Friday, November 16, 2012

Password problems

A recent Wired article makes the claim that passwords are obsolete.  Normally, I'd just pass it off as yet another blogger trying to get hits by claiming that "$technology is $bad for $reason" but this is Mat Honan, who had his digital life destroyed earlier this year.

Honan has done some incredible research into the (lack of) security in our lives online.  He claims that it would only take him minutes to acquire your passwords to a plethora of online services, including banks, PayPal, and email (which is central to your online identity).  In fact, he can do all of these things even if you've got an incredibly difficult password (like Tr0ub4dor&3).

The biggest problem with passwords isn't the passwords themselves.  It's us.  Human weaknesses result in websites providing the option to reset our password.  So long as that option exists (and breaking it is easier than breaking a password), we'll be insecure.

Alternatives to "just a password" exist.  One of the best (in simplicity and effectiveness) is two-factor authentication.  GMail has it, and if you have a Google account, enable it now.  This isn't totally effective, as it's easy to convince the phone company to redirect your call.

More secure solutions will be found but they will invariably result in a loss of convenience.  I convinced my dad to use two-factor but he turned it off because my mother got tired of chasing down dad's phone.  The convenience factor is what's stopping fingerprint and eye scanners from ever reaching the mainstream.

Passwords need to be done away with - but they're here to stay.

(If anyone's looking for startup ideas, Atwood's pipe dream might be a good place to start)

No comments:

Post a Comment