Under the covers
Passwords are the duct tape of computer security. They are unreliable, ugly and leave a horrid mess. But they make problems go away really fast and so (almost) everyone uses them.
When I was a student, the design project in my analog electronics course involved making a 3D display on an oscilloscope. Besides meeting the spec, we had to make the product as cheap as possible. Most of the components only cost a few pennies but any manual adjustments cost us £5 ($8) each, a quarter of our budget. Products that require manual adjustments can't be produced on the automated pick and place machines that will assemble, solder and test fifty boards in the time it takes a person to adjust one.
Applying the same principle to passwords, I reckon that the true cost is roughly $100 for each strong password that is to be memorized. And passwords that are to be used infrequently should cost a great deal more.
Use of passwords would disappear overnight if systems architects were charged $100 for each password their end users had to remember. But that doesn't happen of course. The cost is passed on to the customer who passes it on to the user who can either follow the rules or devise a strategy to mitigate the cost.
The strategies I use for mitigating the cost of passwords is straightforward. First I ask myself who owns the asset that is being protected. Is it:
Until we added password management features to the Mesh, I used the same password for all the systems in the third category. The last time changed my low security password about a decade ago when Web sites began requiring every password to contain a capital letter and a digit. At that point, I changed from using 'nottelling' to 'Nottelling1'.
I do use strong passwords when I own the asset that is at risk; my email, Twitter, FaceBook accounts. But I don't use a strong password for the accounts that give me access to the New York Times or any other paid content.
The fundamental problem with using passwords is that they are supposed to be easy to remember and difficult to guess. As if humans are so unpredictable that this is not a contradiction in terms.
'Everyone' is agreed that weak passwords are 'insecure'. But as everyone who has chosen a 'strong' password and forgotten it knows, you are much more likely to lose your job because your password is too strong and you forgot it than because you chose a weak password and it was guessed.
Users are told to use different passwords on each system they use and to never write them down. This is because the user has to give their password to each system they use it on. If a user uses the same password on every system they use, a breach on just one of those systems will allow an attacker to compromise every other machine.
Of course the cost to the user of choosing a different strong password for every site they might use is utterly ridiculous. And trying to use a hundred different passwords is virtually impossible. If someone can remember different cryptographically strong passwords and the site usernames and which go with which site for a hundred sites they should be on stage doing a 'memory man' act.
But it isn't just users who carelessly share passwords. Big companies like Apple and Cisco think that shared passwords are just fine when it comes to selling wireless networking gear. As of today, using a password shared across every device is the only method of securing consumer WiFi networks. There is a public key based authentication scheme called 802.11X and one of the stretch goals I have for the Mesh is to make use of that capability practical for consumers rather than being a checklist item for the enterprise buyers.
The core problem of using secrets to authenticate is that any password a that is difficult for an attacker to guess is going to be difficult to remember.
In cryptography we like the work factor to be at least 2^128. That means a random password of 25 letters and digits. It might just be possible for humans to remember passwords that long as their Mesh fingerprint that never changes in their life. Expecting someone to use that for their work account is going to be a mistaken assumption no matter who the employer is or what is at stake.
Work factor hardening of passwords allows the use of somewhat shorter passwords but at significant cost. Making a machine perform 32,768 rounds of SHA-2-512 to verify a password instead of one makes the attack 2^15 times harder. But that only shaves three characters off the password length necessary to get to a decent security level.
These particular strategies were developed in 1992 in the wake of the launch of the Crack password cracker which sped up the dictionary attack used to break passwords in the day so a machine could make 35 password breaking attempts a second. Dictionary attacks have not been the most effective attack for over a decade. A password breaking machine built with commodity hardware costing less than $5000 can make 350 billion attempts a second. This exhausts every possible 8 letter password combination in 7 hours.
Randall Munroe's cartoon XKCD 936 is a great summary of the problems with passwords. Unfortunately, his proposed solution isn't much better. Using a dictionary with 32768 words to create a passphrase means 15 bits of entropy per word in the passphrase. To get to a work factor of 2^120 we need eight words.
If passwords are so bad, why do they survive? The answer is that while they are hopelessly insecure, they do have some important practical advantages.
The one major advantage of passwords is that they work on every device with a screen and a keyboard. They don't work very well but they work a lot better than trying to put a smartcard into a computer that doesn't have a slot.
Before smartphones became ubiquitous, the other big advantage of passwords over the alternatives was that they didn't need any extra hardware. Security tokens cost money to issue, they get lost, they break and people just don't like carrying them around.
Another major advantage of using passwords is that a user can delegate their authority to another person by sharing the password with them.
This is not an advantage as far as the system administrators are concerned. of course. But it is one of the main reasons attempts at deploying strong authentication fail. Faced with a choice between following policy and getting their job done, most people do what is more likely to get them promoted.
It is not unusual to find organizations where the administrative burden of getting accounts set up mean that temporary staff use a pool of shared passwords. It is of course impossible to know who did what afterwards. So the staff with least investment in the organization have the least accountability.
People have been proposing 'single sign on' solutions to 'replace passwords' for decades. And most of them have not got very far and those that have got somewhere have merely reduced the number of parties that are required to act as password verifiers. None of the fundamental problems of using passwords have been addressed.
If we are going to replace passwords we need to focus on the deployment problem and in particular the problem of how to get to critical mass. For this reason, the Mesh strategy to eliminate passwords has two stages.
There are many commercial providers of password manager products but very few even document how they secure the passwords and none to my knowledge use end-to-end encryption to secure the password data.
The Mesh provides an open specifications based, password management infrastructure that is end-to-end secure. Compromise of the Mesh cannot lead to compromise of the user's passwords because the password data stored in the Mesh is encrypted and the user has sole control of all the decryption keys.
If the number of Mesh users reaches critical mass, it is likely that sites making use of password authentication will become interested in making use of the Mesh confirmation protocol for authentication.
If a site has registered a user's Mesh fingerprint, they can use any form of authentication that the user advertises credentials for in their personal profile.