The Password Proposition

With the digital revolution and a world-wide economy and high-tech communications system comes a world in which more and more can be destroyed, ransomed, or stolen electronically. With an ever-greater proportion of our lives, our privacy, and our assets susceptible to hacking and electronic theft comes an almost insatiable need for passwords, and that means “strong” passwords, using upper and lower-case letters, numbers, and even a symbol or two. By the way, don’t use the same password twice, or any combination that’s easy for you to remember, because that makes it easier for the hacker.

My digital presence is likely moderate. I don’t do Facebook, Instagram, Snapchat, or a host of other applications. There’s the website, email, and a “few” other applications… except those few applications actually added up to another dozen… and I probably forgot a few that I seldom use. And that means fourteen unique passwords that need to be changed regularly. Right now, certain applications I regularly have to try twice, because I inadvertently type the old password, or some combination.

Because of the requirements of her job, my wife likely has twice as many passwords to remember, or write down in a hidden place. I have trouble with fourteen. I can’t imagine twice that amount. Now, I notice that at least one internet company is now offering password management and protection services, which will require most certainly just one password to access all the others, but what if the company gets hacked?

Years ago, I read a science fiction story where all the knowledge of the world was basically stored in a very secure computer but small installation, surrounded by thousands of indices needed to access it…and everything in the world crashed because access was lost. Now, that’s an oversimplification because we’ll always have hundreds if not thousands of knowledge databases… BUT…there will only be a handful monitoring the electric power grid, the New York Stock Exchange, even the computers monitoring municipal water and sewage systems… and has everyone forgotten how three tiny computer glitches in the past two years resulted in thousands of flight delays and cancelations by United Airlines, Delta Airlines, and British Airways?

What tends to get overlooked is that any password, security system or the like designed either by people or computers falls, at least theoretically, into two categories, one so secure no one can access it, or one that is at best semi-secure, where people and computers with high abilities can break in, regardless of the security. The first kind is fine until it needs to be fixed, updated, and then everything crashes. The second will always be hacked.

But, for the sake of profit and convenience, we want everything computerized, that is, until our identity is the one stolen, our company data is the data stolen or ransomwared, or our bank account the one drained.

In the meantime, be very careful with your construction of passwords, and be aware that, even if you are, computer security is still a form of Russian roulette, just with odds much more in your favor than one bullet in six being fatal. The downside of this is that when you are hacked, especially in some extreme cases, you’ll likely be so exasperated and furious that you may want to kill someone – except you’ll never be able to physically reach whoever did it, which is exactly why computer crime is soaring and will continue to do so.

4 thoughts on “The Password Proposition”

  1. JakeB says:

    Only one note: it’s been shown that the entropy of 4 random English words is significantly higher than that of say 10 random characters . . . longer passwords, but easier to remember, and possibly entertaining.

    1. R. Hamilton says:

      I think that only works if the system picks the passphrase for you (perhaps letting you reject the first couple of combinations if they’re somehow problematic or objectionable); and of course it depends on the size of the dictionary from which the words are chosen. Otherwise, the passphrase would be similar to weak passwords (obvious if you know something about the person, and a small enough set to be subject to brute force fairly often). A dictionary of 50,000 words should be sufficient – limiting proper names to well-known places or historical (but perhaps not religious) figures more than a couple centuries old (no need to upset the users), and generally avoiding other provocative words.

      I used a system with such a mechanism (but a five word phrase) last perhaps 25 years or more ago…and I still remember my last passphrase, after not having used it for that long. 🙂

      However, it may have helped that I was only using one such system, with all others using conventional passwords (if with some minimum requirements of length and/or diverse characters); OTOH, I’ve always had to deal with dozens of passwords, and almost never had a problem remembering them, as long as I used them reasonably often; and could always keep them in a reputable password manager (or just a well-encrypted file, using something memorable but strong as the key), to deal with the ones I rarely used.

  2. Daze says:

    A quick look at Keychain Access on this iMac shows that it has a total of 637 separate passwords recorded. It is fair to say that there is quite a lot of overlap between them, and that I probably couldn’t remember more than a few without the Keychain storage.

    Yesterday I tried to get a quotation for home insurance. My bank, which already requires three separate number and codewords, plus two-factor authorisation for some functions, required me to create a completely new one-time strong password before I could save my half-completed proposal form while I went to check something. Now it says that I don’t know the right password. It would seem they’re determined to force me to go and buy from someone else!

  3. AaronC says:

    Please consider using a local password manager to store your passwords. This is a local program which stores your passwords in a file encrypted with a master password.

    The idea is that if you trust the encryption, you only need to remember one strong password for the password manager. You keep this file on your computer encrypted, unlock when you need to access a password, then lock it again. Remember to make a backup of the file!

    I use this one: http://keepass.info/ , it’s free and open source.

Leave a Reply

Your email address will not be published.