Skip to main content

Feds reportedly knock on web firms' doors, ask for secret passwords

More password spying reportedly by the government
23 asterisks has to be the worst password since abc123
Audio player loading…

Communicating anonymously through the internet may not be as safe a plan for dissidents as it was a couple years ago due to an increase in government demands of web firms.

The latest case finds the U.S. government reportedly demanding that major internet companies turn over passwords to user accounts, according to two industry sources who spoke to CNET.

"I've certainly seen them ask for passwords," said one internet industry source who spoke on condition of anonymity.

"We push back," said the source in a bit of good news.

A second source echoed the first's sentiment, claiming that web firms heavily scrutinize these demands and take an "over my dead body" approach on turnover requests.

Not-so-secret questions

The U.S. government has gone further than simply requesting passwords of individual accounts, according to today's report.

Orders are said to have boldly included demanding web firms' encryption algorithm and the salt used to hide passwords behind a random set of characters

Even the answers to the secret question used to reset passwords aren't safe, noted the report.

Prism connection?

Major web firms like Microsoft, Google and Apple refused to comment on this specific investigation, but have all been named as part of the government's Prism surveillance program.

Today's report doesn't necessarily tie into Prism, which was unmentioned in the piece.

Instead, it may be the latest attempt for a government to spy on users, avoiding the back door route and simply walking through the front door by demanding the information.

Matt Swider
Matt Swider