February 9, 2024 • 12 mins
We hate passwords, and so should you! They are the precarious foundation of modern security. Understanding the problem is the key to solving it. Listen now and start the journey.
Then come learn more inside the IHP Academy!
You can sign up for notifications of new podcast episodes by clicking here.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome and thanks for listening. I'm Nick Jackson here with Makani Mason.
We're your hosts for Super Simple Security Principles.
Look, I'm going to be honest, because this is our first episode,
I am super excited. What about you, Makani?
Here's why I'm excited about this, Nick. Yeah, why are you excited?
I've been helping people, family, friends, community members, for a long time.
(00:24):
Yeah. But really starting in earnest about six years ago, almost seven years ago now.
And this is just a culmination of a long work effort.
And with you in the last year, we're finally here where we're able to produce
things in a way that we can reach a lot more people.
Yes. That's why I'm so excited for this.
(00:47):
This and it's why he's my superhero because
trust me guys after you get a flavor of mcconnie and what he's trying to do
he'll become your super superhero too look today's podcast we were talking about
why we hate passwords amen and it is a wee thing i am going to start with why i hate passwords.
(01:11):
Dude, I don't know if this says I'm extremely lazy or what, but I have to type them in.
And just the inconvenience of typing them in, generating a new password,
and that is a hassle. It's a pain.
Let alone the fact that if all of a sudden I need to share that password with
(01:34):
my son or my other kids or whomever,
i'm legitimately not doing it in secure ways i'm texting them my password you
know it's a hard problem it is it is let alone if we travel now we travel and
i've got to log in different tvs it becomes cumbersome you know and.
(01:58):
I'm always left thinking, who should I let save my password?
Because my computer's prompting me all the time, like, save your password.
These are just a few of the reasons why I hate passwords.
When I was first informed that Makani hates passwords, and he does, I was shocked.
I didn't think that my buddy, the security expert, would say that he didn't like passwords.
(02:22):
So, Makani, why don't you tell us why you hate passwords? The first thing is
they're just not very good at protecting us.
We hear a lot, don't reuse passwords, and we blame the humans.
But really, the problem is with passwords.
With passwords themselves. Yeah, they're just the technology.
(02:43):
It's such a simple form of protecting ourselves. Think of it like a key.
We all use keys, lock our house with them.
And the comparison really tells us a lot because keys are the most basic form
of physical security that we have. Right.
Everybody knows them, uses them, but they have a ton of problems.
(03:04):
And they're not all perfectly identical to passwords, but they're very instructive.
They suffer from many of the same kinds of flaws.
And in both cases, there are just so many ways to defeat the security that that
little key gives you. Right.
You can pick the lock. You can smash the door.
People stash keys under the rock in front of their house. I've got teenage daughters
(03:29):
that are consistently losing their keys to the house consistently.
Yeah, nice. Somebody's finding keys to our house everywhere because we're making copies to keys, right?
Yeah, exactly. And that's another one. It's easy to copy them,
easy to lose them. You can forget to lock it.
One of the big ones that was really comparable in the password world is anyone
(03:50):
can use that key. It's not specific to you.
Basically like a key. If I pick it up, I can find it. If I know what it goes
to, I can use it. Exactly. There are just tons of problems.
We're going to add one more layer, though, because one of the really unique
things about passwords compared to keys is that you have to share that key with a stranger.
(04:11):
In other words, the website or whoever that you're giving the password to.
I hadn't even thought of that.
Like I've tried to share my key with a complete stranger.
Right. And you don't know if you can trust them, what kind of security they
have to protect that key. Right, right.
Say we had a storage unit where you're storing some valuable stuff and you have
(04:34):
to give a copy of your key with your name on it, a label so they know which
key it is, give that to the owners of the storage units.
And everybody has to do that, right? Dang.
Right. Right. I didn't think about that. And what that means is,
right, we create this huge temptation, you know, huge value for thieves.
(04:57):
Wow. We could go and instead of trying to steal each person's individual keys,
we go steal steal all the keys to all the storage units from the owner.
I was going to say it's similar to how hotels used to operate, if I'm correct, right?
They would give you a key off the wall board, and they had a key themselves.
Right. Yeah. And so if you had to get into your room, you went to the front
(05:21):
desk and said, hey, I lost my key, and they would come in and unlock it.
Right. And if somebody got access to. Yeah. If somebody had to install all their
keyboards of keys, they could go into every room. Yep. Not just one. Yeah.
I get it. It's not necessarily just the websites that we have to worry about.
It's people that are trying to get into the websites.
