With the security industry moving towards passkeys, the intrinsic benefits of a strong password have become more apparent to me. There’s a simple beauty to a password in that the only place it’s stored is in your brain. You don’t have to maintain possession of a device, it doesn’t rely on any specialized interfaces, and when done correctly, a strong password is secure.
The downside of course is that 99% of passwords people choose will never provide enough entropy to securely encrypt data.
Today we are trialing Fuzzypass, a new type of knowledge-based authentication that essentially tricks your brain into easily remembering 100 bits of entropy using cued recall. Humans are famously bad at remembering exact information such as which letter you decided to capitalize and where you put the exclamation mark this time. Was it Tr0ub4dor&3 or Tr0ubad0r&3? That one tiny difference means you’re locked out with a typical password. Fuzzypass works by allowing you to remember associations rather than specifics.
With Fuzzypass, you pick a numbered list of between 8 to 12 words. For example, let’s say you choose 10 words. Each word is associated with a “lock” that is a number from 1 to 10, each with a distinct color and symbol:
When you go to login, you are presented with 3 random locks such as:
To authenticate, you must type in the right words associated with those numbers as one string. If you get it wrong, the locks shift to give you another try with different words. In this way you can theoretically still login while only remembering 30% of your Fuzzypass. You can try it now with a free Locke ID or watch this demo video if you don’t want to register an account.
Usability
At first blush this system may seem like it is more complicated than a password and will be harder to remember. But human memory is unintuitive and it’s much easier for us to remember fuzzy associations than an exact piece of information. Even if you forget a few of the words, or mess up the order, you will still likely be able login after a few tries since the required words change each time. This error-correction mechanism is surprisingly powerful, allowing your brain to deduce the words if you’ve forgotten the order.
Admittedly the cognitive overhead of Fuzzypass is initially higher than that of a master password, since you’ll need to mentally count out your words to determine which locks they aree associated with. However after a few practice attempts, the power of cued recall and spaced repetition kicks in. Your brain will automatically “peg” each of your words to the associated lock, and you’ll be able to login without mentally reciting your entire Fuzzypass.
In addition, being that the words are all lowercase, the accuracy of each auth attempt is typically higher than a password with symbols and caps in my personal experience, and the time to type is less, especially on mobile. But as a result we can now encrypt your backup key with a full 10 word passphrase providing approximately 100 bits of entropy; enough for strong single factor recovery.
Security Guarantees
Baked into Fuzzypass is strong key encryption that uses a local non-extractable 256 bit key to sign HMACs that encrypt your symmetric key. This means that normal authentication on a known device provides the security of 2FA, while authenticating on an unknown device will require your full Fuzzypass.
The weakest single component of Fuzzypass is the hashed permutations of 3 words used for client-side authentication. With 3 words, we are eeking out between 30 and 40 bits of entropy. But since the server requires a different permutation of 3 words each time, an attacker would have to keep track of all 720 permutations (assuming 10 total words) in order to guess your Fuzzypass. That adds an additional ~9 bits of entropy to the stack. And of course being client-side, these attempts are rate-limited to make brute-force attacks essentially impossible.
So in reality, the weakest single component of Fuzzypass is the full length Fuzzypass that is used to backup an encrypted copy of your local strong key to allow authentication from new devices.
Entropy & Perplexity
It’s commonly known that a password’s strength is determined by the amount of chances it would take on average to guess it, measured by bits of entropy.
But it’s not so simple. With modern machine learning practices, people are using AI to more accurately guess passwords. Calculating the true strength of a password is more difficult than the basic log2(search_space ^ characters) formula. With Fuzzypass, we are using words. People use words to create logical sentences. And since we want people to remember their Fuzzypass, we don’t want to force people to choose random words like Diceware.
That means that when someone uses a logical sentence, the search space for a given word is much less than with a truly random passphrase. The true strength of a passphrase like Fuzzypass is based not on the size of the dictionary that the words came from, but on how likely it would be for an LLM to guess it. This metric is called perplexity and it’s vital we take it into account when designing Fuzzypass.
Perplexity is essentially how likely the next word is as measured by a language model. For our purposes we tested a few different models to get an idea of what we were working with:
- A Coherent Sentence: A phrase like “I want to go to the big store now” has very low perplexity. With 8 words we fall to a low ~45 bits.
- Ideal Diceware (Random): An 8-word list of truly random words from the EFF wordlist has a perplexity of 7,776, yielding ~103 bits of entropy. This is ideal.
- Fuzzypass “Nonsense Sentence”: Our system guides users toward grammatically correct but semantically strange phrases (e.g., “Little lazy croc swims amongst men from down under scared“). From our testing this 10 word sentence yields ~99.40 bits—a vast improvement over a normal sentence while being far more memorable than diceware.
This means that Fuzzypass far exceeds the recommended password complexity from Bitwarden:
“Therefore, the standard recommendation for a Bitwarden master password is to use a random 4-word passphrase (52 bits of entropy). If you are concerned about “steal now crack later” threats, then use a passphrase containing 5–7 words (one extra word for every 25-years of future-proofing against attacks using conventional computers that have improved over time according to Moore’s Law), or use an 8-word passphrase to protect against future cracking attempts using quantum computers.”
Being a 3 person startup we didn’t have the resources to calculate perplexity of test phrases using big LLMs, so these numbers are based on what I can run locally. If anyone wants to run the numbers with larger models please be my guest! I actually noticed that some of the larger models I tested scored worse, presumably because their overall vocabulary is larger.
Additional Security Properties
In addition, Fuzzypass adds quasi-protection against keylogging and shoulder surfing attacks as it becomes more challenging to gather the secret and determine which words are associated with which locks. You could make the claim that this also applies to phishing, but we don’t. Realistically, attackers are smart enough to trick you into entering your entire Fuzzypass. Instead we combat phishing in Locke ID through a separate mechanism called Secure Inboxes.
A goal we didn’t achieve with Fuzzypass was to make it impossible for people to choose insecure wordlists. Unfortunately, if you choose a well known quote or rhyme, you may be just as liable to social engineering as a normal password. Our perplexity calculator is an attempt to mitigate the problem, but it’s not perfect.
Demo Video
Conclusion
Fuzzypass is a bit out there, I admit. While we’ve run one formal usability study and the results were promising, we’re not positive how this will actually play out in a production environment for most people. That’s why we decided to release it for free as part of Locke ID, our cross-platform digital identity management system that manages your passwords, encrypts your files, and hides your email from phishers and spammers.
Try it out, we welcome feedback. Tell us it sucks, tell us it’s nonsense. We’re here to learn if there is still room to innovate in authentication.
While passkeys are a genuine improvement on passwords for most applications, they are not an ideal solution for a master account as they lack recoverability. The user experience of passkeys is opaque at best, normal people have no idea what they are, and they further force the average internet user to be reliant on tech giants like Google and Apple for access to their digital life.
Our goal with Fuzzypass is to make good security an easy and somewhat joyful experience. Our goal with Locke is to enable individuals to control their digital identity.
2 replies on “Fuzzypass: 100 Bits of Remembered Entropy”
Very interesting! I am interested in testing it, but not sure how I will like it.
Thanks Tim! You can try it now with a free Locke ID, register at https://app.locke.id/onboard