Online Password Security – Is the “password” security system robust enough to keep you safe on the net?
In a culture where communications, data storage, business promotions, leads and sales are now held in the cloud and part of an ever-evolving online world, there has never been a more essential time for robust internet security.
But I always find it a little odd that as we are immersed in a barrage of technological advancement (you can hardly get your laptop out of the warehouse and it is out of date) one element of our daily internet tasks never seems to change – inputting username and password. In fact, this system has hardly changed since the earliest computers in the sixties. So how safe is it and are there no possible contenders for safer systems?
Password Security – A Flawed System
The password system has been cursed by users and criticised by security system developers over the years. It is the default security system because commercially it’s the cheapest option. The great flaw with the system is users are left to create their own passwords, which are often an open invitation to theft. Hackers may use such methods as a dictionary attack or brute force attack to attempt to determine the word you have used. There are 5 main reasons why passwords become an easy target for hackers:
- Users tend to use passwords which have relevance to data which is already available about them on the net. (i.e. Date of birth)
- The same password is used too frequently
- Robust passwords are not developed for fear they will be forgotten, or user time is not available.
- Storage of passwords are open to attack or theft
- Passwords are not changed frequently.
In August, the BBC News site reported what has been termed the largest online security breach to date where over 1 billion usernames and passwords were hacked into by a Russian group. Apparently the data came from nearly 500,000 websites and across many industries.
The recent celebrity nude hacks that have hit the headlines, with pictures of well-known actresses, celebrities and models ripped from their Apple iCloud accounts and distributed across the web, underlines the fragile nature of password security.
Although Apple claimed that the breaches occurred through a “very targeted attack on user names, passwords and security questions”, it is concerning that even the largest organisations are helpless in the face of a concerted attempt to access private and “secure” data.
So what else is out there that could take the place of the password?
Face and Voice Recognition Security Systems
Fingerprint, face and voice recognition are no longer in the world of science fiction. Barclays Bank has already started to use “Voice Print” to recognise its customers. Face and iris recognition is beginning to be used on mobile phones. While the bottom line is these methods are still open to hackers, it is a fact that long convoluted passwords are impractical whereas fingerprints are not.
Possibly one of the most forward thinking solutions is the “Digital Profile”. The major difference with this approach is instead of there being one security check at the beginning (i.e. that’s your password – now you are in!) this system continuously checks to ensure you are who you say you are.
It works by initially creating a complex profile of the user which may include whether a user is right handed or left handed; a measurement of eye-hand co-ordination; preferences for where windows are placed on the screen; how quickly the user tends to use the PC or mobile device and their general typing patterns. Whereas this may take longer to set up initially, it would get more and more effective as the system came to know idiosyncrasies over a period of time.
What is clear is that, as the hackers become increasingly more audacious and proficient at bypassing current security systems, we need to rethink our entire approach to online security and data storage if we are ever going to feel even remotely confident that our private and corporate data is safe from prying fingers.