(05:42):
Right. Bad guys. Yeah, exactly. And that happens in the digital world every
day. It's called a data breach.
Ah. You go search on the news and that's basically what happens.
Because they're breaking in and stealing all the keys that have been collected.
Because the thing is, you really put a lot of weight on the storage unit owner
because of the weak nature of passwords.
(06:06):
That's the way it is. They're gatekeepers. Fascinating. Of our passwords.
Fascinating. Yeah. Okay. That gives me completely new insight into how these,
about why these hackers are trying to attack these websites.
Sites because you guys have literally, we've left keys on the walls, if you will.
Yep. Then we take it one more step. Right. I can imagine we have a whole bunch
(06:29):
of storage units, which obviously in real life we wouldn't, right?
Right. We're not going to have a whole bunch, but if we're going to compare
storage, you just say to a website.
Yeah. Because in every website, we're going to have some personal information.
Right. Some data stored there that's valuable to us that Adam's person has around 150 or so.
Oh my God. Okay. You've got your key chain where you're hauling around 150 keys.
(06:53):
Well, of course, I'm sure most of you are thinking, well, that's not how many
I have because that's a huge pain.
So that's why we end up having a thing where we reuse the same password because
if I only have one key to open all 150 of my storage units, that's a whole lot
less work, which I'm guilty of. And I know that that's...
(07:14):
Not safe. Yeah. Well, but again, you get the blame. Everybody's like, don't reuse passwords.
Right. And while I agree and I want to help you with the general education and
the information we have, it's hard. It's a lot of work.
I don't like lugging around 150 different keys.
Exactly. Nobody in their right mind does.
One other thing I want to talk about now is the fact that there are all the big tech companies.
(07:38):
Yeah. Amazon, Google, Microsoft, Apple, a bunch of others. They're all working together.
They're actually unifying their efforts because they're working on eliminating passwords.
It's not just McConaughey's opinion about passwords. This is in the security
world. It is well understood, well known.
(07:59):
Passwords suck. Okay. Just no two ways around it. But that's going to be a long time coming.
Passwords are going to be around for a long time.
Years. Yeah. Oh, yeah. Years. Okay. So we still have to figure out how to manage them.
And that's what we want to do in our next few episodes is give you some solutions.
(08:20):
Some super simple solutions. Some super simple solutions and steps,
principles, strategies. Yes.
That will help you deal with those. Right. We're going to start by busting some common password myths.
Okay. because they're a big obstacle in how you think about passwords and how you approach it.
(08:44):
Keep it simple. Won't have to go into all the deep technical parts of passwords,
but there's some miseducation that happens that we want to clear up.
Then we're going to talk about some strategies for helping you create strong
passwords so they don't drive you crazy stiff. Like you want both.
You want them to be strong, but you want to be able to remember them and type them.
(09:08):
And then, finally, we'll talk about password managers, which help solve a ton
of these problems that we've been talking about today.
Right. In a really good way.
But we've got to talk about all those other things first. We've got to do an
order because there's just a lot of things you have to understand about passwords
in order to use password managers safely and effectively.
(09:31):
And if you do it all right, then password managers,
one of the beautiful things about them and these strategies is we can not only
increase your security, we'll help you use stronger, better passwords,
but we'll help you do it with a lot less effort.
Perfect. And in the world of online security is a rare combination.
(09:55):
Most of the time, to increase your security, you have to increase your inconvenience. Correct.
That's what I found. Yeah, and that's just like in real-world security.
Same thing is generally true. Right. But a password manager,
if approached properly, is an exception to that rule.
That's one of the reasons why we're starting with password, too.
(10:15):
And I'm really excited about talking about these solutions and password managers
because most people out there still aren't using a password manager.
Or using them correctly, I would imagine.
(10:54):
Excellent. The other thing that we have, you'll see a link on our website,
is to a free tool that we're building, at least free for now while it's in beta,
I should say. Right. Called Link Lantern.
That will help you determine if your website that you're going to is safe before you go visit it.
Fantastic. Fantastic. So we've got a website tester that's in beta testing.
(11:19):
It's going to tell you if these websites are safe to go to. check that out at
our website again that's ihatepasswords,
ihpacademy.com just so
you guys are aware I am not a computer geek that's why
we keep things simple Connie thank you for your time today I appreciate it guys
(11:41):
this is why we hate passwords we're looking forward to coming with solutions
tips to help you guys out in upcoming episodes we're super excited to dive a little bit deeper,
Just remember, you're getting better by listening.
