
The Secret Life of Passwords - r0h1n
http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html
======
seanieb
Whats terrifying is that they are referring to "their password" and not their
password _s_.

Password reuse is much worse that having a weak password. Hackers only brute
force high value targets, everyone else should just aim to have unique
passwords for every service they use.

However, the average person can only remember 5-10 unique passwords and they
have many many accounts...password reuse. For the average person password
managers aren't an option for normal people, so we have a big problem.

~~~
kijin
> _For the average person password managers aren 't an option_

Why not?

Every major browser in its default configuration offers to remember your
passwords, and some will even offer to sync them across all your devices.

The only thing that's missing is an offer to generate random passwords
automatically, for which you currently need an add-on/extension. But even
without that ability, the browser is already a pretty decent password manager.

~~~
crazygringo
Because it breaks ALL the time.

On plenty of sites, Chrome/FF/IE/etc. will fail to recognize a user or
password field. They'll often fail to recognize them at account creation.
Sometimes you'll need multiple accounts on a single domain, which Chrome can't
handle (for example). I could go on and on...

Browsers remember passwords as a mere convenience, when it happens to work.
They are in no way "proper" password managers, which are encrypted with a
master password, can be exported and backed up, handle multiple accounts,
etc...

~~~
kijin
Good point.

But since some of the best password managers are already open source, I wonder
what's preventing browser vendors from integrating at least some of the
functionality. A good password manager not only helps contain the damage of
leaked passwords, but also does a very good job at protecting users from
phishing attacks at similar-looking domains.

All the browsers have been pretty stagnant on this front for the last few
years. I suspect they've been hoping that everyone will move to an SSO
platform in which the browser vendors themselves have a vested interest
(Mozilla Persona, Google account, Microsoft account).

------
john_b
> _" Cantor Fitzgerald did have extensive contingency plans in place,
> including a requirement that all employees tell their work passwords to four
> nearby colleagues."_

This baffles my mind. Is this common practice in finance? What would stop a
malicious actor from impersonating someone whose password they knew? Even if
these passwords aren't tied to someone's identity in any way, they presumably
exist to secure sensitive data and/or systems, but then they're shared with
officemates like Dilbert comics?

~~~
ryan-c
Secret sharing systems are a good solution to this.

I wrote a basic command line only one[1] a few years ago, but command line UI
doesn't really make for "usable by everyone". It would be nice if there were
something like this that had a good UI.

1\.
[https://github.com/ryancdotorg/threshcrypt](https://github.com/ryancdotorg/threshcrypt)

~~~
pwnna
For the purpose at hand, having some secrets accessible by multiple parties
without sharing the same password comes in handy[1]. I'm surprised that this
is not a feature of a lot of software that relies on encryption with keys
based on passphrases.

[1]: example:
[https://code.google.com/p/cryptsetup/](https://code.google.com/p/cryptsetup/).
I believe that the way it works is it encrypts the actual decryption key for
data with keys derived from passphrases multiple times, so any one of the
those passphrases can decrypt the key, which then can access the data.

------
zarify
Well I guess talking to people and telling them you're writing an article
about "The Secret Life of Passwords" is more novel than giving them a call
pretending to be from their bank or telco.

I dearly hope that those people who actually told passwords to the author were
either no longer using them or immediately changed them to something better on
reflection of just how terrible they were. My mother kept a door from her
parents' first house (which they built after emigrating after WW2) for
sentimental reasons, that doesn't mean she relied on the old antique lock to
secure her current house.

------
comrh
If someone from my loved one's job called me 24 hours after they were killed
in a horrific terrorist attack to talk about passwords I don't think I would
be able to contain my vitriol.

~~~
gumby
If someone from my loved one's (and family's sole breadwinner's) job called me
24 hours after they were killed in a horrific terrorist attack to talk about
passwords because the company was in a crisis I think I would be relieved that
someone was working to make sure I could continue to feed my kids while I
figured out what to do next.

And if you see how Cantor Fitzgerald treated its employees and their families
in the wake of that crisis, you'd see that helping them was the right thing.

The banking industry may have metastasized from a service industry to a giant
vampire squid, but that doesn't mean _every_ company turned into slimy blood-
sucking leeches.

(And maybe C-F were heartless leeches before the attack and reformed due to
their literal near-death experience -- I really paid little attention to them
until that day. But they are famous for how they responded and rebuilt the
business).

~~~
comrh
I'm a little confused how them getting their passwords help feed your kids
after the employee is gone. I think what they did afterwards was definitely
great, but that doesn't change my opinion that if that happened to me some
passwords would be the last thing I would want to talk about.

Money, finance, jobs, passwords, it all seems so pointless when I think of it
against that loss.

