30 Years of Password FAIL
It’s not simply that we have empirical evidence suggesting that passwords are easy to crack; neuroscience has indicated that the human brain simply doesn’t perform well at free-associating text that, on its own, has little inherent meaning. As one of the papers cited puts it, “the multiple-password management crisis [can be viewed as] a search and retrieval problem involving human beings’ long-term memory.” And, although our long-term memory for images and words that we’ve assigned meanings to is quite good, we don’t do as well with passwords, which (ideally, at least) should look like a near-random string of characters. It’s another challenge entirely to remember which password to associate with a specific account.
Well, there you have it. The human brain just can’t handle complex passwords? Really? Uhhh How about this theory in its place;
“PEOPLE ARE RAPIDLY BECOMING SLOTH LIKE LUMPS OF STUPID”
… Yeah, now I feel better…
So where were we… Oh yeah, evidently the human brain isn’t so good at linking random strings of data to login data needed to access systems. Interesting.. So this lump of grey matter is generally unable to do this well after thousands and thousands of years of evolution eh? Seems to me that through wrote memory as well as muscle memory I do just fine with complex passwords. Or is it that I am some sort of uber mench?
This only leads me back to the idea that the human condition really is just fat dumb and lazy and this is just a malaise we have created for ourselves. Let the empirical data of this “survey” be damned. What’s worse though comes in another passage later on:
One possibly disturbing development was noted: about seven percent of the respondents had become cynical about computer security, having decided that no amount of adherence to best practices would protect them from hackers. Fortunately, this group seemed to be just as good (or just as bad) about using best practices as the rest of the population.
This bugs me. Mostly because I know its all too true that many people, if they don’t really understand the precepts of infosec, will just not care or give up. They will instead if allowed, become the worst security threats to an environment through their sloth.
I see it every day this nonchalance… And every time I say we need to insure that things are done securely I get the look of:
“There he goes again”
Sheeple.
Krypt3ia 
Leave a Reply