• United States




Three shoddy security tropes it’s time to retire

Apr 21, 20174 mins
IT SkillsSecurity

hacker login password cliche
Credit: Thinkstock

Nobody warned me when I started my career in security that it would hamper my ability to watch television. Whenever something involving computers or security happens, I usually have to stick my fingers in my ears and start humming, lest my head explode with frustration at the wrongness being spewed.

I’m certain ours is not the only industry where TV tropes are truly awful; I’m told medical and legal accuracy is every bit as problematic, for example. Technical subjects are difficult, especially when it’s not your area of expertise, and being slavishly correct would often make good storytelling nigh on impossible. That said, there are certain clichés that are so completely over-used that it is the height of lazy storytelling that these plot devices are rehashed again and again with no significant change.

There are some examples of inaccurate computer usage that are so perplexing and rife with misused jargon that we can infer that the writer has never even used a typewriter, much less a computer. Or perhaps the writer is suffering from some kind of temporary schizophasia. These outliers can stand alone as shining examples of unbelievably poor writing, without my commentary.


Almost every sci-fi or fantasy series has that one episode where some supernatural force, secret doppelganger or alien life form assumes a crucial person’s identity, then proceeds to behave super weirdly and/or tries to kill everyone. And, inevitably, their friends just assume said pwned person has just decided to be an unbelievable jerk instead of investigating whether their body or persona has been hijacked. If only there were a way to get some proof that people are who they say they are!

This situation happens so often it beggars belief that very few shows seem to explore the possibility that there might be a process that could be put in place to prevent (or at least mitigate) the damage that could be caused by impersonation, even when it’s already an acknowledged risk factor. Especially in those cases when you have a ship’s computer that can detect and locate an individual’s bio-sign, and when the ship’s doctor can recognize and graph a person’s “memory engram” by species or by individual, this sort of authentication should be both easy and potentially incredibly interesting.

Authorization and the principle of least privilege

You know that episode where someone who’s up to no good manages to turn off or misuse vital technological functions, and usually from a really unexpected location? Why on earth was there no message warning that “you don’t have permission to use the toilet operation panel to change ship’s navigation control”? It may be a novel concept, but perhaps you could limit visitors’ ability to access systems that could make the whole ship blow up? Heck, you could even limit most of the actual crew’s access to those functions as well, unless blowing up the ship is actually part of their job descriptions. And then there’s that toilet panel: why was the waste disposal system not separated from other parts of the ship’s network in the first place?

Login limits

This is perhaps the most tired trope of all: Whiz kid plugs his or her laptop into the thing where you have to enter the secret code to get into the sensitive part of a building. Numbers begin to scroll by, like some sort of bizarre slot machine, as one number after another is identified as correct. Without even getting into why they have such poor requirements for password length or complexity, or why they’re not hashing passwords, why don’t they ever have any sort of login limiting? “You have made 1337 failed login attempts. You will now be transported to the Garbage Mines of Sol Seven.”

It could be argued that space ships and most fantasy characters are in a constant state of unexpected and dangerous scenarios, and they need to be so nimble that security would put them at more risk. I would argue that (much like in our own present technological situation) if they put sensible security precautions in place, it would help them deal with those unforeseen risks safely.

Killing off these tropes would, of course, force writers to find other methods of creating dramatic tension within a story. Given how tired and reductive as these clichés are, perhaps that change would reinvigorate the sci-fi and fantasy genres and intrigue a whole new generation of fans.

Head over to our Facebook page to comment.


Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all this change can be difficult for even the most tech-savvy users, she enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events.

The opinions expressed in this blog are those of Lysa Myers and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.