~~~
gumby
CF had most of their people based in the WTC. The majority of them were sole
earners in the family -- they had kids in school, spouses (typically wives)
who didn't work, etc. By all rights the company should have evaporated that
day. Instead they rebuilt it. OK great, it's just some company and it
survived.

What made the story famous was the fact that the company went out of its way
to support the families of its dead staff even when the company itself was in
the middle of an existential crisis. And it has continued to be somewhat of a
"good guy" (as much as you can say that about someone in that business). I am
sure there's a lot of PR spin, of course, but I watched this happen in the
news when they appeared to be struggling pretty hard and were not managing
their PR at all. They tried cutting off the survivors but got hammered (and
probably needed that password help!). Most companies just let their insurance
deal with the dead employees' families.

(Hmm, by doing a quick search of "cantor fitzgerald 9/11" I see that they were
indeed utter assholes before the event.)

Of course they've had a chance to burnish their image since then.

~~~
mikeash
While that is quite generous of them, I feel I should point out that if they
really felt that way about their employees' families, they could have
accomplished the same goal without tying it to the continued survival of the
company by buying good life insurance for all of their employees. They'd have
to have made sure to get a policy without a terrorism exemption, but given
that their offices were in a building that had already been attacked once that
doesn't seem like a stretch.

It may have turned out well here, but you really _don 't_ want to tie together
things like "the company survives" and "grieving widows continue to eat". And
not just because it may involve things like calling up relatives of the
deceased to ply them for passwords while the bodies are still warm.

------
towelguy
Couldn't they just access the data directly from the databases?

Something they couldn't access then. Are they talking about passwords for 3rd
party services? Or perhaps passwords for encrypted hard drives?

~~~
mlrtime
Imaging your entire IT department being wiped out instantly overnight,
managers included. How quickly would it take you to restore access to your
infrastructure?

------
iamleppert
What is wrong with these companies that they are having to brute force
passwords?

Passwords to business-critical systems should be stored in a safe, in an off-
site location (preferably multiple offsite locations).

~~~
varikin
Like their offsite location in the other tower that was also destroyed? I
don't mean to say you are wrong, but many times contingency plans rarely
consider such devastating circumstances. Once heard a rumor that a large
defense contractor had a backup plan that included flying disk drives from one
coast to the other to safe guard against nuclear strikes on either coast or
both by having a day old backup in the air. Do you have a plan for nuclear
strikes on both coasts?

~~~
mey
I've considered it, but it really comes down to what the business needs. Does
the business need to continue to operate in the face of a nuclear winter? The
government sure, but most day-day operations of a retail chain would be out
the window at that point.

Taking this to another extreme, does a DR plan need to account for the earth
no longer being viable? Do you need system/data backups in space?

------
ddebernardy
> "Even in America, old habits, like his KGB-induced skepticism of the police
> lingered."

[Cough]. _Even_ in America? More like especially nowadays, no?

Beautifully written piece, otherwise.

~~~
dredmorbius
See Greenwald's recent (past day or so) _Intercept_ piece on trust in the US
since Snowden, worldwide.

Massive declines.

~~~
ddebernardy
I'd imagine so, yeah. It's hardly a new trend though. There also was a massive
decline when George W Bush decided to head to Irak. And before that, there was
enough mistrust -- indeed hatred -- in US policy to prompt nutjobs to conduct
9/11.

------
hammock
Side comment about the web design- very cool and clear way of integrating
audiovisual stories into the article. Lots of people try to find novel ways to
share interviews/first-person accounts that they've recorded, with mixed
results. This piece strikes me as best in class.

------
qq66
Will Fitzsimons had better change his debit card password immediately.

------
nly
I found the part about passwords being personal mementos quite charming. I
hope I'm not the only one.

Does anyone feel like sharing?

~~~
divegeek
Sure, I will. I just retired this little gem, after six months of faithful
service: ahbag6uWXa0aj0ee

Ahh, the memories.

------
hlfcoding
Goes to show 'password' is a total misnomer that encourages bad security
practice.

------
akkartik
I didn't realize lambda was a motif in gay culture too. Makes me love it even
more.

------
danielweber
I like the mouse-over effects here. They aren't obtrusive, messing with the
normal functioning of a webpage.

