Why Passphrases are worse for being better: Peerio
May 3, 2018

Why Passphrases are worse for being better

Following the publication of How To Build A Billion Dollar Password, I spent an embarrassing amount of time diving deeper down the password rabbit hole. I conducted very deep research, ended up presenting at a conference dedicated to passwords, and then motioned to remove passphrases from Peerio entirely. Here’s how that happened and why passphrases are still pretty useful.

Our passphrases worked.

Originally we allowed users to select their own passwords. The only requirement was that they meet a certain estimated strength level. We used zxcvbn, a method of evaluating password strength developed by some of the folks at Dropbox.

After shifting to randomly generated passphrases, we found people were less likely to forget their password and more likely to memorize the randomly generated passphrase over the one they selected themselves!

We made passphrases better.

As Peerio’s head of product, I was of course thrilled to see my research show signs of improvement, but I was also convinced we could do better. I started expanding my research to cognitive science, human memory, linguistics, and user experience design.

I went so deep I ended up building entirely new word lists for passphrase generation for a dozen different languages. I found myself giving a talk at PasswordsCon, a conference dedicated to passwords, to present my research on how we can improve passphrases.

This word list ended up being researched even further by actual security academics at the University of Bonn and was found to be useful for other encryption tasks as well.

We removed passphrases from Peerio. Why?

Then, near the end of 2017, we decided to remove passphrases from Peerio entirely. Why?

If you’ve made it this far, then you know why randomly generated passphrases make good passwords: they’re extremely hard to guess and generally easier to remember than random numbers, letters, and symbols.

But what if you didn’t know these things?

People don’t know what passphrases are.

All else being equal, when asked to memorize a string of characters, people would be more likely to remember “muse aims with lasting liable” than they would be to remember “eg-;UJ 0-L”.

The problem, we realized, was that this memorization was context specific. Passphrases would only perform better than letters and numbers if the person knew what these random words were actually for. Did people know why they were seeing random words when signing up for the Peerio service?

We conducted a series of user studies to get to the bottom of this problem. To test, we asked study participants to simply sign up for a new Peerio account. When signing up for Peerio, there is a step where users are given their “account key”, the password needed to login and access data in their account. Half the participants were given a randomly generated passphrase, the other half were given randomly generated numbers and letters.

Account key generation step of Peerio’s sign up

Expected difficulty vs unexpected ease.

The results were surprising. Participants would routinely just read straight past the actual passphrase. Maybe this is because the words of the passphrase blended in with the explanatory text, even when made visually distinct. Maybe it’s because people have expectations about signing up for a service, and they simply skimmed past the explanation. Whatever the exact cause, we observed that because passphrases didn’t look like a password, “account key”, or “activation code”, that people were familiar with, our study participants were less likely to ascribe importance to them, record them somewhere, or try to memorize them.

In contrast, the formulation of random letters and numbers pictured above was qualitatively described as difficult, impossible to remember, but secure and important for the account. The vast majority of participants recognized these random letters and numbers as some sort of “account key” needed to activate or login to the service. Not a single participant tried to memorize this account key, but 100% of them made efforts to download their recovery documents or add the account key to a password manager.

In short, if a person expects a certain level of difficulty when it comes to passwords, making the password unexpectedly easier (to type and remember) actually made it less likely that the average person would remember. Only people who knew the role of the passphrase and what to expect were benefited.

Expected ease.

While bummed that my deep dive of passphrase research didn’t pan out like I hoped, we did learn some valuable lessons.

  1. Memorizing a password is ideal, but in practice safe storage (like a password manager) works better for many people.
  2. Expectation plays a critical role in designing for security; so much so that a better unexpected solution was outperformed by a worse expected solution.
  3. Passphrases are still really useful, if you know why they’re useful.
  4. When designing for security, designs should be to expectably easy, or find ways to skip the expectably difficult steps.

So now resided to using alphanumeric account keys, I shifted focus to find ways to make Peerio’s login expectably easy. We added fingerprint authentication for mobile devices. We gave people to option to “auto-login” on a device, so they wouldn’t need to enter a password each time. We made the recovery document more visible in sign up, easier to find in settings, and made the document itself a friendlier reminder about why the document was important. We’ve got a handful of additional improvements in the pipeline.

Through these small fixes, we’ve seen dramatic improvements to our users’ ability to preserve and protect account keys — account keys that still cost $1 billion dollars to crack!

And if you’re still sold on Peerio’s passphrases, you can always build your own at https://passphrases.peerio.com/