Kevin Drum

How Hackable Are Your Security Questions?

| Wed Sep. 3, 2014 12:15 PM EDT

Kevin Roose writes today that security questions are ridiculously easy to hack and we should get rid of them:

There are all kinds of ways to lock down your most important accounts — Gizmodo's guide is a good place to start....Eventually, some advanced form of biometric authentication (fingerprints, retina scans) may become standard, and security questions may get phased out altogether.

But until then, when so many better options exist, there's no reason a company like Apple should be relying on questions like "What was the model of your first car?" for password recovery in 2014. If that's the best way we have of making sure a user is legit, we might as well change all of our passwords to "1234" and hope for the best.

All kinds of ways? I was intrigued. So I clicked on the Gizmodo link and found....two suggestions. The first is two-step authentication, which is a fine idea for anyone with a cell phone. The second is encrypting all your data. But like it or not, this is much too hard for most people to implement. There's just no way it's going to become widespread anytime in the near future.

So, basically, there aren't all kinds of ways to lock down your most important accounts. There's one. And even it only works on some accounts. If my bank doesn't offer it, then I can't use it.

I'd offer a different perspective. First, the level of security you need depends on who you are. If you think the NSA is after you, then your security better be pretty damn good. If you're a celebrity, then it needs to be pretty good. If you're just some regular guy, then the truth is that fairly ordinary measures are adequate. You should use decently secure passwords, but that's probably about all you need to do for most of your accounts. Two-step authentication is a good idea for cloud accounts.

As for security questions, I suppose I'm on Roose's side. Just get rid of them. They're too easy to guess, especially for friends and family. Instead, either use a password manager or else create random passwords for your accounts and write them down on a piece of paper that you hide somewhere. I know you've been told forever to never write down your passwords, but the truth is that low-tech paper is actually pretty damn secure compared to anything digital.

Still, I can't help but take Roose's post as something of a challenge. Can we come up with security questions that don't suck? At a minimum they need two characteristics. First, the answers have to be clear and distinct. I've never been able to use "first pet," for example, because that's a little fuzzy. I can think of several possibilities. Second, the answers need to be genuinely hard to guess, even for family and friends—but still easy to remember for you. They don't need to be perfect, but they should certainly be better than "first car." Any ideas?

UPDATE: Also, I'm curious about something. For us ordinary mortals, there has to be some way to recover lost passwords. What should it be?

Advertise on MotherJones.com

Needed: A New Marketing Strategy For Defending the Indefensible

| Wed Sep. 3, 2014 11:29 AM EDT

Richard Fink, the Koch brothers' top political strategist, explained recently why they're having trouble reaching the "middle third" of the country that's relatively non-ideological:

Yeah, we want to decrease regulations. Why? It’s because we can make more profit, OK? Yeah, cut government spending so we don’t have to pay so much taxes,” said Fink. “There’s truth in that....But the middle part of the country doesn’t see it that way.”

“When we focus on decreasing government spending, over-criminalization, decreasing taxes, it doesn’t do it, OK? We’ve been reaching the [middle] third by telling them what’s important — what we think is important should be important to them. And they’re not responding and don’t like it, OK? Well, we get business — what do we do? We want to find out what the customer wants, right, not what we want them to buy,” he said.

Imagine that. When the middle third of the country hears the message that regulations should be cut back so that corporations can make more money, it doesn't respond well. So what's the answer? Find out what they do respond to and use that as an excuse for less regulation instead. Ixnay on the ofitpray!

As Fink says, this is pretty ordinary marketing. Still, it'll be interesting to see what they come up with. Obviously the Kochians feel like they need a new set of selling points for reduced corporate regulation, and it needs to be something that Joe and Jane Sixpack can identify with. I wonder what it's going to be?

Temper Tantrums in the Air May Be Good For All Of Us

| Wed Sep. 3, 2014 10:37 AM EDT

Three times makes it a trend!

Amy Fine wanted to nap on Delta flight 2370, from New York to Palm Beach, Fla., so she laid her head on the tray table. The passenger in front of her wanted to relax with some knitting. She reclined her seat — smacking Fine's head and sparking an emotional explosion.

