Kill the Password

Kill the Password

Wired Magazine: Kill the Password

While Wired‘s cover story about the failure of passwords (“Kill the Password: Why a String of Characters Can’t Protect Us Anymore”) is now a couple of months old, it is still very relevant. It is certainly a worthwhile read for all people in our digital age. It provides a good overview of the compromising positions that passwords can put us in, no matter how diligent we are at creating and keeping “good” passwords.

Bored teens and highly motivated criminals are both part of the threat to your personal information. Additionally, overly helpful customer service personnel can be persuaded to relinquish control of your account to a persistent hacker. Information discovered about you through simple searches can be used against you.

There are steps you can take to make it more difficult for a would-be hacker. But eventually, the password may be just one of several authentication methods of keeping your information secure. Below, I’ve reproduced the article’s tips for what you should and should not do.

DON’T

  • Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.
  • Use a dictionary word as your password. If you must, then string several together into a pass phrase.
  • Use standard number substitutions. Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built in.
  • Use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.

DO

  • Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.
  • Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”
  • Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
  • Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name—like m****n@wired.com—so it can’t be easily guessed.
Observations, Programming , ,