The latest XKCD comic identifies one of the major security failings of the internet today: the tendency of users to use the same password on more than one important site. It’s fine to use the same password for a bunch of news sites that do not store important personal information. What’s foolish is using the same password for a potentially vulnerable site and for something important, like a bank’s website or the password on an encrypted hard drive partition. Doing so risks allowing someone to compromise your information, one step at a time.
Another related risk is password recovery systems. Countless websites allow users to either have their password emailed to them or reset their password via email. That means that anybody who gains access to an email account linked to such features can then gain access to any sites that rely on that sort of password replacement system.
The wisest thing seems to be using strong unique passwords for email and other important sites, then having a couple of lower tier passwords to use for general sites that do not pose security risks. Random.org has a password generator, though the trick of building up a password from a memorable piece of music or poetry is probably less troublesome and still quite secure. An alternative approach is to have unique passwords for everything and rely on a password management program (or a piece of paper kept guarded in your wallet) to keep track of them.
Online security would also be better if all sites allowed the use of passphrases, rather than just passwords (and sometimes ones with an absurdly short maximum length). Two-factor authentication can also help.
I think this problem will decline as we are able to use credentials from secure services to log in to more trivial services; if I can use Facebook to log in to NYTimes (giving them the demographic data they need for advertisers), then I don’t need to create a password and run the risk of duplicating my bank password.
Of course, that opens up new kinds of vulnerabilities as people target the infrastructure that enables such universal logins.
I presume you realise that a piece of paper in your wallet is a disastrously bad idea unless you are confident that nobody untrustworthy will ever have access to your wallet?
The wallet approach may not suit everyone, but it has a number of advantages. Basically, we all know how to defend wallets. There are no clever mathematical attacks that can be launched against them, and we protect them anyhow because they contain other valuable things.
I wouldn’t recommend this approach for those who live with people who they do not trust, but if your wallet is safe in your pocket and safe at home, it seems a decent place to keep passwords.
But your wallet is lose-able. And if you do lose it, you have a bunch of passwords, a bank card, a credit card and an ID. Seems like a recipe for disaster.
June 17, 2005
Write Down Your Password
Microsoft’s Jesper Johansson urged people to write down their passwords.
This is good advice, and I’ve been saying it for years.
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
And if you do lose it, you have a bunch of passwords, a bank card, a credit card and an ID. Seems like a recipe for disaster.
That is a risk, definitely. A couple of protective measures could be to not write down your entire password – keeping a secret stub memorized – and being ready to switch your passwords quickly if you lose your wallet.
if your wallet is safe in your pocket and safe at home But your wallet isn’t safe in your pocket or in your home – wallets are frequently stolen from both those locations. My guess is that in most cases you’re far more at risk of having a wallet stolen than of having someone hack your passwords online. Of course, often thefts of minor items are motivated by money for drugs, so they probably wouldn’t pay much attention to pieces of paper, but that’s a pretty big gamble. Moreover, the more people write down their passwords, the more thieves will gain from stealing wallets, so it’s only safe if very few people do it – otherwise you’re encouraging much higher rates of mugging and robberies conducted while the householder sleeps.
On top of that, many services explicitly instruct you NOT to write down your password and will require you to pay any losses associated with your failure of security. If you wrote your online banking password down, had it stolen and your account cleaned out then your bank will blame you, whereas if someone manages to get access to the account by somehow guessing your password then the bank is likely to pick up the costs (and then strengthen their own security, e.g. through longer passwords).
“How many have (a) password policy that says under penalty of death you shall not write down your password?” asked Johansson, to which the majority of attendees raised their hands in agreement. “I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them.”
According to Johansson, use of the same password reduces overall security.
“Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it,” Johansson said. “If I write them down and then protect the piece of paper–or whatever it is I wrote them down on–there is nothing wrong with that. That allows us to remember more passwords and better passwords.”
The people who raise the issue of losing wallets are right, but it would also require a superhuman memory to maintain good password security without aids, these days. If you want to have strong passwords for every important site and change them regularly, you just need to record them somewhere.
The trickiest is sites that are important but rarely accessed. There, it is especially easy to forget a secure password, through lack of use.
The people who raise the issue of losing wallets are right, but it would also require a superhuman memory to maintain good password security without aids, these days.
I disagree. I have 3 “Secure passwords” I use: 1 for gmail, one for my bank, and one for my credit card. I have committed them to memory, (they have memorable things about them), but they are based on my obscure thought processes, and thus extremely unlikely to be guessed even by people who know me well. They change, but usually within the realm on which they were originally based.
My other passwords are less secure and quite possibly guessed, but they don’t matter as much.
That sounds like a good system, as well.
One thing I would recommend is at least keeping a written record of passwords in some very secure place – a bank’s safe deposit box, if you like.
I have some encrypted archives from high school and my undergrad years to which I have forgotten the passwords. I wish I had stored them somewhere secure.
Google Apps Gets Two-Factor Security
“Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user’s mobile phone. It’s good to have this for free, and it backs up Google’s assertion that cloud apps are more secure — but it doesn’t answer how it helps if an intruder is getting into Apps through a lost or stolen phone.”
So in general: you don’t need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts. You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you’ve shared a computer with, change them all.
Two final points. One, this advice is for login passwords. There’s no reason to change any password that is a key to an encrypted file. Just keep the same password as long as you keep the file, unless you suspect it’s been compromised. And two, it’s far more important to choose a good password for the sites that matter — don’t worry about sites you don’t care about that nonetheless demand that you register and choose a password — in the first place than it is to change it. So if you have to worry about something, worry about that. And write your passwords down, or use a program like PasswordSafe.
One definite downside of strong passwords is stress. Trying to remember a bunch of strong passwords is quite stressful. You worry that you will lose access to something important because one has slipped your mind. That’s an especially big worry for any kind of computer archive, since it might be months or years before you need to remember the password again.
It’s possible to lose encrypted archives forever because you forgot a password before you remembered to write it down and lock it up. I have. My earliest encrypted archives, made when I was tinkering around with PGP back in elementary school, are now inaccessible to me because I have forgotten the passwords. I wonder what’s inside them; I am sure I have forgotten it completely.
You can also be inconvenienced for a long while by forgetting your password. I have been embarrassed before by forgetting the PIN for a rarely used credit card. I was all set to buy something and couldn’t. I have also forgotten my password for filing taxes online, and have been waiting more than a week for the Canada Revenue Agency to send me a new one.
Blizzard’s gaming service Battle.net seems to be the latest major website to get hacked and lose customer data.
As they are reporting on their website:
This illustrates why it is important to use a unique password for each website or service.