When I forget my password I can usually reset it and get back to where I was. Of course, before I get access I am nervous that its not going to work. And there may be times (its never happened to me) where one CANNOT get back access and are locked out permanently. There ARE times when getting back access is REALLY IMPORTANT.
So the perfect storm would be:
a) You forget your password, and
b) You CANNOT get it back so you are perm locked out, and
c) Its REALLY important to get access.
I don't know how common it is, but here is an example of the perfect storm
a) Prime Trust, a fintech startup company specializing in cryptocurrency, lost the encryption key to its hardware wallet.
b) They also lost the recovery key so they CANNOT get it back.
c) Is it REALLY important? Lets just say they are now singing Buddy can you spare $38.9 million? (For the original click on Buddy can you spare a dime. For a parody of it click on Buddy Can you Spare a Couple Billion?)
There is an article about Prime Trust losing their encryption key here.
Bruce Schneider has comments on it here.
SIDE NOTE: I've heard the following.
a) Having 15 letter password with at least 2 diff small letters, 2 diff cap letters, 2 diff numbers, 2 diff symbols is NOT good for security since you end up having to write it down AND hackers-guessing-passwords is not the main problem anyway.
b) Some say you are better off taking 4 English words (or whatever language you speak) that have nothing in common and put them together for a password (not sure if some should be in caps) like
elephant Ramsey Rockford Ezra
which is easier to memorize. Such an approach might have helped Prime Trust. Oh well.
(xkcd had this to say: here)
WARNING- I DO NOT know if points a,b above are really true.
WARNING- Despite the WARNING above one of my readers emailed me that I should NOT be spreading false rumors about passwords.
Note that there are three kinds of statements
Those that are true
Those that are false
Those that you hear
The danger of getting "locked out" is very very real as can be seen from the tens of millions of fully functioning or easily repairable devices going into the landfill because of "unbreakable" hardware encryption. This is a criminal waste of expensive and environmentally hazardous componentry when there are billions of people who stand to benefit from recycling these devices.
ReplyDeleteThis encryption nonsense comes enabled by default on most consumer-grade devices (laptops, phones, notepads) and if one fails to record the sixteen digit key in a permanent place (not in the cloud) they will be screwed when one of the other hardware components fails because the onboard TPM chip is the only one that holds the key and good luck hacking the key. Most people, even technically proficient folks, fail to pay adequate attention to this critical step in their rush to get their new device up and running.
Encryption for consumer devices is probably even more mendacious because it leads to a performance degradation (even when implemented via HW but lower-end devices are SW implementations that are much worse) and also potentially reduces the life of a SSD drive (both these are my own anecdotal observations I have not measured them).
Try $235M on for size: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/
ReplyDeletemaybe just maybe Thomas doesn't want to recover his btc at current low market valuation. who knows what the true motives are or whether the entire thing is a hoax of there sitting the private keys for 7002 btc?
ReplyDelete