Your IT staff is constantly hounding you about your passwords. Applications give insane requirements
about capital letters, special characters, then tell you that you can't use THOSE special
characters, with no rhyme or reason as to why.
(Here's a fun
list of that insanity)
Applications care so much about passwords, because they're the primary method we have to know who you
actually are. With your password an attacker can take your place in the application, so when you
use "password" as your actual password it makes it really hard for us to keep your account secure.
Because maybe, just maybe, an attacker might think to try that one out.
Here we're going to talk about another challenge in authenticating you as a user. Account recovery. What happens
when the normal methods we have to verify you as a user don't work.
A properly used password is like a unicorn, beautiful, majestic, and just as rare. All the sins of
passwords are too numerous to go into here, so we’ll assume for now that you’ve done everything
password is long, complex, and never used anywhere else. Information security staff build shrines
to your magnificence and hackers shudder at the thought of trying to brute-force that perfect
But now you’ve forgotten it.
Of course you’re using a password manager (Bitwarden,
LastPass, etc.), so this would never
happen, but lets pretend there was a glitch and that shining paragon of security is gone, evaporated
just like all that bitcoin sent to the twitter hacker.
So now you’re in the mess that is account recovery. There are lots of ways to do this. But lets talk
about the two most common. Verification questions and fallback accounts.
Verification Questions are those not-at-all ambiguous questions that are supposed to be based in
factual components of your life. Things like,
What city were you born in? Or What’s your favorite color?
There are a number of problems with this approach. The biggest is that many of these questions are
matters of public record or are often easy to discover or guess. If you really think about it, this is basically
just another password into your account. One that is often much simpler to guess than your actual
password. The questions have a much smaller range of answers ("Favorite make of car") or are just flat out public knowledge. So it’s
no wonder that this has been a very common method to hijack accounts.
Fallback accounts have become a widespread method for recovery. This is where you will supply
something like an email account or your phone number and when trying to recover your account the
system will send a link to your email or phone that takes you directly into a reset flow.
Which is great, unless your email account gets hacked or someone hijacks your SIM. Another fun aspect of
email account recovery is that if I, as a mean-spirited attacker, gained control of someone’s
email. One of the first things I’d do would be to scan for every account activation email sent
there, then use the hijacked email to reset all those passwords.
Again, really thinking about this, the text-messaging gets you into the “Something you have” space,
but far from perfect. While the email is kind of just another possible password to get into the
original target system. After all, if I know your email password I can get into the target account
through the reset.
The recent Twitter hack shows another problem. At this time (and this could change as more details
come out), it seems like the attacker got access to internal control-panels and changed user's
account recovery email addresses then used that to take over the accounts and then run one of the
least ambitious cash-grabs in recorded history.
The problem with all of this...
The easier it is to recover your account, the easier it is to break into it.
The twitter attack was unusual, but not unique, in that they went right to the source and got
internal access to the systems themselves. The implications of that are significant. A rogue or
compromised employee or system can do
whatever they want including posing as you in messages to grab more data and further damage your
company’s reputation. Even the more common scenarios of a breach with a stolen database can be a
disaster if it's sensitive client data instead of a bunch of Twitter arguments.
Some industries are better than others about this, mainly because regulations force them to be.
But ultimately, any system that can recover your account from completely lost credentials inherently has full access
to your account. You are relying on the good intentions and security of everyone
running that system for you.
For the Twitter of ten years ago this would have been embarrassing, but ultimately not that big of a
Now, though, Twitter has become a platform for a lot of information that seems to have outpaced
their security model.
With great responsibility comes ... responsibility
Pritact's goal is to have as little access to your data as possible. We can't read what's being
said or track which clients you're messaging. If we reset your password we would be unable to read
your messages or even see your list of clients. This would be the same for an attacker if they
somehow managed to get access to our underlying data or systems.
This data is between you and your clients. Their personal information should be put in as little
risk as possible and that means exposing it to as few people. That's where the tradeoff always sits.
Security vs. convenience. It's convenient to have a nice, simple account recovery method. But, it's
not secure. We offer methods that enable you to recover your account, but they
all require you to manage them. It's your data and your responsibility. We give you the tools to