Saw Iron Man 3 over the weekend and it was an enjoyable romp with just the right amount of explosions and mayhem. There’s one little thing that caught my attention, however, and that’s Rhodey’s laughably insecure password.
All those fancy HUD displays and we’re still relying on 1990s AOL-style passwords? Where’s the single sign-on? The two-factor authentication? The retinal scans? The fancy Kree or Shi’ar technology that uses DNA instead of passwords?
Here’s what you can learn about password security from Iron Patriot.
Don’t use common knowledge about yourself as part of your password.
Rhodey’s the superhero formerly known as War Machine and his password is WARMACHINEROX. Yeah, that’s not easily guessable. When he’s forced to change it he’ll probably rotate it with IRONPATRIOTSUX (with an X). And use the same password on Facebook.
Don’t use a password that doesn’t have special characters.
This one didn’t even have numbers. I’m surprised he didn’t put an exclamation point at the end because everyone knows that turns an insecure password into a secure one. Sort of like Silent E.
Don’t use an easily guessable password.
Really, Tony? A totally guessable password and you still had to ask him what it was? I bet Jarvis could have cracked it in about two seconds. On a side note, you didn’t give Jarvis a password cracker? What kind of script kiddie are you?
If that’s the kind of password Rhodey uses I bet he’s no good with security questions either. “What’s your favorite color?” “Red, white, and blue.” Oops, account cracked!
In reality that password conversation should have gone like this:
“Rhodey, what’s your password?”
“Okay, Tony, it’s capital X zero one asterisk lowercase g caret…”
“What the hell is a caret?”
“It’s that upside down V above the 6. Anyway, caret uppercase L uppercase Y seven one nine lowercase j…”
“The HUD in my suit doesn’t have a caret.”
“Yes it does, Tony. Hit the caps lock twice, just like a smart phone.”
“Pepper must have put that there. What’s after the caret?”
“Uppercase L. Then uppercase Y seven one nine lowercase j…”
“Did you say seven one nine or seven nine one? Oh, never mind, just email it to me.”
“But Fury sent a memo saying we’re not supposed to email passwords anymore. It’s not secure.”
“Screw him! Send it to my Gmail.”
By which time the bad guys have incincerated them and the point is moot, not to mention pwned.
The Avengers really need to invest in some better network security. Seriously, Tony, you can’t have Stark Industries buy up RSA or something? I bet Reed Richards has something tucked away in a box. Or you could ask Hank McCoy if he has something up his furry sleeve. Or maybe Spider-Man swiped something from Doc Ock (before Ock became Spidey… oy).
In other words there are ten million better ways to authenticate to that system besides WARMACHINEROX or any other persistent password. I wag my finger at you, Iron Patriot.
And please, don’t anyone use WARMACHINEROX or variations as your real-life password. I hate it when they use actual passwords in movies because then people are all, “I’ll be clever and use that! No one else will think of it!” Except the other billion people who have seen the movie.
(Another thing about Iron Man 3? No obnoxious adoptee jokes – bonus.)
Related Tech Tips article: How To Create Secure Passwords (Revised Edition)