Order of the Bath

Well we can all rejoice I hope, now that the ID cards and National Register and Biometric Passports will all be scrapped. What is sad is that all the money wasted on it cannot be recovered and there is very little that can be saved from the wreckage. I hope that the contractors that took on the work won’t be compensated as they knew in advance that, if the government changed, the job would be cancelled. That is the risk that they took.

David Blunkett’s version of what was to be implemented is very different to what he proposed back when he was home secretary and for him to say (Radio 4 this morning) that the information he provided to get his now useless ID card was no more than we would have needed for a passport can only be credited to the continual public opposition to the whole idea. There was no doubt that once it got established, more and more would have been demanded and other existing government databases would have been cross-referenced.

In case you are wondering and didn’t hear the interview, Bimbo was David Blunkett’s first pet as a child. It came up in conversation because he said it was the only piece of information that he provided that wasn’t needed for a passport application and that if anyone could find a use for it then good luck to them (or words to that effect). Well I can. As most people will realise, banks and other institutions are always asking us for a password which they can use to authenticate you and a secret question and answer is quite a common method to do this. Information like this is not as secret as we think it is. Even if the answer to the question is not known, the set of possible answers is quite small, though admittedly, Bimbo is not in the first dozen that I would try. I have seen questions like “What is your favourite colour?” Now how many possible answers are there to that? This is *VERY* low security and not worth the name.

The reason I could use the information is that people reuse passwords for multiple applications. Presumably he will no longer use that one now, but had I discovered it previously on some account that was compromised then there was a good chance he had used it elsewhere so was worth a try. That is why when some low impact login system is cracked and the passwords leaked, it is so much more dangerous than it seems. There is a good chance that many people will use the same credentials for other much more important systems and it is worth the effort of the criminals to try them out. If you think your email password is not critical, remember that if you click the “I’ve forgotten my password” button on any site, it is your email address that they send the new one to.

[Corrected: I accidentally wrote John Prescott instead of David Blunkett—shows how similar all these politicians are]

This entry was posted on 28 May 2010 at 12:11 by Rick and is filed under Politics, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.