Monthly Archives: November 2015

Good Regulators: The Weakness of 1Password and Its Progeny

There’s a math theorem that I rather like because I think it appeals to so many situations. I feel this way about that quote from Frankenstein, “And now, once again, I bid my hideous progeny go forth and prosper… blahblah;” I used that repeatedly in school essays, on entrance exams, in acceptance speeches. Some things make little sense to you in-situ but come to mean much more when you apply them to other scenarios. In the Good Regulator Theorem, good regulators are a model of systems that they regulate, and if the model is not a performant echo, then the system is weak, unregulated, and welcome to compromise. In some ways, I feel passwords¬†are “good regulators,” things that model what they manage, because they protect memory (stores of information that you might like to keep private), and in a meta-way, they rely on your memory to ensure their utility.

We often write weak passwords because we have weak memories. So then we write frameworks around them that weaken their ability to perform, their ability to echo the system they model, and thus we introduce our human weakness into an already crippled model of protection. We “salt” and “hash” our passwords but we are still distant from a happy breakfast, to a happy progeny, a product of our genius and not simply an echo of our faults. So what can be done about passwords? What can be done about the memory they protect? How does the weakness of passwords, and of “good regulation,” affection the bio-politics of our contemporary world?

Password Strength XKCD

Continue reading