For all the money and effort we spend on securing our computer systems, users continue to compromise security with passwords that are easy to remember—
It’s understandable: most users struggle to remember different passwords for a half-dozen or more systems they need to do their work. Each new cloud application complicates matters further; it’s little wonder that the sticky note remains a popular way of remembering passwords.
Analysis after embarrassing analysis confirms the risk these practices pose. A 2012 University of Cambridge study, for example, analyzed 70 million Yahoo passwords and found surprisingly little security: 75 percent of users had never changed their passwords, and by testing accounts against dictionaries full of common English passwords, researchers were able to guess 80 out of every 1,000 passwords. Other studies have reported hit rates well into double-digit percentages.
How good is your memory, really?
Some people have turned to password managers such as 1Password, LastPass, and Dashlane—
As greater Internet usage forces us to use more passwords on a daily basis, password managers are a step in the right direction. But with most of us still relying on our memories to access the systems we need, we—and our employers—remain exposed.
It’s hardly a new problem: a 2000 University of Cambridge study found many of the same issues. Even making passwords more complex—w
Lax policies can compromise the effectiveness of passwords—13 percent of respondents to a recent Liebermann Software survey said they can still access systems at their previous workplaces. Technological weaknesses can also affect password effectiveness. The recent ‘Heartble
Designing the new identity
Largely driven by the ubiquity of sensor-filled smartphones and tablet devices, security is now focusing on helping users prove their identity through an aggregation of factors that complement passwords. For example, websites using two-factor authentication (2FA) will SMS you a unique, time-limited code that you must enter into the system along with your normal credentials.
Biometrics are another popular advancement that are being leveraged to complement or replace conventional passwords. For example, fingerprint scanners are now built into many mobile devices to provide additional protection. Researchers are looking into other biometric identifiers that can be easily measured using phones and their cameras—i
The focus on mobile device sensors is driving research into new biometrics that involve careful analysis of behavioral traits such as your gait (which can be measured using a phone’s built-in gyros), your typing style (based on your interactions with the device), or even your heartbeat rhythms (based on readings from wearable fitness trackers).
New network security systems even watch you while you work online, establishing baseline activity patterns that can be used to detect anomalies the next time someone logs on with your password. Some people are even looking into implantable microchips that let you prove your identity by waving your hand over a sensor.
It may be a long time before we do away with passwords entirely, but new identity verification processes can reduce or eliminate the chances that someone else can access our systems by pretending to be us. Given the world’s growing interconnectedn
Comments: 0 // Share: