The Problem with Passwords

Password SecurityAren’t passwords a bit of a hassle to remember? What with having multiple accounts, it’s a confusing ordeal to remember a bunch of letters and numbers to access your accounts. But it is a matter of security, and one we can’t do away with at the moment. Donna Spinner, a 72-year-old grandmother who lives outside Decatur, Illinois, says that “At my age, it just gets too confusing.”

“We are in the midst of an era I call the ‘tyranny of the password,’” Thomas Way, a computer science professor at Villanova University, says. He adds that this time “We’re due for a revolution.”

Gladly, momentum has started with multiple services offering to store your passwords for you so you don’t have to fumble for them whenever trying to open an account. Furthermore, biometric technology is quite the blessing, using thumbprints and face recognition in place of passwords. For instance, some computers now use thumbprints to log in, as do some new iPhones and retailers.

But why is it that some people still prefer the password over emerging new security technology? Even though the passwords we use are, more often than not, not that secure since we tend to use ones that are uncomplicated and easy to remember. A list of most common passwords include: “abc123,” ”letmein” and “iloveyou.” Even “password” is being used as a password.

The director of security and forensics at the School of Applied Technology at the Illinois Institute of Technology, Bill Lidinsky, demonstrates to his college class how easy it would be to crack passwords using available software technology.

Keith Palmgren, a cybersecurity expert from Texas, says that passwords do not necessarily have to be long or complicated, “Whoever coined the phrase ‘complex password’ did us a disservice,” Palmgren says.

Good passwords are not predictable, but at the same time something a user can easily remember. Palmgren suggests using whole sentences as passwords on sites that allow it. To check your password strength, Palmgren recommends a website developed by California-based Gibson Research Corp. that calculates how hard it would be to crack your password.

Another password tip is by using “simple mental algorithms.” “Ama95 zon” for an Amazon account and “Yah95 oo” for a Yahoo! account are examples of this. Use spaces if the site allows it.

Furthermore, there are some who opt to use password generators. Password generators create and save your passwords for different sites. All the user has to remember is one password to access the generator program. Isn’t that more convenient? LastPass and Dashlane and 1Password are common generators.

If you want to get rid of passwords altogether, there are biometric options being developed like the Facelock, where the system identifies faces to get into an account or service. Facelock is the brainchild of researchers from the University of York, England.

Meanwhile, the Canadian government has partnered SecureKey Technologies, to allow its citizens to get into government sites, using a username and password from collaborate financial organizations. SecureKey being the middle man, no direct exchange of information happens between the government sites and the user. The bank, also, does not receive information on which government sites the user has accessed. The U.S. Postal Service has now partnered with SecureKey to give Americans the same service for access to their personal information like health benefits, student loans, and retirement benefits.

At the end of the day, security and password reliance will be determined on “multi-factor identification.” These factors are generally based on:

“What you know” – a password, a security question that’s exclusively known to you. It does not mean uber complicated, just something you would remember and is known only to you.

“What you have” – any device that an online site, e-commerce, or any tech-based retailer would recognize as yours.

“What you are” – these refers to biometric information, face and/or prints.

Technology is paving the way for passwords to disappear. Existing cameras in ATMs can be used for facial recognition authentication process. Paul Donfried, chief technology officer of LaserLock Technologies Inc. adds, “We now have the ability to shift complexity away from the human being.”

In Decatur, Spinner debates the security and reliability of biometric authentication. But in good faith, she concedes, “Anything to make it easier for those of us who are technology-challenged, I would be in favor of.”

Have questions about your password security?  Not sure if your passwords are secure?  Give our team of trusted IT security experts a call immediately and we can help you.  We are known as the top IT security experts in New York / New Jersey.  Call us at NY (845) 406-6800, NJ (201) 785-7800 or drop us an email at info@nynja.com.

NYNJA provides IT Support and IT Consulting Services to businesses across New York and New Jersey.

We proudly serve the communities of Suffern, Monsey, White Plains, Westchester County, Wyckoff, Mahwah, Denville, Parsippany and many other communities in New York and Northern New Jersey.