Editing 1200: Authorization

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
Certain computer {{w|Operating system|operating systems}} were initially designed as ''multi-user systems''. As the name suggests, these systems are meant to be used by multiple people or {{w|User (computing)|users}}, sometimes at the same time. To prevent malicious or accidental destructive damage to the system, users are split into two general groups: regular users, and {{w|system administrator}}s (or admins). Regular users can access and use {{w|Application software|programs}} on the computer, but only the admin is allowed to make changes to how the computer runs.  This same split level of security continues to this day, even in privately owned, or "home", computers.
+
Computer {{w|Operating system|operating systems}} were initially written for the business environment. Thus they were made to be accessible to multiple employees, or {{w|User (computing)|users}}, but only fully accessible to {{w|System administrator|administrators}} (or admins). Regular users can access and use {{w|Application software|programs}} on the computer, but only the admin is allowed to make changes to how the computer runs.  This same split level of security continues to this day, even in privately owned, or "home", computers.
  
The wry remark made here is that in the decades since the most important things on a computer to be worried about are no longer the programs that it runs, but the private personal data it contains and can access (usually online). Anyone who wished to do real mischief on an active computer could do {{w|Identity theft|considerable damage}} without ever caring what the admin password was. The admin password, in effect, now protects something that has become barely, if any, concern.
+
The joke here is that the most important things on a computer are no longer the programs that it runs, but the private personal data it accesses (usually online). Anyone who wished to do real mischief on an active computer could do {{w|Identity theft|considerable damage}} without ever caring what the admin password was. The admin password, in effect, now guards a vault no one cares about.
  
 
This comic pokes fun at the {{w|authorization}} mechanisms surrounding most operating systems' administrator accounts. It makes the argument that the user's data is more valuable than the integrity of the system. This is arguably true for most personal systems, although it is probably not true in a shared-server setup, where a system compromise could lead to the exposure of many users' data.
 
This comic pokes fun at the {{w|authorization}} mechanisms surrounding most operating systems' administrator accounts. It makes the argument that the user's data is more valuable than the integrity of the system. This is arguably true for most personal systems, although it is probably not true in a shared-server setup, where a system compromise could lead to the exposure of many users' data.
Line 16: Line 16:
 
Essentially, once a user is {{w|Login|logged in}}, they can typically access all of their data without any further restriction. Modifying the operating system (for example, to install {{w|Device driver|drivers}}) requires a separate password.
 
Essentially, once a user is {{w|Login|logged in}}, they can typically access all of their data without any further restriction. Modifying the operating system (for example, to install {{w|Device driver|drivers}}) requires a separate password.
  
In fact, this password protection also hinders installation of {{w|malware}}, which is otherwise possible even remotely, with the malware then being able to e.g. steal passwords, enabling a cracker anywhere in the world to access your accounts without ever needing to touch your computer. So having your computer set up to not to ask you for an administrator's password arguably implies a bigger risk of identity theft than allowing others to access your system physically while being logged in does.
+
In fact, this password protection also hinders installation of {{w|malware}}, which is otherwise possible even remotely, with the malware then being able to e.g. steal passwords, enabling a hacker anywhere in the world to access your accounts without ever needing to touch your computer. So having your computer set up to not to ask you for an administrator's password arguably implies a bigger risk of identity theft than allowing others to access your system physically while being logged in does.
  
The title text alludes to the security practice where computers automatically lock the user out after a few minutes, requiring a password from the user in order to continue using it. Instead, Randall's computer automatically switches to his brother's account, presumably compromising his data instead of Randall's. The fact that Randall's brother has an account on Randall's computer even though Randall does not live with his childhood family (so his brother would not need to use his computer often) could be because Randall does not want his brother to be able to access his files, PayPal, etc… when he uses his computer, which would indicate that either Randall is cynical, his brother is not trustworthy, or Randall is simply following the {{w|principle of least privilege}}.
+
The title text alludes to the security practice where computers automatically lock the user out after a few minutes, requiring a password from the user in order to continue using it. Instead, Randall's computer automatically switches to his brother's account, presumably compromising his data instead of Randall's.
  
 
==Transcript==
 
==Transcript==
:[Diagram showing several connected bubbles. One in the center says "User account on my laptop," surrounded by "Dropbox," "Photos & files," "Facebook," "Gmail," "PayPal," and "Bank," which are connected to the middle bubbles and to each other. Below the middle bubble is one labeled "Admin account," which is covered in spikes, and has a "door" to the bubble above it.]
+
:[Diagram showing several connected rooms. One in the center says "User account on my laptop," surrounded by "Dropbox," "Photos & files," "Facebook," "Gmail," "PayPal," and "Bank," which are connected to the middle room and to each other. Below the middle room is one labeled "Admin account," which is covered in spikes, and has a door to the room above it.]
 
:If someone steals my laptop while I'm logged in, they can read my email, take my money, and impersonate me to my friends, but at least they can't install drivers without my permission.
 
:If someone steals my laptop while I'm logged in, they can read my email, take my money, and impersonate me to my friends, but at least they can't install drivers without my permission.
  

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.explainxkcd.com/wiki/index.php/1200:_Authorization"