Password strength

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.
Using strong passwords lowers the overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the authentication factors. The first factor is the main focus of this article.
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secured with relatively simple passwords. However, systems store information about user passwords, and if that information is not secured and is stolen, user passwords can then be compromised irrespective of password strength.
In 2019, the United Kingdom's NCSC analyzed public databases of breached accounts to see which words, phrases, and strings people used. The most popular password on the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while the top five included "qwerty", "password", and 1111111.

Password creation

Passwords are created either automatically or by a human; the latter case is more common. While the strength of randomly chosen passwords against a brute-force attack can be calculated with precision, determining the strength of human-generated passwords is difficult.
Typically, humans are asked to choose a password, sometimes guided by suggestions or restricted by a set of rules, when creating a new account for a computer system or internet website. Only rough estimates of strength are possible since humans tend to follow patterns in such tasks, and those patterns can usually assist an attacker. In addition, lists of commonly chosen passwords are widely available for use by password-guessing programs. Such lists include the numerous online dictionaries for various human languages, breached databases of plaintext and hashed passwords from various online business and social accounts, along with other common passwords. All items in such lists are considered weak, as are passwords that are simple modifications of them.
Although random password generation programs are available and are intended to be easy to use, they usually generate random, hard-to-remember passwords, often resulting in people preferring to choose their own. However, this is inherently insecure because the person's lifestyle, entertainment preferences, and other key individualistic qualities usually come into play to influence the choice of password, while the prevalence of online social media has made obtaining information about people much easier.

Password guess validation

Systems that use passwords for authentication must have some way to check any password entered to gain access. If the valid passwords are simply stored in a system file or database, an attacker who gains sufficient access to the system will obtain all user passwords, giving the attacker access to all accounts on the attacked system and possibly other systems where users employ the same or similar passwords. One way to reduce this risk is to store only a cryptographic hash of each password instead of the password itself. Standard cryptographic hashes, such as the Secure Hash Algorithm series, are very hard to reverse, so an attacker who gets hold of the hash value cannot directly recover the password. However, knowledge of the hash value lets the attacker quickly test guesses offline. Password cracking programs are widely available that will test a large number of trial passwords against a purloined cryptographic hash.
Improvements in computing technology keep increasing the rate at which guessed passwords can be tested. For example, in 2010, the Georgia Tech Research Institute developed a method of using GPGPU to crack passwords much faster. Elcomsoft invented the usage of common graphic cards for quicker password recovery in August 2007 and soon filed a corresponding patent in the US. By 2011, commercial products were available that claimed the ability to test up to 112,000 passwords per second on a standard desktop computer, using a high-end graphics processor for that time. Such a device will crack a six-letter single-case password in one day. The work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs. Special key stretching hashes are available that take a relatively long time to compute, reducing the rate at which guessing can take place. Although it is considered best practice to use key stretching, many common systems do not.
Another situation where quick guessing is possible is when the password is used to form a cryptographic key. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data. For example, one commercial product claims to test 103,000 WPA PSK passwords per second.
If a password system only stores the hash of the password, an attacker can pre-compute hash values for common password variants and all passwords shorter than a certain length, allowing very rapid recovery of the password once its hash is obtained. Very long lists of pre-computed password hashes can be efficiently stored using rainbow tables. This method of attack can be foiled by storing a random value, called a cryptographic salt, along with the hash. The salt is combined with the password when computing the hash, so an attacker precomputing a rainbow table would have to store for each password its hash with every possible salt value. This becomes infeasible if the salt has a big enough range, say a 32-bit number. Many authentication systems in common use do not employ salts and rainbow tables are available on the Internet for several such systems.

Entropy as a measure of password strength

Password strength is specified by the amount of information entropy, which is measured in shannon and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. A related measure is the base-2 logarithm of the number of guesses needed to find the password with certainty, which is commonly referred to as the "bits of entropy". A password with 42 bits of entropy would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with 42 bits of entropy would require 2⁴² attempts to exhaust all possibilities during a brute force search. Thus, increasing the entropy of the password by one bit doubles the number of guesses required, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.

Random passwords

Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set, syllables designed to form pronounceable passwords or even words from a word list.
The strength of random passwords depends on the actual entropy of the underlying number generator; however, these are often not truly random, but pseudorandom. Many publicly available password generators use random number generators found in programming libraries that offer limited entropy. However, most modern operating systems offer cryptographically strong random number generators that are suitable for password generation. It is also possible to use ordinary dice to generate random passwords. Random password programs often can ensure that the resulting password complies with a local password policy; for instance, by always producing a mix of letters, numbers, and special characters.
For passwords generated by a process that randomly selects a string of symbols of length, L, from a set of N possible symbols, the number of possible passwords can be found by raising the number of symbols to the power L, i.e. N^L. Increasing either L or N will strengthen the generated password. The strength of a random password as measured by the information entropy is just the base-2 logarithm or log₂ of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password's information entropy, H, is given by the formula:
where N is the number of possible symbols and L is the number of symbols in the password. H is measured in bits. In the last expression, log can be to any base.
A binary byte is usually expressed using two hexadecimal characters.
To find the length, L, needed to achieve a desired strength H, with a password drawn randomly from a set of N symbols, one computes:
where denotes the mathematical ceiling function, i.e. rounding up to the next largest whole number.

Human-generated passwords

People are notoriously poor at achieving sufficient entropy to produce satisfactory passwords. According to one study involving half a million users, the average password entropy was estimated at 40.54 bits.
Thus, in one analysis of over 3 million eight-character passwords, the letter "e" was used over 1.5 million times, while the letter "f" was used only 250,000 times. A uniform distribution would have had each character being used about 900,000 times. The most common number used is "1", whereas the most common letters are a, e, o, and r.
Users rarely make full use of larger character sets in forming passwords. For example, hacking results obtained from a MySpace phishing scheme in 2006 revealed 34,000 passwords, of which only 8.3% used mixed case, numbers, and symbols.
The full strength associated with using the entire ASCII character set is only achieved if each possible password is equally likely. This seems to suggest that all passwords must contain characters from each of several character classes, perhaps upper and lower-case letters, numbers, and non-alphanumeric characters. Such a requirement is a pattern in password choice and can be expected to reduce an attacker's "work factor". This is a reduction in password "strength". A better requirement would be to require a password not to contain any word in an online dictionary, or list of names, or any license plate pattern from any state or country. If patterned choices are required, humans are likely to use them in predictable ways, such as capitalizing a letter, adding one or two numbers, and a special character. This predictability means that the increase in password strength is minor when compared to random passwords.
Password Safety Awareness Projects
Google developed the online interactive game Interland to teach children online safety, covering topics like cyber bullying, basic hacking, and information security. On the chapter called Tower Of Tresure, for example, it is advised to use unusual names paired with characters like with a game.