Are you one of the millions of people around the world trying to juggle and remember, on average, 25 passwords for a variety of accounts? It is clear that you are not alone nor are you the only one that is frustrated with the technological advancements that are making password strength almost obsolete. Even in 2004, Bill Gates warned that passwords are nearing the limits of their utility, now in 2013, we are seeing this issue in all levels of society.
It seems like every website requires a password nowadays and they are only becoming harder and harder to make strong and valid. Not only do we need passwords for online banking and e-mail access but also for mundane things such as job applications and to post videos onto YouTube. With all of these different accounts and associated passwords, it’s becoming a task of its own to remember them, nevertheless remember what accounts they were created for. And now, with the fast paced technological advancements, hackers are finding new ways to guess passwords, giving us more reasons to change up our passwords on a constant basis and create strong passwords the first time to avoid being hacked.
So how do we create passwords strong enough the first time and remember all of them?
Below, I have found a variety of tips for just that…
- Long paraphrases – such as a song lyric or movie quote. Once you decide on the lyrics or quote, create the password using the first letter from each word. By doing so, this makes it harder for hackers to guess and also, easier for the user to remember as it’s memorable
- Tweaking – changing the same password a little bit for each site. This tip suggests using the same password each time so that it is easy to remember but to add a few letters at the end for each site such as fb for Facebook, yt for YouTube, or td for TD Canada Trust
- Mix – a mix of upper case, lowercase and numbers. UpPeR aNd LoWeR cases take a password one step further in strength.
Password Managers –there are strong programs such as Roboform and Lastpass that create strong passwords and remember them for you so you don’t have to.
- 2 Step Authentication– programs that allow 2 steps of password identification. Most e-mail accounts have the option to not only enter your password but answer an additional question about your personal life that would make it that more difficult for hackers to guess.
- Store them securely. Don’t store them on your desktop but use an encrypted USB to keep them as far away from the internet and hackers as possible
- Keep them long – Normally 9 will suffice but longer is better.
Do NOT use…
- PASSWORD – one in ten users use this as their password.
- 123456 – CNET’s Declan McCullagh analyzed passwords and found that password was used 780 times and 2,295 times a sequential list of numbers was used.
- Avoid the dictionary. Mr. Kocher from Whitehat Security stated that hackers will test passwords from the dictionary and if your password is not in that set, they will move on.
So now we have the tips to create and maintain strong passwords but why has this become such an issue in recent years? One would think that with the growing advancements in technology, hackers would find more skills yes, but shouldn’t our computers and programs have the proper security that will detect any unusual activity and reduce the threat of hackers?
It seems unusual but after you read a few of the techniques that I’ve posted below, you might just begin to understand why they are such a threat. Hackers are called hackers for a reason, they are sneaky and will always find a way and now we can see what we are up against.
- Cluster Boasting– Stricter Consulting Group has just unveiled a password-hacking program that can make 350 billion password guesses every second. It is capable of determining every single 8 character password containing letters, symbols, and numbers.
- Online Software Tools – there is free online software that uses algorithm search programs that automate password cracking and are so accessible that almost anyone can use them.
- Website Access – Facebook admitted that hackers have been breaking into hundreds of thousands users accounts every day and that out of one billion log ins to Facebook, 600,000 are imposters trying to access personal information and passwords.
- John the Ripper – a free password cracking program that allows hackers to test millions of passwords per second using a list of commonly used passwords.
Clearly, with what we’re up against, the tips provided above may not provide us with any strength at all. If hackers have these programs in the palm of their hands, it seems necessary to do away with passwords all together and implement new and more advanced ways of controlling access to our accounts and websites but where do we begin?
Companies have been working hard to invent new alternatives to password use. The most well-known companies that are close to implementing any new technologies are Apple and Google.
Apple is planning to release an iPhone that will recognize the owner’s fingerprints by pressing a finger against the handset. This technology would be useful for unlocking phones, and online banking and e-mail accounts.
Google is currently looking into and researching iris scanners that will read the owner’s eyes through the handset. They have also begun researching ring finger authentication that will authorize access to any computer via a tap on the computer and will have all your personal information embedded in this ring. This would be beneficial in situations in which your phone currently has no service connection.
Google is also experimenting with a Yubico cryptographic card that will automatically log a web surfer into Google using a USB. This will include passwords and any crucial information that is sorted by website, so you just log onto the website and plug the USB in and the information will be transferred.
As you can see, alternatives to passwords are already in the works however we may not see any solid changes for another couple of years. Although these advancements seem ideal and problem solvers, there are issues that will arise with these as well and we should investigate ways to work with passwords to maintain the use of these in a safe way. Also, if implemented, each website would have access to very critical information such as your fingerprint and would you trust Facebook with that information? The new technology may also require a costly investment from the users and this would be deemed unappealing in society. That being said, we are definitely in need of an identification system that is unique and difficult to fake and Apple and Google may just have those answers.