Blog for One

In a recent BLOG entry, Phil Libin has this to say about passwords:

In his February 11th column, Bruce Blair from the Center for Defense Information gives a rather horrifying first-hand account of the traditionally framed conflict between safety and convenience. In this case, it’s the convenience of being able to annihilate our geopolitical enemies on short notice versus the safety of not starting a nuclear war by accident.

In the 1960’s each of the thousand-odd Minuteman nuclear missiles were fitted with special locks which would prevent launch unless the “secret unlock code” was received from high-authority – presumably the president or secretary of defense. The purpose of the locks was to prevent unauthorized launch either by accident or through a deliberate subversion of the chain of command. The problem was that this extra step was seen as a cumbersome process which had the potential to delay our nuclear response and thereby dampen the retaliation we could mete out in the case of an actual attack. The solution was the equivalent of writing your windows password on a sticky-note attached to your monitor:

The Strategic Air Command (SAC) in Omaha quietly decided to set the “locks” to all zeros in order to circumvent this safeguard. During the early to mid-1970s, during my stint as a Minuteman launch officer, they still had not been changed. Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders. And so the “secret unlock code” during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.

Nice.

What’s worse, according to Blair, is that the civilian authorities from the president on down were not informed that this precaution was being completely ignored. Robert McNamara, the secretary of defense for Kennedy and Johnson, was apparently unaware until just this year!

I take away three lessons from this episode:

1. We are really, really, really lucky that the world didn’t get all blown up before the end of the cold war. Sure, the professionalism and relative cool-headedness of many individuals on both sides of the conflict helped a lot, but there was a scary number of close calls. Let’s try not to do this again.

2. Passwords suck. They’re pretty much good for nothing. It’s not sufficient to lecture users on proper password etiquette – passwords must die. If Strategic Air Command couldn’t be bothered with passwords for world-shattering missiles, what hope is there that the average HR department will correctly use passwords for their Windows login or WiFi access? Finally moving away from passwords has got to be near the top of every IT organization’s to-do list – or at the bottom, if they clicked twice and got it sorted backwards somehow.

3. Security vendors rarely have an interest in making sure that their products and recommendations are actually being used correctly. Proper use is often unpleasant and displeased customers usually mean fewer sales. Likewise, it’s often physiologically easier for customers to seek out new technological solutions for security problems rather than admit that they may not be using their existing products to full capacity. Fixing this willful miscommunication is crucial to making security practical and affordable.

Ok, the third point is just a hobbyhorse of mine and not really derived at all from the preceding article. Also, I’d give up #2 if we could be promised #1. Deal?