[Cryptography] Cost of remembering a password

Phillip Hallam-Baker phill at hallambaker.com
Sat Aug 16 14:47:21 EDT 2014


On Sat, Aug 16, 2014 at 12:18 PM, Bear <bear at sonic.net> wrote:
> On Sat, 2014-08-16 at 11:38 +0000, Michael Kjörling wrote:
>
>> Given how many people end up with passwords like "password1",
>> "12345678" and so on, I think it isn't as much _passwords_ that need
>> to be dealt with as password manager integration. All major web
>> browsers for example have the ability to locally store passwords used
>> (whether or not it's secure is a different matter and also depends a
>> lot on the user's chosen master password/passphrase), but what is
>> lacking is a _user friendly_, fully integrated, enabled by default
>> means to automatically generate and store secure passwords, and with
>> today's proliferation of different types of devices share passwords
>> between e.g. a desktop computer, a smartphone and a tablet.
>
> Whatever your password manager runs on, is a trusted system -
> ie, one whose compromise could absolutely destroy your security.
> And if it is a conventional system running software, then it
> is running something invisible and modifiable which I cannot
> fully inspect, ie, it is not trustworthy.
>
> We must never create trusted systems which are not trustworthy.

Wrong.

That is bad security thinking. The objective is to make things more
secure. And the baseline is passwords that we know are insecure.
Telling people that the alternative to their ox-cart is a Mercedes
does not help.

Most uses of passwords do not require any security at all. I would be
very happy to tell you my nytimes password if I hadn't used it at 50
other Web sites because I don't care about the security of the NYT's
assets, its the NYT that is bothered, not me. So transferring costs to
me is kind of stupid because I'm not the one interested in the
security.


The point I am trying to raise here is that passwords do impose costs
even if they are hidden ones.


Most people have resorted to some sort of password manager for the
passwords they don't care much about. Rather than thinking of these as
competitors to secure, public key techniques, lets embrace them as a
transition strategy.


More information about the cryptography mailing list