In light of the data breach at LinkedIn last week, in which 6.5 million unsalted SHA-1 hashes of account passwords were leaked publicly, we thought this would be a good opportunity to remind users about best practices for managing passwords online in order to stay safe. In particular, we want to emphasize that users should never re-use passwords across multiple accounts, and that using a password safe provides an easy way to manage lots of strong passwords across multiple online accounts. We understand there are trade-offs between secure password management and convenience; we think a good balance is achieved by using a password safe for at least the vast majority of online accounts, with the option to memorize a few strong and distinct passwords for the cloud services one needs to access most frequently and from new devices.
What's the consequence of the LinkedIn leak?
The leak doesn't directly tell attackers LinkedIn users' passwords, but it enables a trivial and fast way for attackers to confirm their guesses about passwords, and to check exactly which LinkedIn accounts use a particular password. For example, an attacker can instantly get a list of any and all LinkedIn users whose password was "password123", "secret", or any other term. More significantly, this process can be automated to quickly check quadrillions of possible passwords: every word in every language, forwards and backwards, with various digits at the end; every two- or three-word English phrase; every Bible verse or line from Shakespeare, or every citation to any of these; and much more. It's also straightforward for attackers to try every short sequence of letters, whether it's meaningful or not.
This is significant because attackers actually do these things whenever a password database like LinkedIn's gets leaked. In fact, because of LinkedIn's failure to use a salt (which would make the password-checking algorithm more specific to the site or to each individual user), attackers can simply compare the database against pre-computed versions of all of the above, and more, quickly getting an exhaustive list of exactly who has used every guessable password, in an extremely broad sense of "guessable".
Why is it so bad to reuse passwords?
At first blush, you might think that changing your LinkedIn password is sufficient to stay safe. However, if you re-use the same password for other online services, you are at risk for all of those services so long as a data breach occurs in any of them and your password is revealed. That's because attackers love to re-try cracked passwords with known or guessed usernames on other sites. In this sense, your security across all web services for which you use a given password is only as strong as the weakest link. As a concrete example, if you use the same password for LinkedIn, Gmail, and Bank of America, then it is critical that you change your passwords for the latter two websites, else there is a good chance your Gmail and Bank of America accounts could be compromised.
This is widely believed to be one of the most common ways by which accounts on very security-conscious web sites get cracked and the accounts broken into: because users have used the same password on some other site which gets penetrated in a way that reveals their password.
Does altering my username make me safe even if I use the same password?
The short answer is no. Any data breach that occurs could include enough personally identifiable information that an attacker could figure out your username for different web services.
How do I manage different passwords for each account?
We know it's hard to remember a different password for every account, since many web users have dozens or even hundreds of different accounts.
To address this difficulty, you can use a password safe — a program that runs locally on your computer and stores passwords securely. These exist as standalone applications such as KeePass (which is available in different flavors for Windows, OS X, Linux, Android and iOS), or OS X's Keychain, and there are also password safes in many browsers. When you use a password safe, you no longer have to memorize these passwords, and so it becomes feasible to store dozens or hundreds of passwords. Instead, you just remember one password to unlock the password safe.
What if I need to access online services from multiple devices?
It's very easy to transfer a password safe database between devices using a USB flash drive. Or you can store your password database in the cloud. Indeed, since good password safe databases are themselves encrypted (e.g. KeePass), you can safely also upload the database to a cloud storage service, allowing you to download the encrypted database to multiple devices, which you can subsequently unlock and decrypt with your password.
If there are a handful of devices you use all the time, just be sure to transfer the password safe database to each of these devices. This is a minor inconvenience, but the security gain of using a password safe far outwieghs this inconvenience. Moreover, backing up your password safe minimally to a USB flash drive or a cloud storage service is a good idea, so that you don't lose all your passwords if a single device crashes. Finally, some password safe programs can do a secure network-based sync across multiple devices, so updating the password safe on one device will allow the new passwords to propagate to other devices.
What about services that I need to access from new devices? For example, traveling abroad and needing access to my Gmail account from an Internet cafe?
The safest solution in this case arguably is still to carry a USB flash drive, so long as you can keep it secure. However, it may make sense to memorize a few strong passwords for high-value cloud services that you use all the time for situations like this. It is important to emphasize that accessing cloud-based services from an Internet cafe is very risky, since there could be a keylogger on the computer that steals your password. We recommend changing your password whenever you have to access such an Internet service from an untrusted computer.
In the particular case of Gmail — as well as some financial institutions and some employers' networks — you can also enable an extra security feature called two-step (or two-factor) authentication. This requires you to provide an extra piece of information when you log in, based on data stored separately in a mobile phone (or a smart card). By adding a requirement to have a particular object on top of the requirement to know a particular password, you can get a greater level of protection against attacks like keyloggers if you have to log in from an untrustworthy computer. Although this makes logging in more effort, it can make you dramatically safer.
How frequently should I change my password?
It's typically more important not to re-use passwords across accounts than it is to change them. Don't let recommendations to change your passwords become a reason to re-use a password in multiple places. That said, it's good practice to change passwords from time to time. Very roughly, one should consider changing passwords annually, but this is not a one-size-fits-all problem. If you are frequently typing in a password on an untrusted device, or if you are accessing a high-value service, changing more frequently is a good idea. In particular, you always want to change your password if there is any indication that your account might be compromised.
How do I make sure my passwords are strong enough?
Password safes often include a feature to generate pseudorandom passwords for you. They will end up looking like random strings of however many characters you choose. Choosing longer passwords of 20-30 characters is a great idea, even for unimportant services. For important ones, you may want to make your password even longer. With a password safe, using a longer password needn't be more effort than a shorter one, because the password safe can automatically type the password for you, or temporarily put it in your computer's clipboard so you can paste it into a site you access.
When it comes to generating a password that you're going to memorize yourself — for purposes like unlocking your computer's hard drive, or unlocking your password safe — don't just use a pass word; instead think of a pass phrase. It turns out that short strings that may seem random and hard to guess like '1xRtBd3' actually are far easier for computer to crack than long strings of randomly chosen (or close to it) English words, for example: 'captainswimminglymauvedolphin'. The latter password is also far easier to memorize. But it is important to note that for most kinds of passphrases, one should never use any text (including a name or phrase) that has ever been published verbatim anywhere. So in particular, 'captainswimminglymauvedolphin' is no longer a good passphrase.
We touch upon the issue of passphrase strength in our white paper on border security, and there is also a famous webcomic about the subject. Although passphrase strength is much more important in an offline context where an attacker has arbitrarily many attempts to guess a passphrase, we still recommend strong passphrases for online services given data breaches that effectively turn the online threat model into an offline threat model.