Why we should not know our own passwords

Kevin Lancaster

MyBroadband Editor
Joined
Apr 4, 2014
Messages
13,564
Why we should not know our own passwords

Since 2009, U.S. Customs and Border Protection agents have been allowed to search electronic devices carried by citizens or noncitizens as they cross the border into the United States from other countries. More recently, Homeland Security Secretary John Kelly suggested this digital vetting should also include harvesting social media passwords. Kelly’s proposal prompted legal and technology experts to respond with an open letter expressing deep concern about any policy that demands that individuals violate the “first rule of online security”: Do not share your passwords.
 

Foxhound5366

Executive Member
Joined
Oct 23, 2014
Messages
7,885
Oh great, so once our robot overlords take over they're going to lock me out of Facebook and Twitter to add insult to injury? I think not!
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,156
I know all mine, many client PC passwords and more than a few ser ver and also email passwords
:p
Let me guess - IT tech?

Always scares me how much access they have. Everything is carefully segregated & walled off since its highly confidential...yet end of day IT can access pretty much anything by the very nature of their job.
 

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
41,885
I'll rather know it myself than rely on a CIA backdoor
 

Venomous

Honorary Master
Joined
Oct 6, 2010
Messages
54,668
Let me guess - IT tech?

Always scares me how much access they have. Everything is carefully segregated & walled off since its highly confidential...yet end of day IT can access pretty much anything by the very nature of their job.
Consultant more than techie. Though I do both.

And I haz a magic disc that can clear windows passwords, without knowing what the password was.
In many instances bios passwords are not as secure as most people would think they are.

And another program that can show me email passwords.

And so on, and so on.


And that is why I refuse to keep a database of all those. In the wrong hands many of those passwords can be used badly.

I have a few clients who have highly confidential data stored.
It is not in my interest to distribute or harm their data.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
26,148
Consultant more than techie. Though I do both.

And I haz a magic disc that can clear windows passwords, without knowing what the password was.
In many instances bios passwords are not as secure as most people would think they are.

And another program that can show me email passwords.

And so on, and so on.


And that is why I refuse to keep a database of all those. In the wrong hands many of those passwords can be used badly.

I have a few clients who have highly confidential data stored.
It is not in my interest to distribute or harm their data.
Hirens boot cd, nirsoft and pulling the battery...
 

Venomous

Honorary Master
Joined
Oct 6, 2010
Messages
54,668
Hirens boot cd, nirsoft and pulling the battery...

1.
Hiren's is safe compared to the disc I have.

2. No big secret.

3.
LOL,

Nope there are passwords that require knowlege of lower level formatting or in somecase the removal/replacement of chips on the mainboard. That is a case of who you know....
Though this is not a common occurance, it is often done by people accidently who can then not remember those passwords, and then they plead for assistance to solve their problem.
I've seen that only 5 times ever.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,156
highly confidential data stored.
That's the part that freaks me out. I'm buried in non-disclosure agreement from like 30 different sides...and yet IT is like write your global password on this sticky note here.:eek:

I've made my peace with it though - realistically IT will have root access - to borrow a nix-y term. That's the way it goes - no point in me fighting that.

Anyway...back on topic...I recycle passwords all over the place. But I make sure that the weak ones are not on mission critical sites. e.g. If my mybb profile got burn...well that could cause a bit of mybb drama but ultimately of little consequence.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,180
Well I don't know a sizable chunk of mine thanks to LastPass.

My LastPass password is the only password I know. Even if I gave it to someone, they'd need my two factor authentication to login to my account.
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
28,583
Well there is an easy solution, fake profiles. If you get asked just give the password to the fake one and there's no way to prove there's a real one. Plus side is the fake password can even be weak and very easy to remember.

Well I don't know a sizable chunk of mine thanks to LastPass.
Try explaining that one. :D
 

Nod

Executive Member
Joined
Jul 22, 2005
Messages
9,603
Let me guess - IT tech?

Always scares me how much access they have. Everything is carefully segregated & walled off since its highly confidential...yet end of day IT can access pretty much anything by the very nature of their job.
IT and cleaning companies...
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
56,186
I don't know how any of that will help. They will then just confiscate your device and/or detain you as long as they want.

Easier to just wipe device. Load few useless apps and some alternate profile without much personal info and let them access that if they want.
 

Everyones-a-Wally

Honorary Master
Joined
Jul 18, 2008
Messages
52,137
Plausible Deniability.
Have your password and your 'I don't want you to see the real stuff' password.
Enter the latter when a border control agent asks and the file system is completely different to the first. Some obfuscation of free space available to make a 1Tb drive split into 2 partitions (real vs obfuscated) look like a 1Tb drive with the encrypted 'real' partition hidden.
Will only work on a jailbroken iphone unless Apple offers it, in which case it's unlikely to work since it will be common knowledge.
Android should be easy to do.

What's becoming more and more apparent is that industry solutions are great when new but bound to fail when they become commonplace. Real solutions exist for tech capable individuals willing to spend the time to roll their own.

The real issue is that people who have stuff to hide are already doing this and those of us who have nothing to hide are wasting state resources being intercepted and having our data scrutinized. You can't tell me that a border control employee will know what to look for in a well encrypted system. That said, the powers that be should be expecting the real crooks and forward them to the experts. Not sure exactly what they want to stop at the border in this case - how long does it take you to read someone's face book messages, emails, skypes, etc. to form an opinion on what they're up to?
 
Top