
Project Svalbard: The Future of Have I Been Pwned - benmarks
https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/
======
onli
But we see that so often. The original founder of a thing has a list of
requirements he wants met, he wants to stay onboard. But then stuff happens
and the buyer uses his control. Think Instagram, Whatsapp, Tumblr(?) - there
are thousand examples.

I'd hope Troy reconsidered the "just create a business yourself" solution.
That could be structured in a way that makes sure the trust Troy earned stays
linked to the project. And a bootstrapped company starting from the profitable
position I assume HIBP is in now (with the business deals) does not at all
have to mean more work for him. He could just offload the work he can't handle
anymore to employees.

An acquisition to anyone not as trustworthy as the current solution/the
candidates like Mozilla mentioned here would be a disaster mid to longterm.

~~~
mmaunder
For context, I've sold a business, been a full time entrepreneur for about 16
years, got it wrong many times and am currently the founder/CEO of a biz with
a team of around 40 people, strong cashflow and we continue to grow and
innovate - and we're founder controlled.

I met with Troy briefly for coffee about 8 to 12 months ago and we chatted a
bit about this. I sensed his aversion to growing the biz back then. Seemed
like he'd made up his mind. This post from him reinforces that. Even so I feel
compelled to post a few thoughts.

Troy is an implementer. I was too. I was a dev guy who started as an ops guy.
I really really wanted to build a business and for over a decade I tried to do
it myself by writing my own code, doing my own ops, doing my own marketing and
so on. It was very very hard, and after many failures and almost financially
ruining me, I got to a place where I have an amazing biz and amazing team and
I've turned myself into an exec who is no longer doing the day to day
implementation, but is leading and coordinating.

This transition is very hard to make for folks like most of the people here -
including myself. You have the sense that it's all on you. I need to repeat
that in caps because that's how it feels. IT'S ALL ON YOU. I think this deep
sense of accountability is what makes great devs and great ops people very
good at what they do. But it also is perhaps what leads to burnout.

For an entrepreneur, it really is all on you. That work isn't going to do
itself. And so that sense is even more visceral when you're a one man show.
Now imagine you're running at the scale of HIBP. Pretty hardcore.

When I made the transition to being a leader and once I had a team behind me,
the feeling was a bit like I'd imagine one might feel getting over a traumatic
experience. It took a while. I felt like I could breathe again. I never wanted
to go back to that place, if I have to be perfectly honest. It's a rough gig.

I think the trouble here is that Troy thinks that scaling HIBP is going to be
more of the same. More of everything being on him, more work, more
implementation, more accountability, more more more!!!

It doesn't work that way and I'm going to use my own path to growing a team
(and regaining my sanity) to describe how it actually does (and can) work.

If one were to not sell HIBP and not raise money but instead grow it yourself
into a business, it might work thusly:

1\. Immediately work on developing strong cashflow for HIBP. Unfortunately
this step is going to take some implementing from Troy. However, with good
planning, you can probably hire some help and perhaps even do so in exchange
for equity/options if you hire a good lawyer and can structure a cost
effective deal. This stage is critical and I'd encourage Troy to get as much
advice from other seasoned entrepreneurs as possible. Not folks who have
raised VC, but who have actually created cashflow out of thin air. It's a dark
art, but many of us know how to do exactly that.

2\. Once you launch, it will take a while for the full revenue potential of
the business to reveal itself. Cashflow takes a while to kick in and you will
take a while to optimize it. e.g. many simply won't know that HIBP now has a
paid option. That will take months, perhaps longer. So keep working and wait
it out. I've seen this in every single successful cash generating biz I've
created. At first it's a trickle, then a stream, then a river, then a
wonderful fun and exciting deluge.

3\. Once you can demonstrate that the biz is clearly going to grow into
something with strong cashflow, you can start making your first hires. I would
suggest hiring dev first. At this point you are going to have to do something
very difficult. Step back from the coal face and trust your first employee.
This was huge for me but thanks to Harvard Biz Review etc writing about this
founder dilemma over and over, I was primed and I wasn't going to be the baker
that can't get out of the kitchen. So I 100% delegated the job to an amazing
person who remains with our team to this day. Once I could hire for ops, did
the same. Rinse, repeat. Grow the team.

4\. As your expenditures increase, you will need to be very good at managing
cashflow. That is because at some point growth will pause. When that happens,
if you don't realize that you will run out of money in X months, it will sneak
