Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


versioncomment
11/08/2021Added this table
2019/01/15Created

Introduction

Part of the Synapse HIPAA/PHI compliance evaluation (PLFM-5197) has been focused on the existing password policy used by Synapse (PLFM-5210).  This evaluation has highlighted the need to reevaluate our existing Synapse Password Policy.  The following is the result of that evaluation.

...

  • Exponential back-off for failed password authentication attempts.
  • All passwords must be at least 8 characters.
    • No special characters requirements.
    • No forced password rotation.
    • No password strength meters.
  • Common passwords are blocked
  • All PHI is identified an and only accessible with Multi-factor authentication.
  • Eventually, completely replace Synapse managed passwords authentication with Google & ORCID authentication (see PLFM-5311).
  • Educate users not to reuse Synapse credentials anywhere else.

Note: The above recommendations closely mirror the recommendations from Microsoft [717946896].

What is the current Synapse Password Policy?

...

For decades, system administrators have assumed that password security was about preventing brute-force attacks.   A simple brute force attack consists of an aggressor attempting every possible permutation until correctly guessing the password.  So how doe do we measure the strength of a password to resist such an attack?

The guessing resistance of user-chosen passwords is often estimated by modeling passwords as random choices from a uniform distribution. ...

The logarithm of the size of this uniform distribution in this model is often called entropy, in reference to Claude Shannon’s famous measure H1 of the minimum average number of bits needed to encode symbols drawn from a distribution. - [6717946896]

  The size of a uniform distribution (D) is simply the complexity (c) raised to the power of length (l):

...

There are two problems with this model.  The first problem is users do not choose random passwords.  Users are far more likely to choose passwords based on predictable patterns [1717946896,2717946896,3717946896,6717946896].  The second problem is attackers know these patterns and will model their attacks accordingly [4717946896,5717946896].  There is also evidence attackers develop specially tailored attacks to counter new tricks learned by users such as xkcd's CorrectHorseBatteryStaple suggestion[4717946896].


The password "correcthorsebatterystaple" perfectly illustrates disconnect between how we model password strength and real users passwords.  According to the entropy model "correcthoresbatterystaple" belongs to the domain with 117 bits of entropy (log2(26^25)).  That level of entropy assumes each letter of each word contributes to the overall size of the distribution.  This assumption works for a simple brute force attack.  However, if the attacker knows this trick they can try word combinations instead of letter combinations.  If the attacker uses the top 100 most common words in every possible combination with string of up to four words, then the actual size of the domain is actually 26 bits of entropy (log2(100^4)) instead of 117.  Since it is difficult to memorize four random words in a string, but easy to memorize a real phrase, users are more likely to chose a real learning to choose  phrase for a password [717946896]Now an attacker Simple attacks can try the most common phrases, so the password "fromtimetotime" can be guessed in under 8 tries even though it has 66 bits of entropy.  More sophisticated attacks employ phrases from many sources including the Bible and Youtube [11].


If users are required to use special characters, they will simply change their password from often use simple leet substitutions such as changing "password" to "p@$$word".  If users are required to add digits they are likely to add them to the end so "password" becomes "password123" [717946896].  If they are required to use capital letters they will put the capitals at the beginning of each word, so "fromtimetotime" becomes "FromTimeToTime".  Each of these patters patterns are easily exploitable by attackers so password entropy is not actually increased with the increased complexity requirement [4717946896].


The basic idea behind password strength meters, is they help users choose better passwords.  One study found that password meters can encourage users to pick passwords with increased entropy 9.  If passwords are randomly generated then increasing password entropy would certainly slow down hackers.  But since users choose passwords using predictable patterns, the increase in entropy does not translate to stronger passwords.  Password strength meters continue to classify short randomly generated passwords as weak and long user-chosen passwords as strong which is backwards.

...

As one group of researches points even weak passwords are secure when there is a limit on the number of failed attempts 10[717946896].  This is why bank card PIN numbers are secure even though they might only have 13 bits of entropy.  With an enforced exponential backoff for failed attempts an attacker will have less than a few dozen attempts per year.  With so few attempts only the most common passwords would be hacked.  A system that blocks users from selecting the most common passwords combined with exponential backoff would be secure even when users choose "weak" passwords.

References

  1. Anchor
    1
    1
    Carnavalet, Xavier et al "A Large-Scale Evaluation of High-Impact Password Strength Meters" madiba.encs.concordia.ca, 2015.
  2. Anchor
    2
    2
    Zhang, Yinqian et al "The Security of Modern Password Expiration: A n Algorithmic Framework and Empirical Analysis" cs.unc.edu, 2010.
  3. Anchor
    3
    3
    Schneier, Bruce  "Real-World Passwords" schneier.com,
  4. Anchor
    4
    4
    Goodin, Dan "Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”" arstechnica.com, 2013.
  5. Anchor
    5
    5
    Schneier, Bruce  "Choosing Secure Passwords" schneier.com, 2014.
  6. Anchor
    6
    6
    Bonneau, Joseph et al "Passwords and the Evolution of Imperfect Authentication" jbonneau.com
  7. Anchor
    7
    7
    Wheeler, Daniel  "zxcvbn : Low-Budget Password Strength Estimation" usenix.org August 10–12, 2016
  8. Anchor
    8
    8
    Hicock, Robyn "Microsoft Password Guidance" microsoft.com
  9. Anchor
    9
    9
    Egelman, Serge et al "Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection" microsoft.com
  10. Anchor
    10
    10
    Florencio, Dinei et al "Do Strong Web Passwords Accomplish Anything?" microsoft.com
  11. Anchor
    11
    11
    Goodin, Dan "How the Bible and YouTube are fueling the next frontier of password cracking" arstechnica.com, 2013