« The law won | Main | First ISLAND inhabitants »
A suboptimal use of default passwords
In his February 11th column, Bruce Blair from the Center for Defense Information gives a rather horrifying first-hand account of the traditionally framed conflict between safety and convenience. In this case, it's the convenience of being able to annihilate our geopolitical enemies on short notice versus the safety of not starting a nuclear war by accident.
In the 1960's each of the thousand-odd Minuteman nuclear missiles were fitted with special locks which would prevent launch unless the "secret unlock code" was received from high-authority - presumably the president or secretary of defense. The purpose of the locks was to prevent unauthorized launch either by accident or through a deliberate subversion of the chain of command. The problem was that this extra step was seen as a cumbersome process which had the potential to delay our nuclear response and thereby dampen the retaliation we could mete out in the case of an actual attack. The solution was the equivalent of writing your windows password on a sticky-note attached to your monitor:
The Strategic Air Command (SAC) in Omaha quietly decided to set the "locks" to all zeros in order to circumvent this safeguard. During the early to mid-1970s, during my stint as a Minuteman launch officer, they still had not been changed. Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders. And so the "secret unlock code" during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.
Nice.
What's worse, according to Blair, is that the civilian authorities from the president on down were not informed that this precaution was being completely ignored. Robert McNamara, the secretary of defense for Kennedy and Johnson, was apparently unaware until just this year!
I take away three lessons from this episode:
1. We are really, really, really lucky that the world didn't get all blown up before the end of the cold war. Sure, the professionalism and relative cool-headedness of many individuals on both sides of the conflict helped a lot, but there was a scary number of close calls. Let's try not to do this again.
2. Passwords suck. They're pretty much good for nothing. It’s not sufficient to lecture users on proper password etiquette – passwords must die. If Strategic Air Command couldn’t be bothered with passwords for world-shattering missiles, what hope is there that the average HR department will correctly use passwords for their Windows login or WiFi access? Finally moving away from passwords has got to be near the top of every IT organization's to-do list – or at the bottom, if they clicked twice and got it sorted backwards somehow.
3. Security vendors rarely have an interest in making sure that their products and recommendations are actually being used correctly. Proper use is often unpleasant and displeased customers usually mean fewer sales. Likewise, it's often physiologically easier for customers to seek out new technological solutions for security problems rather than admit that they may not be using their existing products to full capacity. Fixing this willful miscommunication is crucial to making security practical and affordable.
Ok, the third point is just a hobbyhorse of mine and not really derived at all from the preceding article. Also, I'd give up #2 if we could be promised #1. Deal?
[Thanks to Dave Engberg for the link.]
June 1, 2004 | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d834201dda53ef00e55038621a8834
Listed below are links to weblogs that reference A suboptimal use of default passwords:
» And They Were Probably Running Windows Too from Hold The Mayo
Phil Libin CEO of the digital security company CoreStreet also write a blog: Vastly Important Notes. He writes about security issues and much more. In one recent security related post he detailed the state of the art security attached to... [Read More]
Tracked on Jun 16, 2004 7:50:44 PM
» WIRELESS TOYZ from Toyz Shop
Customers want to shop the leader - a store that has a proven record with thousands of customers across the nation. Wireless Toyz represents almost every ... [Read More]
Tracked on May 29, 2006 8:33:27 PM
Comments
Good password selection sucks. If your password is obvious enough to remember, it's obvious enough to crack. If it's “strong” enough to resist the easy crack, you probably have to write it down somewhere.
For my own personal use, I adopted a strategy of using puzzle solutions to meaningful phrases, allowing me to intermix letters and numbers, getting 6-8 characters, and even making case significance memorable. When my financial security is at risk, I even work in punctuation.
Unfortunately, I've become lazy, and settled on a root password that gets used for damn near everything. That root gets modified for more important (eBay, for example) accounts, and really beefed up for MyCheckfree.
An interesting aside, my bank assigned me an ATM PIN that had four digits, which just happened to commemorate an important anniversary. Weird.
Posted by: Elderbear | Nov 2, 2004 2:24:04 PM