up on you and you will lose the business. It happens every week around the
world. Execs take their eye off the cashflow for a few months and byeeeee. Not
everyone has the appetite for finance. Some are mildly or even severely
allergic. I'm on that spectrum and thankfully my co-founder has a passion for
it and happens to be very good at it. This has literally saved our asses and
we too went through that growth pause. So if you are allergic, find someone
who isn't. This is critical.

Once you do the above, if you build a team you can trust and you are very good
at stepping back, finding and motivating talented people and carefully guiding
the direction of the biz, things can get weird. You'll see a lot of executives
talking about burnout, about how they work 20 hour days and the pressures of
being a leader etc. But in your case you'll find that you have more free time
and more mental bandwidth to shape the direction of the biz. You'll wake up
one morning not sure what to do because you won't have a job anymore. You will
have fired yourself from dev, ops, customer service, finance, HR, marketing,
blogging and everything else. You'll go "oh shit, what am I supposed to do?"

The answer to this question is really fun: Whatever you and the business want
to do. And guess what? You have a CEO who is the company founder and has a ton
of energy and bandwidth to continue innovating.

That's pretty much the end of this post. I want to add a few more notes:

Delegating is hard for several reasons: If you're a dev and you have to
delegate dev, you need to realize there are developers out there that are
better than you and you will need to learn to trust them. You also need to
understand that you're firing yourself from a job you are passionate about - a
job you have loved and gotten very good at for many years. This is tough.

To scale a biz, you need to continue to delegate, even the things you love
doing. Troy loves blogging and he writes epic tomes. But this too will need to
be delegated if he wants to run at maximum effectiveness. I know. I did this.
It was very hard. But I now have about 5+ writers in our organization and it's
freed me up to launch a video podcast which I am already beginning to delegate
to a certain extent.

VC is certainly an option, but know that each round you raise will also raise
the bar on what success means. Right now you own the biz and success means a
team that frees you up and cashflow that pays everyone better than market rate
salaries. After the first round, a $20MM exit will be the definition of
success. After a B and then C round north of $100MM will become success. And
so it goes.

I'd also like to note that HIBP has built an incredible brand and growth. This
is very hard to do. As Naval put it in a conversation I had with him not too
long ago, it's lightning in a bottle, and I truly think that HIBP is a great
example of lightning in a bottle. This won't happen again in Troy's lifetime.
And what he has right now makes it very easy to: recruit, hire, retain, get
help from other entrepreneurs, find customers, convince them to sign up,
convince them to pay, get them to continue to pay, etc. The list of benefits
is long. This kind of biz and brand is very hard to create. Troy's personal
reputation is sterling and he's one hell of a nice guy. He is young, smart,
healthy, well spoken. Seriously, you don't see this very often and it won't
happen again, so choose your path wisely if you're reading this Troy.

And finally - and this is really why I'm writing this as a reply to onli's
post - because I agree with their sentiment. Have no illusions that once you
sell, you 'exit' in a very real sense. You are no longer the owner of the
business. You are an employee. I'll also add that M&A folks are VERY good at
selling the dream. I was recently at a certain multi-billion dollar company's
offices who were trying to buy us. Their offices are based on Lake Washington
up here in the Pacific Northwest. The M&A guy actually suggested that once we
join their team we can ride to work in our boat. But in his defense, that's
his job. Sell the dream. However, in this case I know the reality because I've
been here before. Monday morning after you sell your company you will commute
to work in a car, sit in a cubicle or office if you're lucky and you will do
what you're told to do by the new owners of your business.

You will stare through those bars longing to roam the great plains once again
as a free and wild creature in control of your own destiny. Or as Bodhizafa
said in the final scene of the original Point Break: You know I can't handle a
cage man!

~~~
jshowa3
HIBP shouldn't be for profit because it's harvesting personal data and it
should be used as a mechanism for people to be aware of serious breaches.
There's a lot of legal entanglement possible with this with HIPAA being an
example of what can happen. It's probably a more difficult path, but in my
opinion, HIBP should be a tax funded service because it's largely a public
good product.

------
cm2187
I cannot say enough praises of Troy and HIBP. But it is a risky operation.

I understand HIBP derives its value from grey-ish hats sharing with Troy any
leaked dataset they find because they know him or because of his reputation.

