Why Medium doesn't want your account to be password-protected

MediumI wrote earlier this week about Medium's plan to allow users to log into their accounts, just by using your email address, but without requiring a password.

I'm not a big fan of this approach, and would rather have seen the company give users the option to use a complex, unique password (remembered and generated by a good password manager, obviously). If they had combined that with two-factor authentication and other methods of protecting accounts, all the better.

But a thought struck me after I wrote the article grumbling about Medium's password-less way to login.

Why are Medium really doing this? Is it to boost their users' security? Or is it actually to better protect themselves?

And the answer - clearly - is that it helps Medium massively if their users don't need passwords to log into accounts.

Medium email

Because if none of your users have passwords (they either login via Twitter or Facebook or via the "we'll send you a login link via email" approach) then naturally Medium doesn't have to store any passwords or password hashes.

And if Medium hasn't got any of the users' login credentials (other than email address) then they can quite easily shrug off any fears of hackers ever getting hold of the (non-existent) passwords.

That's not to say that Medium accounts won't get broken into from time to time, but Medium can feel fairly confident it won't be because they've been careless with their password database.

Instead, Medium will be able to point a finger at its users and say "Well clearly *you* screwed up, not us".

So, from Medium's point of view, it makes a lot of sense not to allow users to have passwords on their accounts. But I'm still not convinced that it's a security upgrade for its users.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

7 Responses

  1. Darien

    July 3, 2015 at 4:50 pm #

    That's probably it. Although it doesn't mean people's accounts can't be hijacked. As easy as it is for a hacker to break into a server and steal hashes, it's just as easy to break in and change all the email addresses to something the hacker has control over. Either way the accounts would be compromised. And it would still be the Company's fault for not securing their servers properly.

  2. Coyote

    July 3, 2015 at 6:07 pm #

    "That's not to say that Medium accounts won't get broken into from time to time, but Medium can feel fairly confident it won't be because they've been careless with their password database."

    Perhaps. But I don't think it works that way. While they might feel comfortable stating that it was still their decision to not have a password database in the first place. Therefore it is their actions that led to the issue in the end. Oh, sure, the email was breached because of a keylogger (say) and one could argue that is the cause for the Medium breach, too. But if it isn't that, or even if it is, the fact remains it is a poor decision that they chose.

    'Instead, Medium will be able to point a finger at its users and say "Well clearly *you* screwed up, not us".'

    I could believe that. But then it is the blame game which is pathetic. Perhaps they are right, however. Maybe the screw up is using Medium in the first place?

    As I suggested earlier, it is rather amusing that they say how weak passwords are (as well as several contradicting and illogical POVs), how they don't keep you 'that safe' and so instead of encouraging better password safety practises what do they do? They take a link out of the equation. Brilliant idea, especially seeing as how email accounts are compromised a lot… not surprising: it is one of the most obvious types of accounts, especially for the masses (social media is probably more obvious, especially with the kids of today… but even then, [I think?] they have to have an email account to create their social media accounts).

    "So, from Medium's point of view, it makes a lot of sense not to allow users to have passwords on their accounts. But I'm still not convinced that it's a security upgrade for its users."

    Graham, you really are far too nice. I think you know it, too. You know perfectly well that this is not a security upgrade for their users. You also know it makes little if any sense at all, unless you consider it is laziness (both for them and their users… although users seem to have it forced… I imagine some will like the idea). While security has to be balanced with convenience (and inconvenience), laziness is the extreme of convenience (not necessarily always but in this case it is). Alternatively, maybe they truly do believe it is a security upgrade and that would invalidate my suggestions. I could believe that too but who knows what it really is.

    • David L in reply to Coyote.

      July 4, 2015 at 5:37 am #

      @coyote…. I mean no offense,but you might consider shortening some of your replies. Reason being,I find myself skimming/skipping your comments. Most will do likewise. Up to you though.

      • Coyote in reply to David L.

        July 7, 2015 at 6:50 pm #

        Thanks, David (and absolutely no offence taken). I know it. I write a lot by nature because it is the way I'm good at expressing myself (in person not so much). Even when I try to shorten it it happens. But yes, my writing style fits some people and not others (it is mostly 'yes' or 'no' only). I often write (elsewhere) technical things that require detailed elaboration, refer to other comments/quotes and posts (including my own) and this adds up. Opinions (as above) are another issue entirely, and therefore don't need to be longer (but often they are).

        I read more than one word at a time (several words and sometimes more than that) and I have a lot more free time than I'd like, which doesn't help matters (short to me might be quite long to others).

        It isn't that I try to write a lot, it just sort of happens. (Will try to keep it in mind.. again).

        Thanks for the comment; I appreciate it.

  3. Hitoshi Anatomi

    July 4, 2015 at 6:54 am #

    I am reminded of a cartoon shown at
    http://www.mneme.co.jp/english/manga/parody/index1-2.html

  4. Philip Le Riche

    July 4, 2015 at 12:15 pm #

    Let's face it, if your email account is compromised you're pretty well hosed anyway since most sites allow you to reset you password by sending an email to an account you are presumed to have exclusive control over. So in the final analysis, you could log in to all such sites in the Medium fashion simply by saying every time that you'd forgotten your password! I agree, it's far from perfect, but let's give them credit for trying, and for recognising the problem rather than ignoring it and not even taking sensible precautions such as salted hashes, like so many others.

    What we need is for Steve Gibson to hurry up and complete work on his SQRL authentication scheme, which is low friction and truly zero-knowledge. All the website holds is a public key corresponding to your private key which your client computer regenerates each time it's required, using as input data the web domain and a secret known only to you.

    • Coyote in reply to Philip Le Riche.

      July 7, 2015 at 6:58 pm #

      Steve Gibson is a charlatan. He is very good at that but not much more. There is a lot of evidence to this, including his pathetic work on what is actually (broken!) syn cookies (and an absolute lie that he never heard of them before his supposed 'research'). That's only one example of many more. Just search for them.. won't take much work at all.

      As for Medium:
      "…for recognising the problem rather than ignoring it…"
      They don't recognise the problem as such; they just don't want to deal with it. Their ideas contradict each other (as I pointed out in another post on Graham's site). In any case, removing a link from the chain doesn't do anything but make the situation worse.

Leave a Reply