10 October 2014

Passing comment on passwords (Part three)


The fallout from the celebrity iCloud hack continued this week with Apple announcing that it has added an extra layer of security. So, now if you are an Apple device user and have third party apps that connect to your iCloud (I suspect that will be many of you!) you now need to create a unique password for each app. However, we all know that if you have an Apple device you will have a lot of apps and many of these will be connected to your iCloud, so are we really going to create ‘unique’ passwords for each? I suspect what will happen is that people will use the same password for every app, and therein lies the big problem with passwords in general.

Today, passwords underpin security. Businesses use passwords in an attempt to add security, for those of us who use them (essentially everyone), security is of course important, but we typically put the emphasis on convenience. Meanwhile, the cybercriminal is on the hunt for them.

In an article published by Sky News, researchers at Carnegie Mellon University in the US think that they have found the secret formula to creating and remembering up to 14 complex passwords. It suggest that you use a person an action and an object to create a password for example ‘Bill Gates rowing teacup’ or ‘Steve Jobs tasting cheese’ (these are all words that were used in the research). We have had fun playing around with the idea but I can’t see it catching on. I have more than 14 accounts that require passwords, many of them require the use of numbers and non-alphabet characters, and some have a specific character limit which means it simply wouldn’t work. But first and foremost I do not want to spending my day trying to remember if ‘Tiger Woods sheering hen’ or ‘Luke Skywalker juicing owl’ is my Facebook, Amazon or LinkedIn password! And then, if I get that bit right did I add an uppercase letter and exclamation at the end in order to satisfy the need to make it supposedly ‘strong’?

The truth is that until we address the imbalance between security and convenience all that is ever being done is papering over the cracks. The fact that academics at Carnegie Mellon University even deemed such research necessary highlights just how crazy the concept of password management has become in our modern lives. What is more, none of this takes in to account the fact that no matter how long and convoluted you make a password, if it is stored somewhere (and you can be sure an organisation has your password as you disclose it every time you logon or transact) then it is vulnerable to theft and abuse.

If you want to learn more about how passwords are past it then we will be demonstrating PINgrid, at GITEX Technology Week in Dubai next week. We will in hall 3 and on stand C3.

Author: Alissa Lang, Winfrasoft






No comments:

Post a Comment