If he leaves, it is not clear to me that his trust and reputation will stay
behind with the company running HIBP. The minute HIBP ceases to be the central
place for these new datasets to be shared, it ceases to be of any practical
use.

~~~
hkjayakumar
> I'll remain a part of HIBP. I fully intend to be part of the acquisition,
> that is some company gets me along with the project. HIBP's brand is
> intrinsically tied to mine and at present, it needs me to go along with it.

He's made it pretty clear in the blog post that he intends to stay on and has
acknowledged that his reputation plays an important part in making HIBP what
it is.

~~~
intended
Which matters little, because it matters who the ultimate boss is.

------
GordonS
I'd love to see a non-profit organisation like Mozilla pick this up, but
that's obviously going to mean a lot less money going to Troy.

OTOH, it's kind of difficult to begrudge Troy gaining financially from HIBP,
since he's spent years building it up and has helped increase security
awareness for so many people.

~~~
pbhjpbhj
HIBP only works because of trust in Troy Hunt, few organisations have that.

Maybe an organisation not involved in advertising at any level.

~~~
GordonS
It's definitely trust in Troy, and the level of transparency he's maintained,
that have led to HIBP being successful.

But I, personally, would now trust Mozilla with this, were there to take
ownership.

~~~
OskarS
I was just thinking, the only ones I can imagine taking ownership would be one
of the "big internet foundations" that have earned their trust: Mozilla, the
Internet Archive, Wikimedia, or the EFF. Of those, Mozilla and the EFF are the
only ones that make real sense. I hope it's one of them, and not fucking
Norton AntiVirus or whatever.

~~~
GordonS
I agree about EFF - I'd be happy with Mozilla or EFF.

------
w8rbt
I hope that the SHA1 hashes remain freely available for download. I use them
to build a bloom filter for password vetting.

We should all do away with password complexity rules (except minimum length)
and simply test a large, comprehensive exposed password bloom filter for
membership. It's very fast (constant time) and efficient and if the test
returns no, then it's safe for a user to select that password.

Here's the code: [https://github.com/w8rbt/bp](https://github.com/w8rbt/bp)

Also note that this approach satisfies the updated (June 2017) NIST 800-63-3B
password vetting guidelines.

~~~
ttt111222333
Cool! I did something similar. First I used a bloom filter then a golomb set.
[https://github.com/terencechow/pwnedpasswords](https://github.com/terencechow/pwnedpasswords)

~~~
w8rbt
Very nice. I've never used a Golomb Set (looks interesting). I bet we'll see
more organizations doing this and maybe in five to ten years, it'll be the
norm.

------
bookofjoe
Totally off topic, but still...: Many years ago, the New York Times did a
lengthy piece about the Svalbard Seed Repository, referring to it as being
located on "the island of Svalbard." It took repeated
emails/corrections/tweets by me before they finally corrected the story and
noted "Svalbard is not an island, it is an archipelago." All subsequent
references in the Times have got it right.

~~~
bookofjoe
Here is the correction, published on April 22, 2010:
[https://archive.nytimes.com/query.nytimes.com/gst/fullpage-9...](https://archive.nytimes.com/query.nytimes.com/gst/fullpage-9F0CE6DF163EF931A15757C0A9669D8B63.html)

~~~
bookofjoe
Here is the (corrected) original article — with correction appended —
published on April 15, 2010:
[https://archive.nytimes.com/query.nytimes.com/gst/fullpage-9...](https://archive.nytimes.com/query.nytimes.com/gst/fullpage-9402E4DA1238F936A25757C0A9669D8B63.html)

------
trollied
I'd like to see Let's Encrypt step up and run this service. Seems like a
natural fit.

~~~
peterburkimsher
ProtonMail/ProtonVPN would also be a good fit, but I doubt they could afford
it.

~~~
_underfl0w_
Just because they're tangentially related to infosec in some way doesn't mean
they'd be a good fit.

IIRC aren't there actually privacy concerns regarding Proton? That may just be
FUD.

Plus, I doubt they would maintain the level of transparency we've come to
expect from HIBP. They don't seem very... transparent.

