Super Simple Security Principles

A parallel blog / pseudo-transcript of the podcast

Welcome, and thanks for reading. I'm Nick Jackson here with Makani Mason. We're your hosts for super simple security principles. Look, I'm gonna be honest, because this is our first episode. I am super excited. What about you, Makani?

Here's why I'm excited about this, Nick. I've been helping people: family, friends, community members for a long time. But really starting in earnest about six years ago, almost seven years ago now, and this is just a culmination of a long work effort and with you in the last year we're finally here, where we're able to produce things in a way that we can reach a lot more people.

Today's podcast, we are talking about why we hate passwords. And it is a we thing. I'm gonna start with why I hate passwords. Dude, I don't know if it says I'm extremely lazy or what, but I have to type them in and just the inconvenience of typing them in, generating a new password, that is a hassle. It's a pain. Let alone the fact that if all of a sudden I need to share that password with my son or my other kids or whomever, I'm not doing it in secure ways. I'm texting them my password, you know? It's a hard problem. Let alone, if we travel now, I've gotta log in to different TVs, it becomes cumbersome. And I'm always left thinking, who should I let save my password?

Because my computer's prompting me all the time. Save your password. These are just a few of the reasons why I hate passwords. When I was first informed that Makani hates passwords, I was shocked. I didn't think that my buddy, the security expert, would say that he didn't like passwords. So Makani, why don't you tell us why you hate passwords?

The first thing is they're just not very good at protecting us. We hear a lot, don't reuse passwords, and we blame the humans. But really the problem is with passwords, it's with passwords themselves. They're just the technology. It's such a simple form of protecting ourselves.

Think of it like a key. We all use keys, lock our house with them. And the comparison really tells us a lot, because keys are the most basic form of physical security that we have. Everybody knows them, uses them, but they have a ton of problems. And they're not all perfectly identical to passwords, but they're very instructive. They suffer from many of the same kinds of flaws.

And in both cases, there's just so many ways to defeat the security that that little key gives you. You can pick the lock, you can smash the door, people stash keys under the rock in front of their house. I've got teenage daughters that are consistently losing their keys to the house. Somebody's finding keys to our house everywhere, because we're making copies to keys. And that's another problem. It's easy to copy them. Easy to lose them. You can forget to lock it. One of the big ones that was really comparable in the password world is anyone can use that key. It's not specific to you. Like a key, if I find it, if I know what it goes to, I can use it.

There are just tons of problems. We're gonna add one more layer though, because one of the really unique things about passwords compared to keys is that you have to share that key with a stranger. In other words, the website or whoever that you're giving the password to.

It's like sharing my key with a complete stranger. And you don't know if you can trust them, what kind of security they have. To protect that key. Say we had a storage unit where you're storing some valuable stuff and you have to give a copy of your key with your name on it, labeled so they know which key it is. Give that to the owners of the storage units, and everybody has to do that. And what that means is, we create this huge temptation, you know? Huge value for thieves. They could go and instead of trying to steal each person's individual keys, they go steal all the keys to all the storage units from the owner. It's similar to how hotels used to operate. They would give you a key off the wallboard, and they had a key themselves. So if you had to get into your room, you went to the front desk and said, “hey, I lost my key.” And they would come in and unlock it. If somebody came and stole all their keyboards of keys, they could go into every room. Not just one.

It's not necessarily just the websites that we have to worry about. It's people that are trying to get into the websites. Bad guys. And that happens in the digital world every day. It's called a data breach. If you go search on the news, that's basically what's happening is they're breaking in and stealing all the keys that have been collected. Because you really put a lot of weight on the storage unit owner because of the weak nature of passwords.

That's the way it is. They're gatekeepers. Protectors of our passwords. But we've left keys on the walls, if you will, so it's very tempting for the bad guys. Then we take it one more step, right? I imagine we have a whole bunch of storage units, which obviously in real life we wouldn't. We're not gonna have a whole bunch, but we're gonna compare a storage unit to a website. Because in every website we're gonna have some personal information. Some data stored there that's valuable to us.

The average person has around 150 or so. You got your key chain where you're hauling around 150 keys. Well, of course, I'm sure most of you're thinking, man, that's not how many I have, right? Because that's a huge pain. So that's why we end up having things where we reuse the same password, because if I only have one key to open all 150 of my storage units, that's a whole lot less work.

But you get the blame and people say “don't reuse passwords.” And while I agree and I want to help you with the general education and the information we have, it's hard. It's a lot of work. I don't Like lugging around 150 different keys. Nobody in their right mind does.

One other thing I wanna talk about now is the fact that there are all the big tech companies. Amazon, Google, Microsoft, Apple, a bunch of others. They're all working together. They're actually unifying their efforts, and they're working on eliminating passwords. So this is not just my opinion about passwords, this is the security world. It is well understood, and well known that passwords suck. Just no two ways around it, but that's gonna be a long time in coming. Passwords are gonna be around for a long time. Years.

So we still have to figure out how to manage them, and that's what we want to do in our next few episodes is give you some solutions, some super simple solutions and steps, principles, strategies. That will help you deal with those.

We're gonna start by busting some common password myths. Because they're a big obstacle in how you think about passwords and how you approach it. We'll keep it simple. We won't have to go into all the deep technical parts of passwords, but there's some miseducation that happens that we want to clear up.

Then we're gonna talk about some strategies for helping you create strong passwords so they don't drive you crazy still. We want them to be strong, but we want them to be able to be easy to remember and type.

And then finally we'll talk about password managers, which help solve a ton of these problems that we've been talking about today, in a really good way. But we've gotta talk about all those other things first.

We've got to do an order, because there's just a lot of things you have to understand about passwords in order to use password managers safely and effectively. And if you do it all right, then one of the beautiful things about password managers and these strategies is that we can not only increase your security, we'll help you use stronger, better passwords, but we'll help you do it with a lot less effort.

And then the world will get simpler. In the world of online security this is a rare combination. Most of the time to increase your security, you have to increase your inconvenience. Just like in real world security,

the same thing is generally true, right? But a password manager, if approached properly, is an exception to that rule, and that's one of the reasons why we're starting with passwords too, and I'm really excited about talking about these solutions and password managers, because most people out there still aren't using a password manager or aren't using them correctly.

Or using a less safe one. We're going to be building guides that will help implement the things that we're talking about in the upcoming episodes. If you go to our website, you can sign up. The name of our Academy is the I Hate Passwords Academy. You'll see a link on our website to a free tool that we're building — at least free for now while it's in beta called Link Lantern. It will help you determine if your website that you're going to is safe before you go visit it.

This is why we hate passwords. We're looking forward to coming up with solutions, tips to help you guys out in upcoming episodes. We're super excited to dive a little bit deeper. Just remember, you're getting better by reading. I'm right there with you. I'll be taking these steps. I'll be listening and applying as we go.

Thank you for your time today. Have a good one.

Enter your email to subscribe to updates.