The resulting screaming match caused an unscheduled landing in Jacksonville, Fla., the third diversion in nine days caused by passenger fights over shrinking legroom.

My position is that the passengers getting into these fights are doing us all a favor. If this happens a few more times, nobody will ever recline their seat again for fear of causing a flight-diverting temper tantrum. Fear can be a wonderful motivator sometimes.

Of course, there are dynamic effects to be worried about here. If this continues, perhaps airlines will start disabling the recline mechanisms in their seats once and for all. Just not worth the trouble. And once they've done that, some bright spark will figure out that they can reduce legroom even more. And then we'll all be worse off than before. No one will be able to recline and everybody will have their knees jammed into the seat in front of them. Something to look forward to.

From the Annals of Unexpected Headlines

| Wed Sep. 3, 2014 10:13 AM EDT

I would just like to say that this is not a headline I ever expected to see during my scan of the morning newspaper. That is all.

Republicans Mysteriously Decide to Become Hawkish Again

| Tue Sep. 2, 2014 5:08 PM EDT

Apparently the kinder, gentler version of the Republican Party is quickly disappearing:

Remember when the Republican Party was quickly shifting toward a new brand of Rand Paul-esque foreign policy non-interventionism?

No more.

Less than a year ago, just 18 percent of GOPers said that the United States does “too little” when it comes to helping solve the world’s problems, according to a Pew Research Center poll. Today, that number has more than doubled, to 46 percent.

....The results echo a recent Washington Post-ABC News poll which showed higher GOP support for airstrikes in Iraq.

So what to account for the shift?

Hmmm. That's a poser, isn't it? What, oh what, could account for the shift?

Well, let's cast our minds back a year or two. We were fighting in Libya, a war that President Obama got us involved in. We were fighting in Afghanistan, a war that Obama ramped up as soon as he took office. We were fighting drone wars in Yemen, Pakistan, and Somalia, all thanks to Obama.

Then what happened? The civil war in Syria heated up, but after a brief bout of indecision Obama decided not to get deeply involved. Russia ramped up military action in Crimea and eastern Ukraine, and Obama decided not to get deeply involved. ISIS took over a huge chunk of Iraq, and Obama decided not to get deeply involved.

So let's review. A year or two ago, we were involved in three overseas wars, all of them supported by Obama. At the time, Republicans were unaccountably dovish about military interventions. Today, Obama is refraining from getting deeply involved in three overseas wars. And guess what? Republicans have suddenly become hawkish again.

Yep, this is a poser. What could possibly account for this change in Republican attitudes?

ISIS Is a Problem That Only Iraqis Can Solve

| Tue Sep. 2, 2014 2:24 PM EDT

Christopher Paul and Colin Clarke studied 71 insurgencies during the post-WWII period and concluded that every successful counterinsurgency has shared several characteristics. They apply the results of their research to the problem of the ISIS insurgency in Iraq:

First, we found that in every case where they succeeded, counterinsurgent forces managed to substantially overmatch the insurgents and force them to fight as guerrillas before getting down to the activities traditionally associated with counterinsurgency....U.S. air power could make a significant contribution toward that end. Airstrikes will help curb Islamic State advances in strategically important parts of Iraq and thus, help bolster the Iraqi government and security forces, at least in the short term.

Second, we concluded from the research that “effective COIN practices tend to run in packs”....Qualitative Comparative Analysis (QCA) techniques identified three COIN concepts critical to success. These three concepts were implemented in each and every COIN win, and no COIN loss implemented all three: Tangible support reduction; commitment and motivation; and flexibility and adaptability.

....U.S. support to an Iraqi counterinsurgency strategy to defeat the Islamic State must focus on reducing tangible support to the insurgents, increasing the commitment and motivation of the Iraqi military and security forces and increasing the government’s legitimacy among Iraqi Sunnis.

It's been a long time since I spent much time reading about COIN and COIN strategies, but this basically sounds right to me. And it should send a shiver down the spine of anyone who thinks the US should get deeply involved in fighting ISIS.