------
reallydontask
It's a shame as this is _likely_ to mean that we end up with a worse service,
but completely understandable. hopefully, I will be proven wrong

------
arkitaip
This is really public utility work and should be treated like it instead of a
for-profit project. Many thanks to Troy for his hard work over the years for
making the internet a safer place.

~~~
la_barba
Sad, but people don't like paying taxes..

------
vermilingua
Worth mentioning that the value of HIBP is largely based on trust in Troy
Hunt. I think he’s an incredible guy who does incredible work; but he’s also
an Australian citizen. Due to our new surveillance laws, he could be forced to
backdoor HIBP, or more likely, Pwned Passwords.

This is possibly a step by Troy to mitigate that risk, and given his position
I’m surprised he didn’t mention that at all in this post.

~~~
paranoidrobot
What would backdooring HIBP achieve?

It's not a repository or method of communications.

~~~
vermilingua
Pwned Passwords uses tricky crypto to make sure his service never sees your
full password. He could use trickier crypto to make sure that it does.

~~~
paranoidrobot
I think that's a bit of a reach.

That's all client/requester side, which has been implemented on third party
sites/services. There'd be a lot of questions raised if suddenly it required
that you use a different technique.

A more subtle and (IMO) more realistic variant would be to backdoor the
javascript to capture all input on that site instead.

But you have to ask yourself - who would be the government target, in that
case?

They'd have to:

\- Have a technically sophisticated target where the government doesn't know
their password, and is unable to otherwise break their security (eg forcing
Google/Apple/Microsoft/etc to do the work, cloning devices, regular
surveilance) \- Have that same target also regularly test their passwords
against a password strength meter on the public webpage. \- Be willing to risk
a public leak that this was happening.

I don't think that anyone who meets the first point would be stupid enough to
meet the second. I mean, sure, people make plenty of dumb mistakes - but
surely not that one, repeatedly.

~~~
vermilingua
It is a reach yes, but that doesn’t change the fact that Troy is in a position
of trust; which may not be wise given his citizenship.

------
OJFord
In some ways, wouldn't it be great if the internet had evolved with,
analogously to DNS, 'User Name Servers', like a sort of global distributed
IAM?

Leak monitoring would be a service provided by the UNS, not falling to a
volunteer, and credential revocation could be automatic and immediate.

I suppose we sort of have that bolted on with OpenID/OAuth, but that's still
'choose a provider' rather than 'this is the one way', with many servers run
by different entities, but one 'system'.

~~~
jimktrains2
It's existed since 1988: LDAP/X.500[1] It's just not used globally because of
three reasons, as far as I can tell,

1) most people don't want their information public and searchable to that
extent

2) most orgs _want_ to silo you in or otherwise control your account

3) the org using x500 still needs to have their own permissions separate from
the central directory, which is the harder part of auth[nz], so just rolling
your own authn is often easier.

[1] [https://en.wikipedia.org/wiki/X.500](https://en.wikipedia.org/wiki/X.500)

~~~
OJFord
Ah yes, and Shibboleth is another I should've thought of in earlier comment.

I think you're absolutely right in particular with #2.

But if it had come originally, alongside DNS, 'everything has an address,
everyone has an identity', it might've been an unquestionable fact of the
internet.

Orgs can't silo you in to their alternate net where they have a more desirable
domain name, because it's just not practical or user friendly.

I just think it might have been so for user identity.

------
dhruvrrp
HIBP could be an excellent B2B offering for companies. Imagine someone like
Microsoft offering it as an addon to their business clients to improve
security practices.

Or a more independent company offering it as a standalone service, kinda like
Mozilla (Monitor) or even something like Symantec (tho they seem to be
bleeding money recently)

~~~
zrobotics
Mozilla monitor is just a front-end for HIBP though, as far as I've seen they
exclusively get their results from HIBP.

------
chaitanya
Many people here assuming that Troy Hunt will leave HIBP after selling it. He
explicitly mentions that he will remain a part of it:

