The problem definition is the problem

Thursday, 5 Jun 2008

I just saw some good advice on choosing passwords posted on the main Google weblog. It made me feel guilty for a moment. I have, at last count, about 140 accounts on a bewildering variety of services. A dozen of them have strong passwords, the rest share one of a handful of weak passwords. I would like to do better than this and have, over a period of time, tried to work out variously elaborate schemes for how to assign passwords.

I haven’t implemented any of them.

Many of them turn out to be impracticable as soon as one starts trying to implement them, but much more mundanely, just changing 140 passwords is a huge heap of work: if it takes 5 minutes to change one password on average, that’s almost 12 hours. Realistically, it would take almost a week to work through the entire list. This means that coming up with a few different password assignment schemes and trying them out in sequence is a non-starter.

In the meantime, despite the absence of such a scheme, I still have a moderately frequent need to log into some of these accounts from computers where my (encrypted, with yet another passphrase) password list file is not available. And thus, I continue to use weak passwords.

I think it is clear at this point that I need to forgive myself for my bad security practice and stop feeling guilty. The problem is clearly not with my willingness to be a model netizen. It is the very concept of passwords that is flawed.

This is far from an original thought, of course. But today, as the faint pang of guilt came and passed, I wondered what we are collectively going to do about this. Passwords are appealing in the small for many reasons (the main ones I see being no prerequisites for participation from users and some extent of plausible deniability for system creators). None of the alternative proposals seem to scale down to the same extent. Worse than all of this, none of the alternatives even try to address the problem of migrating a huge number of accounts away from weak passwords.

This needs fixing. And the only viable solution will be a brutally simple one – as simple as passwords are brutal.