← Back

September 13, 2010

#792: Password Reuse

Password Reuse

[[A man is sitting facing a computer, Hat man is standing behind him.]]

Hat man: Password entropy is rarely relevant. The real modern danger is password reuse.

Man: How so?

(Computer: Password too weak.)

[[Close up on just Hat man.]]

Hat man: Set up a web service to do something simple, like image hosting or tweet syndication, so a few million people set up free accounts.

[[The man has now turned his chair around to face Hat man.]]

Hat man: Bam, you’ve got a few million emails, default usernames, and passwords.

[[Just Hat man.]]

Hat man: Tons of people use one password, strong or not, for most accounts.

Use the list and some proxies to try automated logins to the 20 or 30 most popular sites, plus banks and payola and such.

[[A piece of paper containing a list with three columns, titled ‘Email’, ‘User’, and ‘Pass’. An arrow branching out from the paper to the words ‘Banks’, ‘Facebook’, ‘Gmail’, ‘Paypal’, and ‘Twitter’.

[[Hat man is still standing facing the man in the chair, who now puts his hand to his chin.]]

Hat man: You’ve now got a few hundred thousand real identities on a few dozen services, and nobody suspects a thing.

Man: And then what?

[[The same as previous panel, further back.]]

Hat man: Well, that’s where I got suck.

Man: You DID this?

Hat man: Why did you

think

I hosted so many unprofitable web services?

[[Close-up on Hat man.]]

Hat man: I could probably net a lot of money, one way or another, if I did things carefully. But research shows more money doesn’t make people happier, once they make enough to avoid day-to-day financial stress.

[[Another close-up, facing opposite direction.]]

Hat man: I could mess with people endlessly, but I do that already. I could get a political or religious idea out to most of the world, but since March of 1997 I don’t really believe in anything.

[[Hat man facing man in chair again.]]

Hat man: So, here I sit, a puppetmaster who wants nothing from his puppets. – It’s the same problem Google has.

Man: Oh?

((This panel is indented.))

Google…

[[A man stands, his chair behind him, leaning his hands on the edge of a boardroom table with the Google logo on it. Behind it sit a woman with a bun and glasses and another man.]]

Man: Okay, everyone, we control the world’s information. Now it’s time to turn evil. What’s the plan?

Woman: Make boatloads of money?

[[The man stands with his hand on his head.]]

Man: We already do!

Voice off-screen: Set up a companywide CoD4: Modern Warfare tournament each week?

Man:

That’s not evil!

Voice: Ooh, dibs on the lobby TV!

Man: Okay, we

suck

at this.