> I'll remain a part of HIBP. I fully intend to be part of the acquisition,
> that is some company gets me along with the project. HIBP's brand is
> intrinsically tied to mine and at present, it needs me to go along with it.

~~~
flurdy
HIBP has little value without Troy, so he has to come as part of the package.

But for his own well-being over time he needs to delegate and divest himself
as the single bus factor for HIBP. But that does not have to happen instantly
and can be gradual without affecting the value of HIBP (in money and
usefulness for us).

Whoever purchases HIBP also knows this. And as with most acquisitions, they
eventually oust the founders. But for it to be successful it is after a long
time when it has properly matured into an organisation.

------
djee
I guess he's feeling the heat of sites that do more than parsing emails from
SPAM lists. These sites include full cracked passwords, HIBP 2.0, see e.g.
[https://scatteredsecrets.com/](https://scatteredsecrets.com/).

------
dreamcompiler
Brewster Kahle, are you here? This seems like something in your wheelhouse.

------
nebulous1
I missed this verifications.io story and it appears that my personal email
address was in the breach. Is there any way of knowing whether or not other
data was associated with my listing? DOB etc.

------
Calib3r
It pains me to see how many posters on this thread are not aware of the
leakedsource (.ru, .co, etc.) websites that show the exact thing HIBP shows,
except with a much higher fidelity.

------
runjake
Good luck to Troy. The money would be really good, but hopefully for the rest
of us, he doesn't sell to Cisco.

Or Oracle, or any other mega corps that buy and nerf the usefulness of the
product.

------
dheera
I came here hoping it was something about Svalbard. I went there a couple
years ago in the dead of winter. It's an amazing place.

~~~
Ayesh
Tell us more! I'm planning for a longyearbien/svalbard trip towards the end of
this year or summer next year.

~~~
dheera
Sure, what do you want to know?

I went in the dead of winter, so might be a little different from what you
might experience in summer.
[https://www.facebook.com/dheera/media_set?set=a.101010917929...](https://www.facebook.com/dheera/media_set?set=a.10101091792964948&type=3)

------
ComodoHacker
I wish you luck, Troy! Just don't sell it to some data mining/ad company.

------
yhoiseth
Maybe relevant for Stripe? Based on their acquisition of Indie Hackers, it
seems like they’re adept at this kind of acquisition. And online security
contributes to their goal of increasing “the GDP of the internet.“

------
therealdrag0
So many people saying the value of HIBP is the trust in Troy Hunt. But surely
I'm not the only one that has used the service for years (and shared it with
friends) without knowing anything about Troy Hunt...

~~~
TimTheTinker
Social credit and trust has a way of naturally propagating. Trust, beliefs,
even world views are more often "caught" than deliberately and carefully
chosen -- to the detriment of many. All it takes is a few liars with the
appearance of trustworthiness to spread false beliefs very widely.

Note, my comment is _not_ about Troy. Security-wise, I think the trust he
carries is well-deserved.

------
elamje
Troy is an awesome guy and I’m really happy that HIBP is outgrowing him to get
more support, datasets, and features.

I hope Have I Been Pwned goes to the right people and they do an even better
job at moving it forward! Kudos Troy

------
twayback
Guys whats the fuss about -- its just a stupid database - anyone can make this
by scraping hacker spoil dumps available on the internet.

------
ThinkBeat
I hope that other companies will still be able to query to the database for
free. 1Password does it now and I like it.

------
pbhjpbhj
tl;dr

He's realised he's the single point of failure, can't do it all himself, wants
to balance work & family. Doesn't want the work/cost of hiring people and
making a business.

So, he's preparing to sell it and there's a wishlist of what he'd like the new
owner to do.

Did I get it all?

~~~
jsmeaton
Also he’ll stay on as part of the package.

------
ddffre
His blog is really good, I have enjoyed reading his other posts as well.

------
jedberg
TL;DR: Have I Been Pwned is for sale and is being renamed Project Svalbard.
Troy is looking for buyers that will keep the service free, and he'll go work
with the buyer.

~~~
shedside
AIUI, “Project Svalbard” is the name of the project to find a new home for
HIBP. The actual service isn’t being renamed (yet).

~~~
GordonS
It is indeed common to have a "project name" when buying/selling a company -
but in my experience that has always been largely for reasons of secrecy, so
it is a bit odd in this case.

------
giorgioz
wasn't HIBP going to a B2B SaaS that you hook up at signup to forbid users to
signup with an email/password combination that has already been leaked? I'm a
SaaS owner, I would pay for that.

------
ga-vu
So why was the owner of LeakedSource arrested and charged, and this guy isn't?

He did the same thing. Only instead of selling to hackers, he sold our hacked
data to companies and governments.