Here's why. One of the key factors that I remember identifying during the height of the Iraq insurgency was local commitment. In a nutshell, it turns out that virtually no postwar COIN effort led by a big Western country has been successful. Western help is OK, but the COIN effort has to be led by the local regime. It's not a sufficient condition for success, but it's a necessary one.

Paul and Clarke are basically confirming this. Sure, American air strikes might help in terms of the sheer firepower needed to successfully fight ISIS. But of the other three key COIN practices, two are purely local and the third is mostly local. There's very little the United States can do to help out on these fronts. Only the Iraqi government can increase its legitimacy among the Sunni minority, and only the Iraqi government can properly motivate its military. (The US can provide training and materiel, but it can't provide commitment and motivation.) Even the problem of reducing tangible support for the ISIS insurgents is mostly something only the Iraqi government can do. The US can help, but only if Iraqis are leading the way.

At the moment, there's little evidence that the Iraqi government is capable of doing any of these three things. The new government of Haider Al-Abadi might be able to make progress on these fronts, but it hasn't demonstrated that yet. Until it does, more US help is almost certainly doomed to failure.

Instinctive hawks should think long and hard about this. The record of the United States in counterinsurgencies is dismal. If the conditions are just right, we might be able to do some good in Iraq. At the moment, though, the conditions are appalling. We can put a few fingers in some dikes, but unless and until the Iraqi government steps up to the plate, there's virtually no chance that deeper US involvement will turn out well.

Advertise on MotherJones.com

Inflation Is Still the Great Bogeyman of the Rich

| Tue Sep. 2, 2014 12:26 PM EDT

Paul Krugman is trying to figure out why wealthy elites are so damn obsessed with the dangers of moderately higher inflation. After all, in a deep recession, inflation is likely to spur economic growth, and that helps rich folks. Their assets increase in value and they become even richer. So what's their problem?

In a post yesterday, Krugman refers to my suggestion that it's mostly a case of septaphobia, or fear of the 70s. The idea here is that inflation really did run out of control in the 70s, and it really did take a massive recession engineered by Paul Volcker to rein it in. If that was one of your seminal experiences of the consequences of loose money, then it's no surprise that you fear inflation. But Steve Randy Waldman says this is "bass-ackwards":

Elites love the 1970s. Prior to the 1970s, during panics and depressions, soft money had an overt, populist constituency....The 1970s are trotted out to persuade those who disproportionately bear the burdens of an underperforming or debt-reliant economy that There Is No Alternative, nothing can be done, you wouldn’t want to a return to the 1970s, would you?

Quite right. Because the high inflation of the 70s really was painful for the middle class, the 70s do indeed serve a very useful purpose to elites who want to keep fear of inflation alive. But that begs the question: Why do they want to keep fear of inflation alive? The fact that elites have hated inflation forever isn't an answer. During the days of the gold standard, high inflation really did hurt the wealthy. But today's economy is vastly different from the hard-money + financial repression economy of the 70s and before. Inflation is much less threatening to the rich than it used to be. Why haven't they figured this out?

I'm not sure, but I do want to note that both Krugman and Waldman have at least partly misunderstood me. Although I do think that septaphobia is a real thing, I mainly think it's a real thing for the non-rich. It's primarily the middle class that fears a rerun of the 70s. That might have been a bit muddled in my initial post (which Krugman linked to), but I made this clearer in a subsequent post about the roots of inflation phobia:

So what's the deal? I'd guess that it's a few things. First, the sad truth is that virtually no one believes that high inflation helps economic growth when the economy is weak....Second, there's the legitimate fear of accelerating inflation once you let your foot off the brake....Third, there's the very sensible fear among the middle class that high inflation is just a sneaky way to erode real wages....Fourth, there's fear of the 70s, which apparently won't go away until everyone who was alive during the 70s is dead. Which is going to be a while.

Krugman responds to Waldman here, and even though Waldman says my argument is bass-ackwards, I actually think he and I mostly agree. Krugman may be right that higher inflation would help the rich right now, and that they'd support it if they were smart. But Waldman argues there's more to it. Basically, he thinks the rich are fundamentally conservative: inflation might help them on average, but there are still going to be plenty of losers whenever there's an engineered change to the economy. Since the rich, by definition, are already doing pretty well, why risk it?

