Mr Robot Season 4 Episode 6: A Timely Lesson In Password Security

Mr Robot season 4 episode 6 is a lesson to every company and individual in the world: Password security isn’t good enough, even in large and highly regulated organizations.

Last week, Mr Robot’s episode 5 provided a lesson in itself. As part of the huge spectacular hack that included biometrics and social engineering, password security was lax. In fact, when Mr Robot’s hacker hero Elliot (Rami Malek) logged into a system in the security control room, he used a very simple six digit password: Possibly “123456” or “Admin1.”

Surely, this is unrealistic? Sadly not: Last month I reported that Equifax –which suffered a mega breach in 2017 exposing hundreds of millions of social security numbers–was using the password “admin” to protect sensitive data on a portal used to manage credit disputes.

This week’s Mr Robot episode, named after the 406 error code Not Acceptable, also includes an insecure password used by Olivia’s (Dominik Garcia) boss: c0nv3rg3nce37.

Of course, in this instance Elliot would have been able to see whatever password was used to access the Cyprus National Bank’s systems but Sam Esmail’s hacker drama emphasises just how often this sort of lax security is present. 

Sure, it’s fairly long, but it’s too simplistic. A bank executive should know, you need a long and random password to log into your systems; just exchanging a few of the letters for numbers won’t cut it. That is of course in addition to multi-factor authentication, which the bank does seem to have (Elliot needed Olivia’s RSA key for the initial hack).

Last week, I commented that many of the hacks in the episode, although possible in theory, were unrealistic. Mr Robot episode 6 also contains a slightly far-fetched social engineer that sees Elliot return to Olivia’s house with a coffee, which he uses to drug her and bribe her with to force her to persuade her boss to log in. 

It’s a pretty evil deed. But of course, Elliot only goes this far after he’s tried to persuade her to call her boss of her own accord by telling her the Deus Group is responsible for ills in the world such as the Iraq war. When that doesn’t convince her, and she’s even tried to commit suicide to escape the situation, he brings up the paramilitary massacre that killed Olivia’s mother.

Once Olivia has called her boss and persuaded him to log in, Elliot has got what he wanted. An extreme social engineer, this Mr Robot episode demonstrates the insider threat that could be posed by an employee and makes the audience think about weak passwords. 

It’s certainly a subject that needs talking about, and maybe even Hollywood is catching on.


Mr Robot airs on Sundays at 10pm on the USA Network and Mondays on Amazon Prime. 

Follow me on Twitter.

I'm a freelance cybersecurity journalist with over a decade’s experience reporting on the issues impacting users, businesses and the public sector. My interests within

...