~~~
TheHypnotist
Does HIBP sell the raw data?

~~~
Ajedi32
Nope. Though I suppose if HIBP itself were acquired, that would presumably
include the raw data?

------
twayback
How is making money from stolen data legal? My email address is in the
database and I never consented to it. Is there no legal repercussion?

------
brightball
Best of luck Troy and keep up the good work!

------
AngeloAnolin
I understand why Troy is doing this. Security is a big and a complex endeavor
and having majority of the stuff done by himself alone is taking a toll.

One option that Troy could have done is to spin up a team / small company that
would continue this project - with full control and guidance under his
direction. That way, the trust that he has built from everyone at the
community will be carried forward as the project progresses and matures
further.

This will also allow visibility and transparency knowing that the people who
would be working on this project will have access to him and everyone is on
board on the direction moving forward.

Lots of companies / venture capitalists would be willing to support this cause
which could provide the financing the project will need to be sustained and
grow further.

------
skc
He's still a Microsoft employee is he not?

Wonder if he couldn't just bring it in-house?

~~~
ptman
When has he ever worked for Microsoft?
[https://www.linkedin.com/in/troyhunt/](https://www.linkedin.com/in/troyhunt/)

[https://www.troyhunt.com/microsoft-regional-
director/](https://www.troyhunt.com/microsoft-regional-director/) \- "I’m not
going to work for Microsoft and despite the title of “Microsoft Regional
Director”, I’m no more an employee than what I was (and still am) an MVP"

~~~
skc
Ahh, the title has always thrown me off.

------
parliament32
Summary: Troy is bored so he's selling out. Great.

~~~
paranoidrobot
I don't think it's fair to call someone who's clearly stressed and close to
burnout 'bored'.

------
sschueller
Can we move the project into a blockchain and run it on IPFS?

EDIT: Serious question, generate hashes out of the leaked logins, store them
in a blockchain and provide an interface for lookup via IPFS. Those
credentials are considered burned anyway so storing them for ever in a
blockchain won't matter.

Being in a blockchain anyone can access the data and use them for example on a
registration page.

~~~
GordonS
What value would a blockchain add here over a database?

~~~
t0liman
A breach-monitoring service could act as a data washing service, sic.

Especially if privatized.

Blockchain is Very overrated, but it could be useful in keeping data "safe"
where the temptation would exist to index or obscure results. Especially where
data collection and censoring / disclosure has value to certain markets, i.e.
Timed/rated or delayed disclosure, sic.

IDK, it's not impossible, but it's not my wheelhouse either.

I don't see any reuse or value to old databases and hashes being public, so
it's missing that purpose to exist or be used/shared. Like a lot of blockchain
is. It's not enough to exist, it has to be shared and kept alive. I suppose.

Still, If you look at the way AV and user security is handled, there are
potential vectors to prevent or anticipate, especially if the process of
disclosure is censored or segregated.

Perhaps also if they proactively lean towards purges or spontaneous negative
actions, in order to obscure their intent or actual content / behavior.

HIBP relies on disclosure, and if it were woven into a typical service
structure, there would be a temptation to "alleviate" the workload for
customers, offering to "feed the beast" with positive results and competitive,
defensive tactics against 3rd parties offering a similar product.

Which could segment the disclosure process, so that you would have multiple
options, much the way that AV and Malware is handled.

And now you have the same failures as AV and Malware being segmented domains.

The probability of a corporation being incentivized to airbrush a 3rd party
listing in a semi-corporate "index" or offering "alternatives" to anxious,
very large corporations to disclosure or remediation. Especially if they deal
with financial or legal data, or specific disclosure requirements.

And have problems with timely disclosure, or any disclosure.

Imagine if a clearing house for disclosure existed as a Symantec or Kaspersky
"Subscription", with tiers of access and disclosure prevention for corporate
members, wrapped up in a daily routine app, such as a 2FA/Password manager.

So that a disclosure would be made silently by the subscription service,
without disclosing details, or the level of breach, etc. The accounts or
corporations breached, would just have their entire client accounts auto-reset
and the updated password would be applied to your password manager within a
batch process without the user(s), the press, the security agencies, or the
hacker(s) being notified.

That, instead of revealing the time period, the hashes of usernames &
passwords, or the name of the user, or their IDs, it would just be rotated on
a regular basis, and invisibly managed.

Its a concept with some value, ie "paranoid" security features as a service,
to prevent or anticipate disaster, sic. But handled via a handshake type batch
process of cycling password management.

But this also has potential for occlusion and obfuscation, especially in
examples where the breach would be a crime, or need to be disclosed to
federal/state/police agencies, etc.

Thankfully, most security policy would prevent this kind of amorphous
takeover, but for small businesses and large businesses, having access
security taken away and handled by 3rd parties, for convenience, is
inevitable.