I think that's probably right, though Waldman probably overstates its importance. Wealthy elites aren't that conservative, especially when it comes to making money. Still, it's almost certainly a significant factor. But I also think Krugman is right about false consciousness. In fact, that was #1 on my list above: the fact that virtually no one really, truly believes in Keynesian stimulus. (Waldman makes this point too.) If rich elites really did believe that a bit of high inflation would get the economy booming, I think they'd swallow their innate conservatism and support it. But they don't. Almost no one really believes it in their guts.

That's a failure of the economics profession, perhaps, but it's also a legacy of septaphobia. After all, if you take a look solely at the surface—and that's what most of us do, rich and poor alike—what's the lesson of the 70s? That's easy: Inflation got out of control and the economy went to hell. Then Paul Volcker reined in inflation, and the economy boomed. What's more, the rich have prospered mightily in the 30 years of low inflation since then. So why mess with a good thing?

So yes: It's septaphobia, both in a real sense and as a useful morality tale. It's false consciousness from wealthy elites who don't really believe that inflation will spur the economy. And it's the innate conservatism of the rich, who don't have much incentive to accept change when they're already doing pretty well. Add to that the fact that inflation phobia is an easy sell to voters because the middle class really does have reason to fear inflation, and you have everything you need to make it nearly impossible to convince people that a bit of higher inflation would be a good thing right now. And so we stagnate.

Putin Brags About How Fast He Could Take Ukraine

| Tue Sep. 2, 2014 10:58 AM EDT

Here's the latest from Russia:

Vladimir Putin has said Russian forces could conquer the Ukrainian capital, Kiev, in two weeks if he so ordered, the Kremlin has confirmed.

Moscow declined to deny that the president had spoken of taking Kiev in a phone conversation on Friday with José Manuel Barroso, the outgoing president of the European commission....Barroso asked Putin about the presence of Russian troops in eastern Ukraine. Nato says there are at least 1,000 Russian forces on the wrong side of the border. The Ukrainians put the figure at 1,600.

"The problem is not this, but that if I want I'll take Kiev in two weeks," Putin said, according to La Repubblica.

The Kremlin did not deny Putin had spoken of taking Kiev, but instead complained about the leak of the Barroso remarks.

Yes, the leak is the real problem here. Invading Ukraine is a mere piffle.

Friday Cat Blogging - 29 August 2014

| Fri Aug. 29, 2014 2:51 PM EDT

It's the return of quilt blogging! Sort of. In any case, there's a quilt in the background because that happens to be where Domino was posing this week. I think she's auditioning to be the model for a new pair of sculptures outside the New York Public Library.

Chart of the Day: When Women Fail, They Pay a Bigger Price Than Men

| Fri Aug. 29, 2014 2:19 PM EDT

The chart below is not part of a study that examines a statistically random set of data. It's quite informal, and probably suffers from some inherent sampling biases. Nonetheless, it's pretty astonishing:

Here's the background: Kieran Snyder asked men and women working in the tech industry to share their performance reviews with her. Virtually all of them were high performers who got generally strong reviews. But it wasn't all positive:

In the 177 reviews where people receive critical feedback, men and women receive different kinds. The critical feedback men receive is heavily geared towards suggestions for additional skills to develop....The women’s reviews include another, sharper element that is absent from the men’s:

“You can come across as abrasive sometimes. I know you don’t mean to, but you need to pay attention to your tone.”

[Etc.]

This kind of negative personality criticism—watch your tone! step back! stop being so judgmental!—shows up twice in the 83 critical reviews received by men. It shows up in 71 of the 94 critical reviews received by women.

This comes via Shane Ferro, who concludes that there's probably good reason for women to be more cautious than men in their professional lives. It's easy to tell women they shouldn't be afraid to fail. "But we as a society (men and women), need to stop judging women so harshly for their flaws. For them to be equally good, it has to be okay that they are equally bad sometimes."