Privacy and Security Law Blog

Posted by Lance Koonce

Warning! Spoilers Ahead!

As at least 15 millions regular viewers of this blog ABC’s hit series “Lost” are aware, one of the central plotlines for the show is based on the following premise. The main characters stumble upon a mysterious “hatch” on the mysterious island upon which they have mysteriously crashed. Upon opening the hatch, they find it leads to a mysterious underground research station that is manned by a mysterious individual who has been there for at least three years performing a single, routine task: every 108 minutes, he must punch in six numbers to reset a sort of doomsday timer that is counting down to . . . well, he doesn’t know what.

When he flees, it’s up to the “Losties” to start pushing the button, and they do so, every 108 minutes, for a full season. When finally one of the characters decides that it’s all a scam, he deliberately decides not to punch in the numbers, and all hell breaks loose. Or so it appears. The new season begins in less than two week, so we’ll let you know. Maybe.

Coincidentally (or not?), a year ago we blogged about a report that had just been released regarding the proliferation of passwords in everyone’s lives, and the paradoxical danger to security that this phenomenon represents. The second annual report from RSA Security is now out, and the problem shows no signs of abating. Interestingly, while 59 percent of those polled said password management is "extremely important" to corporate security compliance, “57 percent [of those polled] say their company's desire to avoid end-user frustration prevents the organization from requiring frequent password changes and/or strong password policies.” So – deadlock.

That’s it! The dilemma on “Lost” is simply meant to be an allegory for our nightmarish password-beridden world. On the one hand, we are told that we must type in our passwords or all is – dare I say it – lost. But on the other hand, users may have a sneaking suspicion that if they don’t follow the rules, nothing bad will happen. On “Lost”, that leads to calamity. In real life, that dilemma leads to … passivity. We come up with one password that we use over and over for all purposes, or we write all of the passwords down on a yellow sticky on the side of our computer. Now that we’ve figured out the secret behind “Lost”, the rest of you trying to figure it out can all go home.

The RSA Security report provides some helpful “Do’s and Don’t’s”, but regrettably none of these suggestions gets to the root of the problem for most users – password overload.

The simplest answer may be for us to genetically engineer the next generation of human beings to have much greater memory capacity (I’d like at least 100 gigs, please), so that we can remember our passwords more easily. But if that solution is not forthcoming, the answer must lie in technology. There are some promising applications out there that may help, but so far no “password-killing” app.

So in the meantime, we at this blog intend to just continue using our single password: 4-8-15-16-23-42.