A fascinating story on many levels. The story as published by the New York Times includes videos of personal anecdotes related to events surrounding a person's experiences linked to some element of passwords. The opening piece about Howard Lutnik is quite moving especially when you hear him discuss his unique situation in the accompanying audio. I suspect very few of us employ perfectly random passwords. If so, you should find this piece quite an interesting read.
The Secret Life of Passwords
We despise them – yet we imbue them with our hopes and dreams, our dearest memories, our deepest meanings. They unlock much more than our accounts.
By Ian Urbina Video by Leslye Davis
Howard Lutnick, the chief executive of Cantor Fitzgerald, one of the world’s largest financial-services firms, still cries when he talks about it. Not long after the planes struck the twin towers, killing 658 of his co-workers and friends, including his brother, one of the first things on Lutnick’s mind was passwords. This may seem callous, but it was not.
Like virtually everyone else caught up in the events that day, Lutnick, who had taken the morning off to escort his son, Kyle, to his first day of kindergarten, was in shock. But he was also the one person most responsible for ensuring the viability of his company. The biggest threat to that survival became apparent almost immediately: No one knew the passwords for hundreds of accounts and files that were needed to get back online in time for the reopening of the bond markets. Cantor Fitzgerald did have extensive contingency plans in place, including a requirement that all employees tell their work passwords to four nearby colleagues. But now a large majority of the firm’s 960 New York employees were dead. “We were thinking of a major fire,” Lutnick said. “No one in those days had ever thought of an entire four-to-six-block radius being destroyed.” The attacks also knocked out one of the company’s main backup servers, which were housed, at what until that day seemed like a safe distance away, under 2 World Trade Center.
Hours after the attacks, Microsoft dispatched more than 30 security experts to an improvised Cantor Fitzgerald command center in Rochelle Park, N.J., roughly 20 miles from the rubble. Many of the missing passwords would prove to be relatively secure — the “JHx6fT!9” type that the company’s I.T. department implored everyone to choose. To crack those, the Microsoft technicians performed “brute force” attacks, using fast computers to begin with “a” then work through every possible letter and number combination before ending at “ZZZZZZZ.” But even with the fastest computers, brute-force attacks, working through trillions of combinations, could take days. Wall Street was not going to wait.
Microsoft’s technicians, Lutnick recalled, knew that they needed to take advantage of two facts: Many people use the same password for multiple accounts, and these passwords are typically personalized. The technicians explained that for their algorithms to work best, they needed large amounts of trivia about the owner of each missing password, the kinds of things that were too specific, too personal and too idiosyncratic for companies to keep on file. “It’s the details that make people distinct, that make them individuals,” Lutnick said. He soon found himself on the phone, desperately trying to compartmentalize his own agony while calling the spouses, parents and siblings of his former colleagues to console them — and to ask them, ever so gently, whether they knew their loved ones’ passwords. Most often they did not, which meant that Lutnick had to begin working his way through a checklist that had been provided to him by the Microsoft technicians. “What is your wedding anniversary? Tell me again where he went for undergrad? You guys have a dog, don’t you? What’s her name? You have two children. Can you give me their birth dates?”
“Remember, this was less than 24 hours after the towers had fallen,” he said. “The fire department was still referring to it as a search-and-rescue mission.” Families had not accepted their losses. Lutnick said he never referred to anyone as being dead, just “not available right now.” He framed his questions to be an affirmation of that person’s importance to the company, he said. Conversations oscillated between sudden bawling and agonizing silences. “Awful,” he said. Sometimes it took more than an hour to work through the checklist, but Lutnick said he made sure he was never the one to hang up first.
In the end, Microsoft’s technicians got what they needed. The firm was back in operation within two days. The same human sentimentality that made Cantor Fitzgerald’s passwords “weak,” ultimately proved to be its saving grace.
By Ian Urbina Video by Leslye Davis
Howard Lutnick, the chief executive of Cantor Fitzgerald, one of the world’s largest financial-services firms, still cries when he talks about it. Not long after the planes struck the twin towers, killing 658 of his co-workers and friends, including his brother, one of the first things on Lutnick’s mind was passwords. This may seem callous, but it was not.
Like virtually everyone else caught up in the events that day, Lutnick, who had taken the morning off to escort his son, Kyle, to his first day of kindergarten, was in shock. But he was also the one person most responsible for ensuring the viability of his company. The biggest threat to that survival became apparent almost immediately: No one knew the passwords for hundreds of accounts and files that were needed to get back online in time for the reopening of the bond markets. Cantor Fitzgerald did have extensive contingency plans in place, including a requirement that all employees tell their work passwords to four nearby colleagues. But now a large majority of the firm’s 960 New York employees were dead. “We were thinking of a major fire,” Lutnick said. “No one in those days had ever thought of an entire four-to-six-block radius being destroyed.” The attacks also knocked out one of the company’s main backup servers, which were housed, at what until that day seemed like a safe distance away, under 2 World Trade Center.
Hours after the attacks, Microsoft dispatched more than 30 security experts to an improvised Cantor Fitzgerald command center in Rochelle Park, N.J., roughly 20 miles from the rubble. Many of the missing passwords would prove to be relatively secure — the “JHx6fT!9” type that the company’s I.T. department implored everyone to choose. To crack those, the Microsoft technicians performed “brute force” attacks, using fast computers to begin with “a” then work through every possible letter and number combination before ending at “ZZZZZZZ.” But even with the fastest computers, brute-force attacks, working through trillions of combinations, could take days. Wall Street was not going to wait.
Microsoft’s technicians, Lutnick recalled, knew that they needed to take advantage of two facts: Many people use the same password for multiple accounts, and these passwords are typically personalized. The technicians explained that for their algorithms to work best, they needed large amounts of trivia about the owner of each missing password, the kinds of things that were too specific, too personal and too idiosyncratic for companies to keep on file. “It’s the details that make people distinct, that make them individuals,” Lutnick said. He soon found himself on the phone, desperately trying to compartmentalize his own agony while calling the spouses, parents and siblings of his former colleagues to console them — and to ask them, ever so gently, whether they knew their loved ones’ passwords. Most often they did not, which meant that Lutnick had to begin working his way through a checklist that had been provided to him by the Microsoft technicians. “What is your wedding anniversary? Tell me again where he went for undergrad? You guys have a dog, don’t you? What’s her name? You have two children. Can you give me their birth dates?”
“Remember, this was less than 24 hours after the towers had fallen,” he said. “The fire department was still referring to it as a search-and-rescue mission.” Families had not accepted their losses. Lutnick said he never referred to anyone as being dead, just “not available right now.” He framed his questions to be an affirmation of that person’s importance to the company, he said. Conversations oscillated between sudden bawling and agonizing silences. “Awful,” he said. Sometimes it took more than an hour to work through the checklist, but Lutnick said he made sure he was never the one to hang up first.
In the end, Microsoft’s technicians got what they needed. The firm was back in operation within two days. The same human sentimentality that made Cantor Fitzgerald’s passwords “weak,” ultimately proved to be its saving grace.
