaps we should note this? - Ta bu shi da yu 07:24, 9 Jun 2005 (UTC)

We already do. See "Likelihood that a password can be remembered." Wikipedia had this advice before Mr. Johanssen's remarks. --agr 10:43, 9 Jun 2005 (UTC)

[edit] اعادة تعين كلمة المرور

اعادة تعين كلمة المرور

[edit] Giving out default password lists

In the main article, 2 links to webpages that list default passwords are given, is this not dangerous to put this out into the public arena, may some doofus kiddy pick it up and try and use it to hack into cpanels, wireless networks etc.

It's not clear that such links are very encyclopedic, and might be deletable from WP on those grounds alone. Hawever, the underlying problem noted here both is, and isn't, serious. Default passwords will be required in any software distributed in large numbers as customization at the vendor will be uneconomic for them. Given this, there is, first, that any sysadmin who leaves any default passwords active on a system is foolish, perhaps even incompetent, and probably overworked. They're an open door for those inclined to mischief or worse. Second, since more than a few sysadmins don't actually change some or all default passwords, since vendors don't always make finding them even remotely straightforward, and since ..., the possibillity of a doofus script kiddy picking up such a list does pose some potential problems. Unfortunately such problems shouldn't exist (sysadmins should do their jobs) and can't be prevented by keeping widely spread information from the doofuses of the world (malicious or otherwise).
There is some controversy about whether security goofs (as such lists might be regarded) should be publicized or not. Advocates suggest that it encourages vendors to fix problems. Opponents (including many vendors) disagree, thinking something like Security through obscurity, and they have gotten some statutory support (eg, in the US, the DMCA) for their position. Even some security organizations (eg, CERT) have taken the position that reported security flaws should not be added to publicly available lists until the vendor has addressed them.
No easy answer, in practice. ww 06:23, 16 October 2005 (UTC)

[edit] Please clarify recent edit

"A suficiently long password, and a sufficiently good hash algorithm have made this a reasonable strategy in many cases as the work factor imposed on such an attakcer can be made impossible in practice." Not sure what is meant.--agr 01:39, 25 May 2006 (UTC)

AR, Was attemtpting to revise/rescue previous edit. Took its meaning to be an attemtp at an historical comment on previous techniques of protecting passwords (a la early *nixen prior to shadow password file technique). Not satisfactory, I agree. Can you suggest something better that preserves what was (perhaps?) meant by prior edit? ww 03:41, 25 May 2006 (UTC)

[edit] External links section

I think the external link section is getting out of hand. There are a large number of links to password generation programs, many of questionable technical merit. We have a separate page on random password generation, so maybe we should remove password generation links from this article. --agr 20:26, 9 June 2006 (UTC)

I removed the "One Thousand Passwords" link @ <http://www.fatburen.org/joakim.olsson/one-thousand-passwords.html> - users who access this article may be falsely led to believe that these passwords provide excellent security. If they weren't permanently posted on a website, they would provide decent security; unfortunately, they *are* permanently posted on the website and are *not* re-generated for each person who hits the page. There are enough password generators out there so that if someone really wants a unique password, they can get one created exclusively for them. Sarah 19:22, 27 July 2006 (UTC)

[edit] Python / obfuscation

For additional security, many of the larger websites like Yahoo and Google utilize a language called Python in controlling and maintaining secrecy of the pages they dynamically serve to the browser by completely obfuscating any reference to file names in the URL that appears in the address window of the browser.

This idea is surely not restricted to Python. Also, what exactly is this alleged obfuscation, anyway? - furrykef (Talk at me) 06:22, 8 July 2006 (UTC)

I concur with this comment. If this can't be filled in, we should remove it. ww 15:54, 8 July 2006 (UTC)

[edit] What does it mean to "know" a password?

What does it really mean to say that "those wishing to gain access are tested on whether or not they know the password"? For the purposes of my argument, a PIN is easier: I happen to know every number between 0000 and 9999. That is, I know every four digit PIN. Does an automatic teller machine really want to test whether I "know the PIN"?

So, strictly speaking, it's more a question of whether the person can supply the correct password (within various constraints such as the number of attempts in a certain time period). Or perhaps it's whether I "know" the relationship between the particular system I'm trying to access and the particular password.

Of course, this is subtle, and some (especially those not involved in epistemic logic) might think it's too pedantic to worry about. Does anyone think it's worth making the point on the article page? Maybe someone could suggest a page that would be more appropriate for such a point.

John Y 07:43, 6 August 2006 (UTC)
I think you are correct that "knowing a password" is an assertion that string a is a valid password for system A and one can only claim that without knowledge of the password the probably of successfull access with in some time or number of tries window can be made arbitrarily small but not zero. There is always the possibility of a successful guess. --agr 14:01, 9 August 2006 (UTC)
Knowing a password is usually not enough: one has to know the password. A pedantic explanation would explain that even though you already may already know every number between 0000 and 9999, you do not know which one is the PIN in question. I don't think it is necessary to explain the meaning of the, at least not in this article. DRLB 18:37, 9 August 2006 (UTC)

[edit] Designing a personal user friendly password

I'm a little concerned about this. There are many good software applications which are capable of storing passwords securely.(eg Password_Safe Yet none are mentioned. Instead people are told to use common phrases which can easily be brute forced. Why is there no mention of incorporating symbols, ASCII Characters. Would it not add merit to the article to explore writing a better password? RLaudanski 21:58, 26 August 2006 (UTC)

[edit] Masking

The article does not mention "password masking", that passwords usually are masked with a character such as ***** or ●●●●●, but when logging on at Unix system, it doesn't output any masked characters.

Password masking is mentioned here. Tra (Talk) 16:49, 14 October 2006 (UTC)