Security: October 2007 Archives
Here's yet another article on some site which had thousands of passwords broken.
Unfortunately, technical bloggers casually toss out warnings like that and indicate out stupid users are, without providing any solutions. I mean be reasonable. Over the years I've managed to accumulate passwords to hundreds of sites—how on earth could I manage to keep track of them if every one of them was different?
I'm glad you asked.
Once upon a time I had a two-password model. A “secure” password for sites I trusted, and an “insecure” one for sites that I had less confidence in. There are a couple problems with that, but the biggest one is simply that it's impossible to predict who's going to get broken into next. So let's just forget that idea.
There are two simple solutions out there to this problem. One commercia. One free. Both have slight drawbacks, so you'll need to pick the best fit for you. But either one is better than doing it yourself.
The commercial solution is a product which generates passwords (and fills in web forms) for you. I use a product called “1Passwd”, which runs on the Mac, but there are others (on the Mac and PC). (Feel free to put some references to them in the comments.) 1Passwd generates passwords for every site I visit, and it can remember everything I enter in any form. When I visit a site, I simply hit a hot key and it fills in the password. I don't even need to know what it is. So long as I keep my computer secure (1Passwd stores its password in the Mac's KeyChain, which is locked with my login password), my passwords are secure. And because they are randomized, long, and complex, they aren't likely to get broken by a normal password breaker. And if they are, they don't expose my information on any other site—because every site has a different password.
The drawback to a password generator is that you're pretty much up a creek if you don't have your computer with you. (And you'd certainly better back up your passwords!). Most products have versions for Palm and other handheld devices, and ways to export or print the information. And if you do have to type in your password on some other machine, it's going to be a pain (especially if you're on an iPhone or Treo or some such).
The second solution is far simpler, and more portable. It's called SuperGenPass. It creates a bookmarklet (a small javascript bookmark that you drag to your browser's bookmark area). When you go to a site where you need to generate (or enter) a password, it popups a window prompting you for a master “password”. That password is the same all the time, and it's never stored anywhere—only you know it. It uses that password, in combination with the domain of the site, to generate a pseudo-random password, which it then inserts into the form. If it can't figure out where in the form to put it, it tells it to you instead. This works really easily, the bookmarklet can be installed on just about any browser (including Safari on the iPhone and iPod/Touch). Your master password can be simple and easy to remember—the quality of the final password doesn't depend on the quality of the master password. And if you're on the road without your computer, you can go back to the SuperGenPass site and quickly generate a new bookmarklet.
There are a couple weaknesses to this solution. First, if someone happens to see you type the master password, you've basically given them access to every site you use. Secondly, if the site moves to a new domain you'll need to go to the old domain, have it generate the old password, go back to the new domain, paste it in—because passwords are generating using the domain part of the URL. Thirdly, if you ever have to change your password (as I did, for instance, when Second Life has a security breach) you'll have to use a different master password, and remember that you need to use that particular master password on that particular site. Not the end of the world, but keep it in mind.
Which is the right solution? It's really up to you. How secure is your computer? Are you using shared machines a lot? SuperGenPass might be the best solution. Do you want a really secure password repository, where you can easily change passwords, and you usually access things from your desktop? Then maybe 1Passwd is the right solution. And of course, the two systems aren't incompatible. You can always use SuperGenPass to generate the passwords, and let 1Passwd remember them.
But my final advice is simple. *Don't* hand generate passwords. *Don't* use the same password on multiple sites. There are solutions out there, they are simple, cheap, and effective. Use them.
Technorati Tags: iphone, passwords, privacy, security, social, technology
Over on the The iPhone Dev Wiki you can find the Talk:Decrypt 1.1.1 wiki page. This is the core information repository1 for the effort to “jailbreak”2 the iPhone 1.1.1 software release.
Wiki Talk pages like this are fascinating even if you can't follow the technical details. They are as much a social phenomenon as a technical one. They are both a document and a set of conversations. The conversations branch in different directions. Over time it becomes clear which branches are bearing fruit and which are not. The dead branches are pruned, the fruit-bearing branches are categorized and given structure. The result is a conversation, a history of the process, and a knowledge repository for continued research—all rolled into a single web page.
There are lots of “new” tools on the internet which turn out to simply be modern ways of doing things that have been done before; but Wiki Talk pages like this seem to have very few precedents. A group of researchers in the past might have collaborated via mail (paper or electronic) and then assembled a document; but this is something different. Not only is it an incredibly faster process, but it has an almost evolutionary growth pattern. It also has an aspect that is lacking from prior research methods—a significant lack of ego. Certainly the change histories indicate who said what, but for the most part the primary document is devoid of signatures. The text is anonymous—a true group collaboration in which the final text is that which survives on the basis of consensus and factual importance.
Finally, there's the matter of who is involved in the collaboration. This is research being done publicly, in the light of the day. For every person contributing to the page, there are hundreds, if not thousands, of people watching what they do (including, no doubt, the folks at Apple :-). This is a 24-hour process, with new researchers picking up the task as previous works head off to bed. There's an excitement generated by knowing that progress will be made while you are sleeping. That others will have built on your ideas and moved them forward. That new discoveries will have been made. And there's an excitement from knowing that the eyes of the world are on you. That your words will get approved or dissed in a public form purely on the basis of their value—not on who you are. And unlike a typical research effort, in which you have a group of specialists working on the problem, a public forum like this benefits from the skills of the observers as well. Occasionally the topic may lead into areas where an observer may have a piece of expertise or an idea to contribute. And so the observer becomes a contributor, and the project moves forward that much faster.
There is no question that there are strong advantages to face-to-face development and research. But it's also clear that the public development process embodied in projects like this can be an incredibly powerful tool. I suspect that it's most useful when the task is specifically one of problem-solving. There's no clear architecture to create or direction to take. Many branches must be tried in parallel before a solution is found. And of course, a project with this type of public attention is going to draw even more researchers, both full-time and casual, to the problem.
There's a good Psychology/Anthropology thesis in here. These projects are well documented. The Wiki tracks the changes, IRC transcripts are doubtlessly available. Experiments could be tried applying these techniques to different types of problems. Someone could have a lot of fun. :-).
1. Although a primary information repository, it is probably secondary from a conversational standpoint, since I assume most of the initial discussion is taking place via IRC. Back
2. In an effort to control what applications can be installed on the iPhone (and make enabling alternative carriers more difficult) Apple has used encryption mechanisms to restrict access to the phone. Back
Technorati Tags: anthropology, developer, iphone, passwords, psychology, wiki, security, social, technology
