Whats terrifying is that they are referring to "their password" and not their password<i>s</i>.<p>Password reuse is much worse that having a weak password. Hackers only brute force high value targets, everyone else should just aim to have unique passwords for every service they use.<p>However, the average person can only remember 5-10 unique passwords and they have many many accounts...password reuse. For the average person password managers aren't an option for normal people, so we have a big problem.
> <i>"Cantor Fitzgerald did have extensive contingency plans in place, including a requirement that all employees tell their work passwords to four nearby colleagues."</i><p>This baffles my mind. Is this common practice in finance? What would stop a malicious actor from impersonating someone whose password they knew? Even if these passwords aren't tied to someone's identity in any way, they presumably exist to secure sensitive data and/or systems, but then they're shared with officemates like Dilbert comics?
Well I guess talking to people and telling them you're writing an article about "The Secret Life of Passwords" is more novel than giving them a call pretending to be from their bank or telco.<p>I dearly hope that those people who actually told passwords to the author were either no longer using them or immediately changed them to something better on reflection of just how terrible they were. My mother kept a door from her parents' first house (which they built after emigrating after WW2) for sentimental reasons, that doesn't mean she relied on the old antique lock to secure her current house.
If someone from my loved one's job called me 24 hours after they were killed in a horrific terrorist attack to talk about passwords I don't think I would be able to contain my vitriol.
Couldn't they just access the data directly from the databases?<p>Something they couldn't access then. Are they talking about passwords for 3rd party services? Or perhaps passwords for encrypted hard drives?
What is wrong with these companies that they are having to brute force passwords?<p>Passwords to business-critical systems should be stored in a safe, in an off-site location (preferably multiple offsite locations).
> "Even in America, old habits, like his KGB-induced skepticism of the police lingered."<p>[Cough]. <i>Even</i> in America? More like especially nowadays, no?<p>Beautifully written piece, otherwise.
Side comment about the web design- very cool and clear way of integrating audiovisual stories into the article. Lots of people try to find novel ways to share interviews/first-person accounts that they've recorded, with mixed results. This piece strikes me as best in class.