Contact Us


Disruptive Competition Project

655 15th St., NW

Suite 410


Washington, D.C. 20005

Phone: (202) 783-0070
Fax: (202) 783-0534

Contact Us

Please fill out this form and we will get in touch with you shortly.
Close

What Can the Anonymous Password Hack Teach Us?

· July 18, 2013

We learned today that the latest victims of email hacking here in the US were not average consumers suddenly staring down the barrel of identity theft (as it so often is), but instead a whole host of Congressional staff who have had their usernames and passwords stolen and posted to a public website. While this will no doubt be a hassle for those staffers and I don’t envy the systems administrators down on the Hill right now, we shouldn’t let this teachable moment pass us by.

What is perhaps most interesting about the hacked passwords is that they exemplify, in many cases, everything that you should not do when constructing a strong password. In many cases they are just dictionary words with numbers tacked on to the end, the names of the staffers’ bosses, or their favorite sports team. While industry and security experts have tried to emphasize for users the importance of strong passwords, including how long they should be, not to use common words, and to include numbers and punctuation, obviously many people still use easy to guess passwords.

Passwords alone, however, are not the end of the conversation in this day and age. There is little reason today why any information service can’t offer additional protections in its authentication processes. One favorite means today is two-factor authentication, which is becoming more and more widely available online from Google to Dropbox to Twitter. If that sounds familiar, we’ve talked about it a couple times here in the past.

We should all be thinking, however, of what comes next, because passwords are inherently a technology of yesterday that we should be working to move away from. Biometrics and other advanced technologies we haven’t even heard of yet are the future, and companies should be competing to develop them and roll them out to improve everyone’s security.

This area is one in which the federal government itself – including consumer-oriented agencies like the Federal Trade Commission – can and should play a strong role. Poor account security can cause massive consumer harm. That is why identity theft and security have been the number one complaint to the FTC for the past 5 consecutive years, according to the Commission. When the government itself is the victim, there can be no greater case for government-originated guidance, workshops, and institutional education on improving end-user security. No doubt, the public would benefit from agencies like the FTC and others bringing to bear their own experience on mitigating this persistent problem.

Privacy

Trust in the integrity and security of the Internet and associated products and services is essential to its success as a platform for digital communication and commerce. For this reason we’re committed to upholding and advocating for policymaking that empowers consumers to make informed choices in the marketplace while not impeding new business models.