What’s your password?

So since I still can’t blog about the stuff I want to blog about, I’ve decided to post some thoughts on a recent news article I stumbled across.

Sony and Adobe are among the most recent multinational companies to suffer security leakage on a large scale. Whether from vengeful hacking or poor security practices, the personal data of millions is floating out there somewhere for anyone to use or misuse. Aside from credit card information and addresses, affected users were understandably upset and concerned about their passwords being compromised. Why? Well, as we have recently learned, because most people use the same password for everything.

The only positive way to look at these recent security breaches is as a learning experience- not only in terms of how to build a more secure site, but also in that they provide insight into how humans interact with machines at their most intimate moment of trust. Humans, as it turns out, are extraordinarily predictable and lazy. Or are we?

This morning, Kotaku reported on the results of the Adobe hack last October. Analysis of the released password data has resulted in some interesting modalities. The top 5 Adobe passwords are reportedly the following:

  1. 123456 
  2.  password
  3. 12345678 
  4. qwerty
  5. abc123 

If you have ever worked in IT, you probably could have predicted these results. They are common. We know they are common. We know they are easy to guess, and yet, we still use them. Why? Well, some have proposed it is because we are lazy. We either mash numbers, look around our desk for inspiration, pick the name of a pet, or even the colour of the website’s logo. Quite predictable behaviours which result in predictable passwords. The security expert interviewed by the BBC, Per Thorsheim, claims people pick such predictable passwords that ‘brute forcing’- using a computer to run through every possible character combination to crack a password- is more inefficient than just guessing!

Even more interesting is the frustration expressed on the internet when users have been confronted with new protocols. In an attempt to save us from ourselves, new password fields often require a combination of letters, symbols, and numbers. To this the general internet has reacted with exasperation, as evidenced by memes:

Although most of us likely relate to the above images and think of passwords as an annoying-but-necessary hurdle to overcome, they also represent something more. They are an artefact of an extremely personal and private moment shared between human and computer. Although it may be used to protect secrets, passwords are also a type of secret in and of themselves. But if this is the case, why don’t we take their creation more seriously?

A quick Google search reveals the word ‘password’ is defined as:

password
ˈpɑːswəːd/
noun
  1. a secret word or phrase that must be used to gain admission to a place.
Interesting that the online definition still makes reference to an offline context. Of course ‘place’ is generic enough to refer to a cyber/virtual location just as easily as a physical/’real’ world locale, but it calls up imagery of the passwords of olde.
  • Leaning into the door of a prohibition-era Chicago speakeasy and whispering a word to gain entry into an gin-soaked basement…
  • Giving a special handshake which, if the receiver is in the know, will demonstrate membership in the Stone Masons…
  • Twisting a combination lock to three numbers in a sequential order to access the goods inside a safe…
  • Knowing the which stone door to approach and the correct phrase to say in Skyrim to gain entry to the Dark Brotherhood…
These are all forms of passwords- all secrets passed down and on through shared communication. And each of these example passwords allow access to even more secrets through their ability to serve as identifying markers of members of a community. When we reflect on the origin of passwords, and their contemporary use in anachronistic fantasy role playing games today, we notice they are usually shared and a part of- or barrier of access to- social groupings.
In some cases they are shared to be social- speakeasies need customers. Sometimes they are shared for practical reasons- secret orders need members. In other cases, they are shared as a type of additional security measure. If the code to a lock is forgotten, knowing someone with the combination is useful for retrieving goods without damaging property. Still, other times passwords are shared as a type of play with the secret and mysterious. And actually I (and Huizinga, probably) would argue that there is an element of play present in most uses of passwords for the secret and mysterious. I’ve seen it argued that there is also an element of playfulness within hacking communities, but I won’t get into that discussion here.
So are passwords so predictable because people are lazy? Maybe. Or maybe they are so predictable because, as social animals, we want to share them. Years ago I owned a t-shirt from J!NX which said “Social Engineering Specialist” on the front. I liked the shirt because it married my love of social behavioural science with technology. Additionally, the shirt’s description on the website mirrored my own experience. It reads:
 How can you hack a person? You can often save loads of time by simply asking for the information you want (ie. passwords, access, etc), rather than hacking in via a computer.
My personal experience has found this to be the case. Not that I have ever abused this privilege, but I am often shocked at just how eager and willing people are to give up their passwords. This experience, along with the current news articles popping up, is what got me thinking…
Passwords represent a convergence of intimate human-computer interaction and also an aspect of human social interaction. Passwords allow us to not only experience technology, but also to experience each other and connect to secret and mysterious groups (which can surround themselves with play- to bastardise Huizinga). Passwords, in my view, can be:
  • an inconvenient and prohibitive barrier
  • a semoitic identification for social groupings
  • a means to gain access to a place
  • a type of secretive play

Considering these modalities, is it really so shocking that our passwords seem to coalesce around simple and familiar themes? It is almost as though we want to share them.

