Passphrase Strength Meter for Persistence Wizard (#15027) · Issues · tails / tails

Passphrase Strength Meter for Persistence Wizard

Originally created by @huertanix on #15027 (Redmine)

Most trainings I’ve helped with around Tails have surfaced the need for prerequisite training on credential security and how to choose a strong passphrase for persistent volumes. Most of the time, however, that in-person training is not possible, and users resort to using weak passwords, or passwords that they are convinced are strong because of the late-90s era password rules on website accounts that tell them they are choosing strong passwords but really are not.

Rather than rely on the long history of users choosing weak passwords, it would be great to include a passphrase strength meter when users are choosing an persistence passphrase. A lot of research has been done in this field and some researchers at CMU has released some of it here: https://engineering.cmu.edu/news-events/news/2017/05/11-password-meter.html including source code: https://github.com/cupslab/password_meter. Implementing something like this would help people choose strong passphrases to make their strong encryption worthwhile.

Note: A user can still change their strong passphrase to a weak one using the Disks utility after creating the partition in case if there’s some edge case that requires a weak password.

Related issues

Is duplicate of #7002

_Originally created by @huertanix on [#15027 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/15027)_

Most trainings I’ve helped with around Tails have surfaced the need for
prerequisite training on credential security and how to choose a strong
passphrase for persistent volumes. Most of the time, however, that
in-person training is not possible, and users resort to using weak
passwords, or passwords that they are convinced are strong because of
the late-90s era password rules on website accounts that tell them they
are choosing strong passwords but really are not.

Rather than rely on the long history of users choosing weak passwords,
it would be great to include a passphrase strength meter when users are
choosing an persistence passphrase. A lot of research has been done in
this field and some researchers at CMU has released some of it here:
<https://engineering.cmu.edu/news-events/news/2017/05/11-password-meter.html>
including source code: <https://github.com/cupslab/password_meter>.
Implementing something like this would help people choose strong
passphrases to make their strong encryption worthwhile.

**Note**: A user can still change their strong passphrase to a weak one
using the Disks utility after creating the partition in case if there’s
some edge case that requires a weak password.

### Related issues

- **Is duplicate of** tails/tails#7002

Edited May 15, 2020 by huertanix

To upload designs, you'll need to enable LFS. More information