So since I still can’t blog about the stuff I want to blog about, I’ve decided to post some thoughts on a recent news article I stumbled across.
Sony and Adobe are among the most recent multinational companies to suffer security leakage on a large scale. Whether from vengeful hacking or poor security practices, the personal data of millions is floating out there somewhere for anyone to use or misuse. Aside from credit card information and addresses, affected users were understandably upset and concerned about their passwords being compromised. Why? Well, as we have recently learned, because most people use the same password for everything.
The only positive way to look at these recent security breaches is as a learning experience- not only in terms of how to build a more secure site, but also in that they provide insight into how humans interact with machines at their most intimate moment of trust. Humans, as it turns out, are extraordinarily predictable and lazy. Or are we?
This morning, Kotaku reported on the results of the Adobe hack last October. Analysis of the released password data has resulted in some interesting modalities. The top 5 Adobe passwords are reportedly the following:
If you have ever worked in IT, you probably could have predicted these results. They are common. We know they are common. We know they are easy to guess, and yet, we still use them. Why? Well, some have proposed it is because we are lazy. We either mash numbers, look around our desk for inspiration, pick the name of a pet, or even the colour of the website’s logo. Quite predictable behaviours which result in predictable passwords. The security expert interviewed by the BBC, Per Thorsheim, claims people pick such predictable passwords that ‘brute forcing’- using a computer to run through every possible character combination to crack a password- is more inefficient than just guessing!
Even more interesting is the frustration expressed on the internet when users have been confronted with new protocols. In an attempt to save us from ourselves, new password fields often require a combination of letters, symbols, and numbers. To this the general internet has reacted with exasperation, as evidenced by memes:
Although most of us likely relate to the above images and think of passwords as an annoying-but-necessary hurdle to overcome, they also represent something more. They are an artefact of an extremely personal and private moment shared between human and computer. Although it may be used to protect secrets, passwords are also a type of secret in and of themselves. But if this is the case, why don’t we take their creation more seriously?
A quick Google search reveals the word ‘password’ is defined as:
- a secret word or phrase that must be used to gain admission to a place.
- Leaning into the door of a prohibition-era Chicago speakeasy and whispering a word to gain entry into an gin-soaked basement…
- Giving a special handshake which, if the receiver is in the know, will demonstrate membership in the Stone Masons…
- Twisting a combination lock to three numbers in a sequential order to access the goods inside a safe…
- Knowing the which stone door to approach and the correct phrase to say in Skyrim to gain entry to the Dark Brotherhood…
How can you hack a person? You can often save loads of time by simply asking for the information you want (ie. passwords, access, etc), rather than hacking in via a computer.
- an inconvenient and prohibitive barrier
- a semoitic identification for social groupings
- a means to gain access to a place
- a type of secretive play
Considering these modalities, is it really so shocking that our passwords seem to coalesce around simple and familiar themes? It is almost as though we want to share them.