Cinematic Cybersecurity: What are movies teaching us about passwords?

Episode Notes:

• The research focuses on analyzing the representation of passwords and cyber threats in films, particularly how password guessing and hacking scenes influence public perceptions of security.
• Movies both reflect societal attitudes towards cybersecurity and shape them, as many viewers learn about cyber behaviors through entertainment rather than formal education.
• The research indicates that films often oversimplify or dramatize hacking scenes, leading to unrealistic expectations about password security.
• A key finding from the research is that while weak passwords (e.g., “12345”) are mocked in films, even strong passwords are often guessed or hacked with ease, sending the wrong message to audiences about the value of strong security practices.
• There may be value to educating the public about cybersecurity in the same way people are taught first aid in Germany—everyone should know the basics.
• One of the challenges of using crowd-sourced subtitle data for academic research was that it required additional work to assure reviewers that the research is ethical.

About our Guest:

Maike Raphael

https://www.itsec.uni-hannover.de/en/usec/team/raphael

Papers or resources mentioned in this episode:

Raphael, M. M., Kanta, A., Seebonn, R., Dürmuth, M., & Cobb, C. (2024). Batman hacked my password: A subtitle-based analysis of password depiction in movies. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (pp. 199-211). USENIX Association. https://www.usenix.org/conference/soups2024/presentation/raphael

Other relevant resources:

Information and supplementary materials on the paper "Batman Hacked My Password"

https://www.itsec.uni-hannover.de/de/usec/forschung/medien/password-depiction-in-movies

If you are interested in the right to download the subtitles.

The data source (opensubtitles.org) statement regarding copyright.

https://www.opensubtitles.org/en/dmca

The website has an API with the no limit to the total number of subitles that can be downloaded, only rate limiting. The research team didn't obtain the subtitles this way, but the source they got them from may have. In either case it shows opensubtitles.org views about how their service can be used.

https://opensubtitles.stoplight.io/docs/opensubtitles-api/e3750fd63a100-getting-started

Other:

I had a bunch of movie clips that I was going to include as examples, but with the way that platforms handle DMCA I just don't want to have to bother with trying to assert a claim to fair use. If you are interested I would recommend having a look at the password scene from Horse Feathers (1932) with Groucho Marx, and there is a scene in Iron Man 3 (2013) where Tony Stark asks James Rhodes for his password, and everyone laughs at the bad password. I recommend you watch Kung Fury from 2015 for their parody treatment of the "hackerman". It is actually on YouTube https://youtu.be/bS5P_LAqiVg?si=-OL8Mr1OLY9Dd081