Passwords: past, present, future

Passwords: past, present, future

January 15, 2016

Eliminating the password

No one enjoys coming up with a new password and the struggle of having to remember it weeks later. Besides, with data breaches happening regularly, passwords are easier to crack and vital personal information isn’t as safe anymore.

Services like Google and Yahoo are experimenting with eliminating the pesky password. Most recently, Google said, “We’ve invited a small group of users to help test a new way to sign-in to their Google accounts, no password required.”

  • When you enter your email address on your computer, you will automatically receive a message on your phone.
  • If you hit yes in response to the message, then the computer logs into your Google account without having to type in a password.
  • In instances when your phone is dead or you don’t have it with you, you can still elect to log in with a password.
  • If you lose your phone, just delete that specific device from your account.

This feature along with Google Chrome’s Password Alert, a tool that informs you if a website tries to steal your login info, are part of Google’s efforts to help strengthen security for its users.

While Google’s efforts are still in a small-scale testing phase, Yahoo has already launched a similar feature called Account Key that has you approve the log in on your phone via a push notification. However, according to TechCrunch, only 3-4 percent of users are taking advantage of this feature.

The future of passwords

passwords

It’s reported that in 2013 there were 450,000 phishing attacks and over $5.9 billion in estimated losses. Alarming figures like this show that our current password system isn’t working. As Google and Yahoo try out a new strategy, other ideas have also emerged, like biometrics. Biometrics include physical characteristics such as fingerprints, facial recognition, iris scan, and voice recognition. Some smartphones have already employed the fingerprint system. Although this is more secure than a password, fingerprints can’t be changed and you leave them everywhere you go.

One thing is for sure: the more steps you must go through or information you must provide to access your account, the more secure it will be. This is ideal for high risk accounts like your email or bank accounts.

But, the problem with multifactor authentication or biometrics is that it will take a while before most apps and websites are able to update their technology.

Passwords until then

A security researcher took to decoding encrypted passwords that had become available when Gawker and rootkit.com were hacked. The researcher was able to crack 44-55 percent of them. If users have the same password for multiple accounts (which most do), it can be very difficult to keep these accounts secure.

Although companies like Google and Yahoo are ahead of the game, not everyone can keep up. Because the average user has to remember a password for 25 or more sites and apps, it’s important to have strong passwords to keep information safe from hackers.

Tips for a strong password:

  • Never reuse the same password
  • Make your password 12 characters or longer
  • Avoid words in general, but more importantly, avoid using any pet names, birthdays, addresses, etc. Instead, use various capital and lowercase letters, numbers, and punctuation.
  • Don’t let the web browser save your passwords for you
  • Use a password manager tool to keep track of all of your passwords, but make sure to memorize important passwords for your email, bank account, etc.

Methods for creating passwords:

  • Use a password generator based on the above criteria
  • Try security expert Bruce Schneier’s method. Abbreviate a sentence so it is hard to crack, but easier for you to remember. For example, “Long time ago in a galaxy not far away at all” becomes “Ltime@go-inag~faaa!”
  • Use the Person-Action-Object (PAO) method. Imagine a place and a familiar or famous person. Then have this person do a random action with a random object in this place. Like, “Bill Gates swallowing a bike on the baseball field.” Abbreviate this phrase into a password with different capitalization and punctuation.
  • Pick a line of a song and abbreviate it.

What about the websites that let you log in with your social media accounts like Facebook? Do they pose more of a risk? It may be a hassle, but it is worth the effort to create a strong, unique password, especially for your high risk accounts. Even if you have to resort to writing them all down somewhere.


Sources:

Is The Password Dead? The Future Of Web And Mobile Authentication

https://www.washingtonpost.com/news/the-switch/wp/2015/12/23/google-is-trying-to-kill-passwords-but-what-should-replace-them/

http://www.forbes.com/sites/amitchowdhry/2015/12/29/google-starts-testing-the-ability-to-login-without-a-password/

Yahoo Launches New Mobile Mail App And Eliminates Passwords

http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

http://www.pcworld.com/article/219303/password_use_very_common_research_shows.html