The recent eBay hack has shown us yet again that we are on a hiding to nothing with our passwords.
The clever spelling of your favourite band or that important date integrated with a loved one’s name really won’t cut it. Passwords are now recommended to be very long and contain upper and lower letters plus special characters – that effectively makes them a tweet from a stroppy teenager.
Brute force can be used to guess passwords, whereby machine code runs password choices over and over again until they get it right. But many of these hacks don’t just force us to change and upgrade our passwords on that particular site, they also publish the data breaches online so others can educate themselves in regards to password creation. That’s obviously a major problem for several reasons, not least if you use the same password across various sites.
eBay is certainly not on its own. LinkedIn, Yahoo!, Gawker and eHarmony have had similar data breaches and it’s all pretty terrifying, but what to do for the best?
MIT professor Fernando Corbató who invented the computer password told the Wall St Journal, ‘I don’t think anybody can possibly remember all the passwords that are issued or set up. Either you maintain a crib sheet, a mild no-no, or you use some sort of program as a password manager. Either one is a nuisance.’
Whatever you do, it’s pretty clear that passwords alone need to become obsolete. Bill Gates is often misquoted from 2004 saying, ‘Passwords are dead.’ What he was calling for was two-step authentication. Onion layering should be all the rage with two- or three-step authentication necessary for far more than your online banking. This typically involves a password plus a code that’s created – perhaps via text message or a digital pad provided by a bank.
The iPhone 5, with its thumbprint recognition, also shows us that biometrics aren’t just for the movies; they’re affordable enough to hit main stream consumer products. But Apple have a very closed environment and wont be sharing any intellectual property and helping raise industry standards outside of filing patents. [filling]
One group that may have some answers is the FIDO Alliance. FIDO (Fast Identity Online) is 48 companies including PayPal and Lenovo with the united goal of implementing standards for biometric sensors used against fingerprints, eyes, and speech.
I’m no security expert but surely some of these solutions need to bubble to the top and have companies force us to use more and better security.
Passwords aren’t anywhere near dead. However, most would agree, they need some medication to help the patient being the whole problem, and become part of the solution.