NASA Inspector General Paul Martin recently told a House subcommittee that an employee’s laptop computer—containing priceless family portraits, the codes to run the International Space Station, and fully registered copy of Adobe Photoshop—had been stolen back in March 2011. To quell the public’s clamorous disapproval and disgust an agency spokesman said that this theft in no way meant that everyday operations of the ISS have been compromised. “This is really no big deal, guys,” said Tom Philips of NASA, “Everyone already knows the space station’s code. Known it for years, nothing new here. It’s ‘Password1.’”
‘Password1’? The password recently cited by data-security firm Trustwave in its Global Security Report for 2012 as the “most-often-used” online security password (because it features a capitalized letter, a number, and the proper number of characters to satisfy most sites’ security settings)?
“We wanted to make sure we didn’t forget it,” said Philips. “Sometimes it gets real hectic, sometimes there’s a huge hunk of space junk hurling towards the station from out of nowhere and it would be a total goof if, in the excitement of the moment, we forgot what the code to control the station’s maneuvering thrusters was. So yeah, ‘Password1.’
Does this mean that the International Space Station is at high risk for phishing scams and identity theft?
“Yes,” said Philips. “The astronauts are always getting these weird pop-ups on their computers up there. ‘You have just been selected to receive a free iPad3’-kinda stuff. They don’t know any better–they usually click on ‘claim prize’ and then heedlessly volunteer their names and phone numbers and low-earth-orbit coordinates. I mean, they’re just asking for it.”
Any plans in place to implement additional security measures?
“We were thinking of registering them with that identity protection service ‘Lifelock,’ said Philips. “But it really seems like most of the things that company offers—like monitoring your credit score and stuff—you can kinda just do yourself if you’re not lazy. So instead we might just change the password to ‘Password2,’ but since I just stupidly announced that for everybody to hear, we better make it ‘Password3.’”