I'm right there with you. I'll be taking these steps. I'll be listening and applying as we go.
(12:02):
Thank you for your time today. Have a good one. Bye-bye.
Welcome and thanks for listening. I'm Nick Jackson here with Makani Mason.
We're your hosts for Super Simple Security Principles.
Look, I'm going to be honest, because this is our first episode,
I am super excited. What about you, Makani?
Here's why I'm excited about this, Nick. Yeah, why are you excited?
I've been helping people, family, friends, community members, for a long time.
(00:24):
Yeah. But really starting in earnest about six years ago, almost seven years ago now.
And this is just a culmination of a long work effort.
And with you in the last year, we're finally here where we're able to produce
things in a way that we can reach a lot more people.
Yes. That's why I'm so excited for this.
(00:47):
This and it's why he's my superhero because
trust me guys after you get a flavor of mcconnie and what he's trying to do
he'll become your super superhero too look today's podcast we were talking about
why we hate passwords amen and it is a wee thing i am going to start with why i hate passwords.
(01:11):
Dude, I don't know if this says I'm extremely lazy or what, but I have to type them in.
And just the inconvenience of typing them in, generating a new password,
and that is a hassle. It's a pain.
Let alone the fact that if all of a sudden I need to share that password with
(01:34):
my son or my other kids or whomever,
i'm legitimately not doing it in secure ways i'm texting them my password you
know it's a hard problem it is it is let alone if we travel now we travel and
i've got to log in different tvs it becomes cumbersome you know and.
(01:58):
I'm always left thinking, who should I let save my password?
Because my computer's prompting me all the time, like, save your password.
These are just a few of the reasons why I hate passwords.
When I was first informed that Makani hates passwords, and he does, I was shocked.
I didn't think that my buddy, the security expert, would say that he didn't like passwords.
(02:22):
So, Makani, why don't you tell us why you hate passwords? The first thing is
they're just not very good at protecting us.
We hear a lot, don't reuse passwords, and we blame the humans.
But really, the problem is with passwords.
With passwords themselves. Yeah, they're just the technology.
(02:43):
It's such a simple form of protecting ourselves. Think of it like a key.
We all use keys, lock our house with them.
And the comparison really tells us a lot because keys are the most basic form
of physical security that we have. Right.
Everybody knows them, uses them, but they have a ton of problems.
(03:04):
And they're not all perfectly identical to passwords, but they're very instructive.
They suffer from many of the same kinds of flaws.
And in both cases, there are just so many ways to defeat the security that that
little key gives you. Right.
You can pick the lock. You can smash the door.
People stash keys under the rock in front of their house. I've got teenage daughters
(03:29):
that are consistently losing their keys to the house consistently.
Yeah, nice. Somebody's finding keys to our house everywhere because we're making copies to keys, right?
Yeah, exactly. And that's another one. It's easy to copy them,
easy to lose them. You can forget to lock it.
One of the big ones that was really comparable in the password world is anyone
(03:50):
can use that key. It's not specific to you.
Basically like a key. If I pick it up, I can find it. If I know what it goes
to, I can use it. Exactly. There are just tons of problems.
We're going to add one more layer, though, because one of the really unique
things about passwords compared to keys is that you have to share that key with a stranger.
(04:11):
In other words, the website or whoever that you're giving the password to.
I hadn't even thought of that.
Like I've tried to share my key with a complete stranger.
Right. And you don't know if you can trust them, what kind of security they
have to protect that key. Right, right.
Say we had a storage unit where you're storing some valuable stuff and you have
(04:34):
to give a copy of your key with your name on it, a label so they know which
key it is, give that to the owners of the storage units.
And everybody has to do that, right? Dang.
Right. Right. I didn't think about that. And what that means is,
right, we create this huge temptation, you know, huge value for thieves.
(04:57):
Wow. We could go and instead of trying to steal each person's individual keys,
we go steal steal all the keys to all the storage units from the owner.
I was going to say it's similar to how hotels used to operate, if I'm correct, right?
They would give you a key off the wall board, and they had a key themselves.
Right. Yeah. And so if you had to get into your room, you went to the front
(05:21):
desk and said, hey, I lost my key, and they would come in and unlock it.
Right. And if somebody got access to. Yeah. If somebody had to install all their
keyboards of keys, they could go into every room. Yep. Not just one. Yeah.
I get it. It's not necessarily just the websites that we have to worry about.
It's people that are trying to get into the websites.
(05:42):
Right. Bad guys. Yeah, exactly. And that happens in the digital world every
day. It's called a data breach.
Ah. You go search on the news and that's basically what happens.
