The Good News: apparently the NSA doesn't yet have the know-how (or more likely the horsepower), to quickly crack our personal passwords.
The Bad News: apparently the NSA wants this no-road-blocks capability ...
Report: Feds demand Web passwords
by George Mathis, blogs.ajc.com -- July 26, 2013
[...]
CNET reports the United States government is demanding Internet companies hand over user passwords, which are usually encrypted and private.
The passwords would enable federal agencies “to peruse confidential correspondence or even impersonate the user,” writes CNET’s Declan McCullagh.
[...]
According to the report, the feds are not just demanding passwords, but also the master Secure Sockets Layer encryption keys of the Web’s biggest companies.
So, changing your password regularly isn’t going to help.
[...]
Darn! And I was finally figuring out 'a system' for recalling all those "strong passwords" too ...
Nevermind!
But wait -- there's more!
More good news and more bad news, amidst all that aspirational NSA "data collecting":
You Won't Believe What the NSA is Asking Internet Companies For Now
by Frank Lopapa, policymic.com -- July 27, 2013
[...]
According to CNET, two inside sources claim the NSA has asked companies such as AOL, Facebook, Yahoo!, and Verizon to hand over their users' passwords. One of the sources assured CNET that these companies have "pushed back" against the NSA's demands, and an anonymous spokesperson from Microsoft has gone as far as to say they "can't see a circumstance" in which they would divulge users' passwords.
In addition to passwords, the NSA has also asked for encryption keys and a form of code known as "salt." A salt is a random line of numbers and letters used to make passwords more difficult to crack. It remains unclear, however, whether the NSA is targeting specific individuals or hopes to conduct mass data collections if it is part of their "dragnet" approach to mass data collecting.
The password requests have seemingly become a line drawn in the sand for internet providers [...]
It's good to know our Internet Service Providers (ISPs)
do have an 'uncrossable' line ... or so,
some of their spokespersons would really like us to believe;
Yet, some of the others, seem not to have a policy statement on User Passwords yet -- that's the more 'bad news' part of the story:
Feds tell Web firms to turn over user account passwords
by Declan McCullagh, CNET -- July 25, 2013
[...]
A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."
Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said.
A Yahoo spokeswoman would not say whether the company had received such requests. The spokeswoman said: "If we receive a request from law enforcement for a user's password, we deny such requests on the grounds that they would allow overly broad access to our users' private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law."
Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users' passwords and how they would respond to them.
[...]
What's up with those last several "service providers"
[Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, Comcast] --
Do they have a privacy line in the sand, that they just won't cross,
or not? (Inquiring customers should want to know.)
Or would those ISPs really rather not answer the question? You know, there is such a thing as "need to know"
-- and so far, in their minds: we have not 'the need.'
It is their login hosting architecture, afterall, don't you know?
What do you want for nothing? ... world peace and instant security? Well, get in line -- right behind the N.S.A.