Lengthy, thought-provoking blog post about the impact of AI and quantum computing on password security.
If you’re curious about the lengths of your passwords, you can export your passwords as a CSV file from most common password managers, and then use the LEN function in Excel or Numbers to calculate the number of characters in each password. From there, you can sort quickly by length. I presume the syntax is the same or similar in LibreOffice. (Specific steps are left as an exercise for the reader.)
“Of course, a big caveat in all of this are systems that are capable of accepting 25-character or longer passwords. Most websites and services I am aware of do not”
Also, though not really mentioned, if you have two-factor authentication (like with an authenticator app), unbreakable security of your password is not as critical since it’s just one factor to get into your account. I’d say random 12-char password + two-factor (not SMS or email) is fine for 99% use cases.
Yes, but we don’t know when quantum computers will become practical. And when that happens, it will take some time to migrate to something that remains secure.
This is why NIST, in 2016, put out a call for researchers to develop encryption algorithms that are resistant to cracking by quantum computers. And four were published in 2022.
The cool thing is that you don’t need a quantum computer to use these algorithms - someone who knows the correct keys can run them with little more CPU power than is needed for today’s algorithms (which can be broken by sufficiently fast prime factorization - making them vulnerable to quantum computers).
But it takes time for these algorithms to be deployed far enough and wide enough that they can be used as the default algorithms. Which is why switching now is a good idea.
Of course, this has nothing at all to do with the length of your password. And the original article doesn’t say so - they are recommending additional length in order to slow down AI-based password-guessers.
If there is concern about a quantum computer guessing a password (by trying all zillion combinations at once?), length isn’t going to help much. But a passkey built over one of those quantum-safe encryption algorithms will probably work.
While passkeys use asymmetric algorithms, and asymmetric algorithms are vulnerable to quantum computing (though passkeys since about last year are using quantum-resistant algorithms), I thought that standard passwords use symmetric encryption (basically AES), which are not nearly as vulnerable to quantum cracking (e.g., it reduces the problem by half, so half a century instead of a full century, etc.)?
So adding a few extra random characters should be more than sufficient against quantum computers at least.
That’s an oversimplification. Today’s popular asymmetric algorithms are vulnerable to any attack that can rapidly prime-factorize huge numbers, which makes them vulnerable to quantum computing.
But in 2022, NIST published four quantum-resistant algorithms. There’s no technical reason why we couldn’t start using them today.
Please read my comment and read the linked article and video, which explains all this pretty thoroughly.
And password length won’t do a thing against quantum computing. The original article never made that claim. It is recommending length against AI-based password guessers, which is being used today.
But if you are already using a password manager to create, store, and fill in a 12-character password, what additional effort is there in using a longer one?
That’s not my experience. I use 25-character passwords by default – because, as @Nello said, if you have a password manager, then why not? I’d say that 95% of the time they’re accepted just fine.
I do agree it’s a pain not to know in advance of any length limitations. But a more common issue is to discover that my special characters are “too special” – for instance, the system wants “,” or “!” but not “^” or “_”. Head-banging stuff.
To deal with quantum computers, “If it used to take 12-character or longer truly random passwords to be secure, now you need 25-character truly random passwords.”
By the way, the default length for new passwords in Apple’s Passwords app is 20 characters.
I reviewed the length of my current passwords using the method I mentioned in my original post. Most are twenty or more characters, though I admit I was surprised by the number that were twelve or smaller, including a couple of old passwords that were only eight characters. One of the short passwords actually was for a somewhat sensitive site.
If you haven’t checked your passwords in awhile, it’s not a bad idea to verify the lengths of your old passwords and update the short ones.
And many still use the debunked “Minimum of 8 characters containing at least one uppercase. one lowercase, one numeral, and one special character” requirement and then reject passwords that contain special characters that aren’t approved by the site!
Grover’s algorithm for quantum computers suggests that it will halve the time it takes to brute-force guess a symmetric key password. A random 12 character password using letters/caps, digits, and symbols (94 character alphabet) has 79 bits of entropy. One more bit of entropy should double the time it takes to brute-force guess a password, and 80 bits of entropy is 13 characters.
That said - whenever I can, I use 20 random characters. For now that still feels safe. And, yes, I also still have one or two web sites that limit length to 12, that limit the symbol set, which is dumb, which also suggests that maybe they are storing the password rather than a salted hash of the password, which is not good.
I’ve set my 1Password generator at 20 characters too, and I don’t recall ever having problems with it due to the site not accepting a password of that length.
The big thing with quantum computing, as I understand it, is not so much passwords, but other information that’s encrypted now. The bad guys can harvest that data now and hold onto it until quantum decryption becomes a thing. A lot of it won’t be relevant by then, but plenty may still be sensitive.
A fair amount since most sites make it difficult to change an existing password (it can be even trickier if you’re using a password manager). You have to figure out where the site is hiding that option (every site is different), put in your old password and then the new password twice, and then store all that in your password manager. Some sites send you SMS or email codes to confirm the password change.
And sometimes the site then rejects the new password for some obscure reason (too long, didn’t like one of your special characters, or you didn’t include enough required special characters). If at that point you’ve already deleted the old password from your manager, you’re screwed (I always save the old password in the “notes” field of 1P until I am certain the new password works).
I would say that if you’re creating a new account, by all means use as long a password as it will take! Why not? But updating hundreds of existing passwords for a theoretical future quantum attack… might be overkill.
FWIW, Firefox’s password manager recognizes most password-change forms and presents a popup asking if you want to change the saved password.
The popup persists, so I can leave it on-screen until I know the site has accepted the new password, then click the button to save it, or click the “not now” button to not save it if the site didn’t accept it.
1Password does keep password history when you change a password - on MacOS, click on the drop-down arrow control to the right of the password field. If you’ve ever changed it, it will have a “password history” entry. This has saved me more than once.
Bitwarden has this, too. Apple Passwords also stores password history.
But, like you, I try to keep a field with all of my old passwords. Old habits die hard.
1Password does this. (Bitwarden as well.)
Do I wait to hit save until I know that the password worked? Not always! I just did this a couple of weeks ago (with that website I mentioned earlier than limits password length to 12 characters.)
