What we should learn from “The Fappening” (a lesson in security design)

If you have even the remotest of Internet access you’re already well aware of the massive celebrity nude photo leak that happened yesterday — an event that Reddit/4chan has cleverly deemed “The Fappening.”

I’m not here to discuss the morality (or lack thereof) of publicly posting and spreading nude photos of someone. 4chan specifically has come under a lot of fire for The Fappening since it was where the nudes originally leaked. So it may be controversial that I’m saying this but I don’t think we should blame 4chan. Is anyone really surprised they leaked there first? A vast majority of their content falls in a very gray area of morality and legality because that is always what you will have with an anonymous online post board. You can’t fix people. People will continue stealing photos and they’ll continue leaking nudes, and shutting down 4chan wouldn’t fix that at all. You can’t fix people — but you CAN fix security.

The hacker that got the nudes did so using a a simple password cracking script that would guess the top 500 passwords approved by Apple’s password system. Clever, right? If you currently use any Apple product you’re probably aware of the RIDICULOUS number of rules that need to be followed to have your password approved:

So Apple’s goal here was to create a more secure system by requiring their users to maintain more complex passwords. It makes sense on the surface: a more complex password should be harder to guess if you are randomly guessing.

There’s a critical flaw to this approach though: it completely disregards the human factors and ergonomics of software security. A person is not a random string generator — few people willingly create passwords that look like “X2vj8Gt3" because that would be absurdly difficult to remember. When faced with this most people simply just used a very basic password and then did the absolute minimum to pass Apple’s rules: ‘password’ just became “Password1". In an attempt to make their password pool more complex and create harder to crack passwords, Apple inadvertently limited the diversity of that pool and created fairly homogeneous passwords — at least enough that several celebrities could be hacked simply by guessing one of the top 500 passwords.

So how do we fix this? More capitalization and special characters and numbers? No way. It’s already a UX nightmare (looking at you, Apple) to maintain passwords like this. As both a user and designer I most definitely do not support the password complexity arms race, people will never beat script generators.

There IS a simple solution though: design it for a person, not a computer. The passwords that are both the most secure and the easiest to remember are just 3–4 random words strung together: baconfriedmonkeyfeet or bathtubfootballbeluga. If you design security start requiring your users to do THIS instead of follow an absurd set of rules. Instead of trying to remember which letter was capitalized and where they stuck in random numbers, the user immediately has a quirky story that sticks in their memory and is easy to remember. XKCD explains this perfectly:

Using passphrases instead of complex codes is just one approach that is simpler and more secure. This type of ergonomic approach to software design requires you to stop participating in the technical arms race and take a second to think about your actual user engaging with your product. So the next time you design something — whether its security or not — make sure you take into account the fact that real people will have to use it.