Until next time,
Ashley
PS Yes I am still obsessed with Skyrim. I finally got all 24 Stones of Barenziah over the weekend.

The Blog About Not Being Able to Blog

Well, whilst I’m having technical issues, I thought I’d take the opportunity to blog. Only I can’t.

No, it isn’t due to a lack of inspiration. I am filled to bursting with ideas for future research projects and witty observations- at least I think they’re witty, but I’ve had less than 5 hours sleep and 3 cans of energy drink- but I can’t talk about any of them. Not even in an abstract, academic way which isn’t for profit. The NDA, which I (ironically enough) can’t link you to or quote because of specifications within said NDA, prevents me from writing anything.

So why write at all? Good question.

I suppose I should take this opportunity to buy more energy drinks and cook up some taquitos.

Until I can say more,

Ashley

Update: I felt like I short changed you a bit with this post, so to make up for lack of content, have a picture of my freshly re-heated taquitos.

taquitos

Why yes, I am using kitchen roll as a plate. Oh, like you haven’t done it…

Beta Test

What better way to test my blogging skills than by starting with a blog about beta tests?

If you have any sort of presence on social media and enjoy videogames, it is very likely you have recently been bombarded by hundreds of tweets and status updates from people who have been invited to beta test a new MMO. I, obnoxiously, am one of those people. Unfortunately, due to the nondisclosure agreement I signed when I agreed to the test, I can’t mention the name of the game (but I am sure you can figure it out anyway). This post isn’t about the game, luckily, or else I wouldn’t have very much I could talk about. Instead, this post is about the importance of beta testing as a facet of videogame culture.

As most of you will hopefully know, beta testing is a type of testing in which a piece of software, such as a videogame, is released to select members of the public outside the development studio to test for bugs. Other things can also be tested for, such as satisfaction of shareholders, functionality of promised product specifications, stress testing servers and viability of marketing strategies. Actually, it has become a marketing strategy in and of itself with many MMOs offering beta tests to anyone who preorders the game. (This has come under heavy criticism for obvious reasons.) But I digress… The main purpose of this post is to talk about the social functionality of a beta test and what it means for fans and researchers.

Opening your inbox and sifting through junk mail to find a beta invite is a little bit like Charlie unwrapping the chocolate bar to find the golden ticket. You have been chosen. You are special. You get to come to the front of the queue and see everything before anyone else… And you get bragging rights. This is precisely why it is such a good marketing strategy. It builds brand loyalty and exclusivity before the product is even on the shelves.

It is also an event- a spectacle to behold. When I get invited to a beta weekend, my entire life is restructured. I go grocery shopping to stock up on ready meals, cancel plans with friends, and- perhaps most extreme- rearrange my sleep pattern. Since most betas launch Friday evenings in the USA, that’s quite late for the UK. To account for this, I will stay up ridiculously late the night before, sleep in and nap during the day, and have a stockpile of caffeine at the ready to play through the night. I change my biological clock to meet the schedule of a game developer half a world away to, essentially, give them free labour. It’s insane, I know.

However, as game researchers, I feel that some of us should go to rather extreme lengths to partake, observe, and experience what a beta opening is. The last time I had the opportunity to be on the front lines of a beta was for Diablo III on 15 May 2012. I, like many others, experienced a terrible server error which meant I couldn’t log in to the game straight away. Looking up the solution to mysterious error code 33 sent me to Blizzard’s forums. There I discovered I wasn’t the only one experiencing this frustration.

diabloerrorsanon

I took screenshots (and later anonymised them) to have a record of how players were reacting to the servers being down. The above image is an example of the typical responses I witnessed. From snarky posts gloating over the fact some people got in straight away to legitimate statements and questions about current server conditions to rage posts directed at the developer, I was rather amused how some players turned the server error into a play activity in and of itself. The bragging and back-and-forth rage between players became an antagonistic sort of play. I’m tempted to code these player responses into modalities to see if it tells us more about community reactions under stress. I mean, in multiple ways the Diablo III beta was a stress test for servers and people.

But perhaps I will have to do that later. For now, I need to go grocery shopping and stock up on ready meals. It is almost time to join the hordes of other testers on the field of battle to charge through the game’s gates for glory and bragging rights.

See you in a week,

Ashley