at the last time you have entered in a password. Facebook? Online Banking? Perhaps an email account that contains all of your personal information. Whatever the case may be, it is the unavoidable fact that your 6 digit ‘wonder code’ (16 if you are cautious) is all that is keeping a stranger from gaining access to all of your information. Especially with the era of smart phones, anyone who is dedicated enough can easily access your smart phone account (for example, Apple) which gives them total reign over the information stored, sent and received on your iDevice. Just imagine: photos of your family or friends, private emails and text messages all available to anyone who has online access and a basic knowledge of hacking. In the highly modernized era that we live in, the idea that a simple randomized string of letters and numbers will be enough to keep our private information secluded from others is a scary thought.
Personally, I am an avid iPhone user and always have been. I store most (if not all) of my information on the online ‘cloud’ to the point where I would safely say that if a stranger were to take a glance over my cloud storage, they would have a clear idea of who I am. Then a question struck me: what precautions does Apple take of my details are being kept. For example not very long ago, hackers managed to find a loop whole in the password recovery system of Apple by, calling in “as a person” simply forgetting their password. Within less than an hour after talking with the Apple representative answering questions which are readily available (address, close friends lists, email accounts, Facebook researchable questions), they were able to enter numerous accounts in this manner. I know this is possible, I had done it before when Apple locked my iTunes account, and had to call in just like the hackers.
There are a couple of major flaws with our current design of passwords. Firstly, as the general trend of online activity seems to revolve around a single log-in account, a hacker can simply gain access to your one log-in account which would then in turn provide access to every other account linked to that account. A paragon of this would be the usage of ‘Gmail’ accounts for practically every activity online. Currently, our Gmail accounts can be linked with YouTube, other email accounts, your contacts and more. In other words, all of your private and ‘confidential’ information can be easily accessed by a hacker gaining access the single account that you have chosen to use. “But that is impossible! There are over a billion combinations possible and he would have to be mad to try it all out!” You say? Not all true. With the recent improvements of computing power (a laptop has more processing power than a workstation did a decade ago), with just your user name, any knowledgeable hacker can crack your password via brute force by trying over a million combination per second. That is not even including the countless hacking programs which trace your every keystroke and is able to monitor your screen live which would allow for your pass-code to be vulnerable within literal seconds after logging in.
The End of Passwords?
Even though it seems that our online presence is no longer secure, some of us barley knew that it did, but still to this day we are unable to efficiently come up with a solution to how to solve the problem. A temporary solution is to use a system with two or even three easy step verification log in process. As an example is Google’s two step verification process, where after entering your password Google sends an SMS message to your phone with a secondary random code with a lifetime of few minutes. However for some reason unknown to us, Google does not really push or advertise such a great system to the public. It even took us quite an ordeal to find it in real life rather than hearing about it in some distance place.
Maybe the real reason that we are having this much chaos in the inter-webs is probably its weakest link—humans. Passwords need to be hard, complex, and diverse, the tricky part here is memory, we always at some point in time forget our passwords, and a system of recovery mechanism has to be put in place. Hence the recovery process which is where guessing the answer to your hometown can be easily found on your Facebook page, and maybe a quick Google search. At the same time you can always argue that bio metrics is another great way to protect yourself in similar fashion to films, but in fact they are one of the worse ways to secure data. A fingerprint or iris scan is a single piece of data, and single pieces of data will be stolen, say your finger printed was scanned from a piece of glass that you left on, it’s not really easy to replace that finger once it has been stolen. The iris scan are also another issue, in the age of high-definition photography, using your face or your eye or even your fingerprint as a one-stop verification just means that anyone who can copy, from let’s say Facebook, can easy get into your account.
Whatever solutions will come in the future, the swing will involve both inconvenience and security at the same time. But the alternative is theft and the loss of your online life. The first step is to accept the problem and understand the risk that we are posing online. The second is question what you are willing to trade it for.
Most Common Passwords in 2012
A compilation of the most used passwords for common websites from CBS News
- password (Unchanged)
- 123456 (Unchanged)
- 12345678 (Unchanged)
- abc123 (Up 1)
- qwerty (Down 1)
- monkey (Unchanged)
- letmein (Up 1)
- dragon (Up 2)
- 111111 (Up 3)
- baseball (Up 1)
- iloveyou (Up 2)
- trustno1 (Down 3)
- 1234567 (Down 6)
- sunshine (Up 1)
- master (Down 1)
- 123123 (Up 4)
- welcome (New)
- shadow (Up 1)
- ashley (Down 3)
- football (Up 5)
- jesus (New)
- michael (Up 2)
- ninja (New)
- mustang (New)
- password1 (New)
- youth123 (new)
A password manager is a tool that enables you to use passwords that are as difficult to crack as they are to remember. For example, instead of a password like ‘Hello15328yes’, the manager would suggest you to use a password like ‘09cDcLf153Pe’. If you have multiple accounts each with a password like that, good luck entering the password every time you try to log on, let alone remember it. However having a complex password like that does have its benefits as they force the hacker to use the brute force method to crack your password which might often discourage a hacker to hack your account. Although the probability of your account getting hacked is not zero (nothing will ever be unless you do not make an account to begin with), it does lower the probability by a significant proportion.
LastPass was initially released in 2008 and was built almost entirely within a browser plug-in. For a free program, it certainly does its job and it does it well. LastPass will generate strong passwords, fill in your impossibly hard to memorize passwords whilst detecting the password field automatically. Despite the fact LastPass saves the passwords on a server, users should rest in mind that the passwords are encrypted before they are sent. Thus drastically reduces the probability of the actual password becoming compromised and vulnerable at the mercy of a hacker. In addition, LastPass offers some of the finest smart phone integration of any password manager. It will seamlessly integrate with most smart phone browsers (Firefox, Dolphin, etc). However to get LastPass on phones there is a commitment of $12/year.
1Password is the current competitor of LastPass, and is supporting Mac, Windows, iOS and Android. However 1Password’s true value shines if you are an Apple user, with the program itself being Apple-esque in design. 1Password allows for sync with the iCloud complimenting the accessibility of this password manager. However the Android version of 1Password seemed slightly worse as you can view your passwords, but you are not able to change them on the fly. The most recently updated version costs $49.99 as a single, lifetime payment which does seem slightly expensive.
Believe it or not, Google Chrome is actually a password manager. If you sign into Google Chrome with your Google Account , passwords can be saved with it. The great thing about using your Google Account is that if you sign into a new computer with Chrome, your passwords are synced to those devices as well. This not only includes other computers but also includes smart phones and tablets that can install Google Chrome. The problem with this method is that if your Google account is hacked, all of your passwords are compromised.
HOW TO BE SECURE IN TODAY’S INTERWEBS
Until a better solution is given to our security problems there are several DOs and DON’Ts that you could follow that can in someways better protect yourself.
- Use false but "easy to remember" security Questions
- Pick a password you can actually remember
- Use both upper case and lower case letters
- Create a password with more than 8 characters
- Do not use linked passwords for different online accounts
- Do not use words from the dictionary
- Do not use a word that is spelled backwards
- Do not use dates or birth dates
- Do not use a short password!
- Do not replace letters with numbers (ie. S is a 5)