Because they're breaking in and stealing all the keys that have been collected.
Because the thing is, you really put a lot of weight on the storage unit owner
because of the weak nature of passwords.
(06:06):
That's the way it is. They're gatekeepers. Fascinating. Of our passwords.
Fascinating. Yeah. Okay. That gives me completely new insight into how these,
about why these hackers are trying to attack these websites.
Sites because you guys have literally, we've left keys on the walls, if you will.
Yep. Then we take it one more step. Right. I can imagine we have a whole bunch
(06:29):
of storage units, which obviously in real life we wouldn't, right?
Right. We're not going to have a whole bunch, but if we're going to compare
storage, you just say to a website.
Yeah. Because in every website, we're going to have some personal information.
Right. Some data stored there that's valuable to us that Adam's person has around 150 or so.
Oh my God. Okay. You've got your key chain where you're hauling around 150 keys.
(06:53):
Well, of course, I'm sure most of you are thinking, well, that's not how many
I have because that's a huge pain.
So that's why we end up having a thing where we reuse the same password because
if I only have one key to open all 150 of my storage units, that's a whole lot
less work, which I'm guilty of. And I know that that's...
(07:14):
Not safe. Yeah. Well, but again, you get the blame. Everybody's like, don't reuse passwords.
Right. And while I agree and I want to help you with the general education and
the information we have, it's hard. It's a lot of work.
I don't like lugging around 150 different keys.
Exactly. Nobody in their right mind does.
One other thing I want to talk about now is the fact that there are all the big tech companies.
(07:38):
Yeah. Amazon, Google, Microsoft, Apple, a bunch of others. They're all working together.
They're actually unifying their efforts because they're working on eliminating passwords.
It's not just McConaughey's opinion about passwords. This is in the security
world. It is well understood, well known.
(07:59):
Passwords suck. Okay. Just no two ways around it. But that's going to be a long time coming.
Passwords are going to be around for a long time.
Years. Yeah. Oh, yeah. Years. Okay. So we still have to figure out how to manage them.
And that's what we want to do in our next few episodes is give you some solutions.
(08:20):
Some super simple solutions. Some super simple solutions and steps,
principles, strategies. Yes.
That will help you deal with those. Right. We're going to start by busting some common password myths.
Okay. because they're a big obstacle in how you think about passwords and how you approach it.
(08:44):
Keep it simple. Won't have to go into all the deep technical parts of passwords,
but there's some miseducation that happens that we want to clear up.
Then we're going to talk about some strategies for helping you create strong
passwords so they don't drive you crazy stiff. Like you want both.
You want them to be strong, but you want to be able to remember them and type them.
(09:08):
And then, finally, we'll talk about password managers, which help solve a ton
of these problems that we've been talking about today.
Right. In a really good way.
But we've got to talk about all those other things first. We've got to do an
order because there's just a lot of things you have to understand about passwords
in order to use password managers safely and effectively.
(09:31):
And if you do it all right, then password managers,
one of the beautiful things about them and these strategies is we can not only
increase your security, we'll help you use stronger, better passwords,
but we'll help you do it with a lot less effort.
Perfect. And in the world of online security is a rare combination.
(09:55):
Most of the time, to increase your security, you have to increase your inconvenience. Correct.
That's what I found. Yeah, and that's just like in real-world security.
Same thing is generally true. Right. But a password manager,
if approached properly, is an exception to that rule.
That's one of the reasons why we're starting with password, too.
(10:15):
And I'm really excited about talking about these solutions and password managers
because most people out there still aren't using a password manager.
Or using them correctly, I would imagine.
(10:54):
Excellent. The other thing that we have, you'll see a link on our website,
is to a free tool that we're building, at least free for now while it's in beta,
I should say. Right. Called Link Lantern.
That will help you determine if your website that you're going to is safe before you go visit it.
Fantastic. Fantastic. So we've got a website tester that's in beta testing.
(11:19):
It's going to tell you if these websites are safe to go to. check that out at
our website again that's ihatepasswords,
ihpacademy.com just so
you guys are aware I am not a computer geek that's why
we keep things simple Connie thank you for your time today I appreciate it guys
(11:41):
this is why we hate passwords we're looking forward to coming with solutions
tips to help you guys out in upcoming episodes we're super excited to dive a little bit deeper,
Just remember, you're getting better by listening.
I'm right there with you. I'll be taking these steps. I'll be listening and applying as we go.
(12:02):
Thank you for your time today. Have a good one. Bye-bye.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Nikki Glaser Podcast
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.