Posted by & filed under Hot Topics, MailBigFile, Social, Technology.

End of the Password Unlocks Whole New Minefield of Security Traps Speculation is mounting that Apple are just about to be doing away with the need for passwords to operate devices. It is suggested that a new iPhone will be operated by pressing a finger against the handset. Google Android are experimenting with voice recognition, iris scanners and behavioural biometrics to achieve the same thing. The way people swipe, tap keys or move their eyes and even heartbeats are unique to individuals. The same technology could not only unlock a phone or tablet, but open bank accounts, emails or anywhere that a password is demanded.  Enough is Enough? The Fido Alliance (Fast Identity Online) is consortium of web firms dedicated to killing off the password. Techies all over are working hard to consign it to history. Poul-Henning Kamp, the man who invented the widely used password encryption tool MD5crypt, spoke to Rebecca Greenfield of The Atlantic Wire in June 2012 after major password hacks at financial institutions. He said that is creation is no longer safe. ‘I implore everybody to migrate to a stronger password scrambler without undue delay.’ He thought that all sites with more than 50,000 passwords to protect should come up with their own unique encryption algorithms. It’s safe to say that hasn’t happened everywhere. The Bane of Our Lives The password has become so complicated that many people are effectively excluded from technology. Apart from being a rather outdated security risk in themselves (people write most of them down somewhere or they are blindingly obvious to anybody who knows teh user, such as through social media. Computer programs to unlock passwords are commonplace. It is thought that the average person used thirteen different passwords on 50 sites, based on 2007 figures that suggested half those, given the way things grow exponentially on the net. With encouragement if not requirement to make passwords complex employing a range of symbols, lower/upper cases, no personal data and quite long, inevitably they will be hard to remember. People are also advised not to sue the same password twice, and some sites require regular updating. Plus, most sites also demand usernames/ID as well, and they may not be simply your name. Questions from your memorable data are usually easier to recall, but only if the spellings, gaps and punctuation are identical every time. Of course, no system is foolproof. The problems of scanners being fooled by photos, of too much background noise confusing voice recognition and even of criminals severing fingers from victims to get prints are legion and presumably are being tackled. The Era Has to  End Last November, Tyler Falk wrote about the necessity for the password time to be terminated. He said those with 7-20 chracter passwords with plenty of numbers, symbols and uppercase rating ‘very strong’ smugly mock those who still use ‘password123’ as their key to the net. Both are equally at risk, he argued. He quoted Matt Honan, senior writer at Wired magazine who had long, robust alphanumeric passwords and saw his accounts all hacked with the loss of years of documents, photos because they were daisy-chained together. Honan and Falk are among those increasing numbers now terrified of ‘our password-centric web’. Storing information in the cloud has actually exacerbated the problem, Falk thought. Tricking into resetting passwords and using publicly available data from one service allows access to another. So what did he suggest? ‘The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.’ He acknowledged that would make privacy advocates very jumpy, as it ‘sounds creepy.’ But for him and many others, the alternative is ‘chaos and theft’. We have entrusted everything to a broken system, so we have to acknowledge that fact and then fix it! So, does it boil down to better security or better privacy? Also worth accessing: The Atlantic Wire, Rebecca Greenfield, How secret is my password? http://www.theatlanticwire.com/technology/2012/06/end-password-we-know-it/53269/  June 2012 Smart Planet, Tyler Falk, The end of the password era, http://www.smartplanet.com/blog/bulletin/the-end-of-the-password-era/5748 November 2012 When Campaigning for Web Freedom Gets Real, Dirty and Personal, 11 February 2013 http://blog.mailbigfile.com/hot-topics/when-campaigning-for-web-freedom-gets-real-dirty-and-personal/  Cyber Attack in the UK Set to Be the Biggest Growth Industry, 21 January 2013 http://blog.mailbigfile.com/hot-topics/cyber-attack-in-the-uk-set-to-be-the-biggest-growth-industry/ It’s the Season to Give Away Lots of Valuable Personal Data, 5 December 2012 http://blog.mailbigfile.com/hot-topics/its-the-season-to-give-away-lots-of-valuable-personal-data-while-shopping/ What If the Cloud Was a Country, How Green Would It Be?, 20 February 2013 http://blog.mailbigfile.com/hot-topics/what-if-the-cloud-was-a-country-how-green-would-it-be/  Could Computer Over-Reliance Be the Death of Us All? 30 July 2012 http://blog.mailbigfile.com/tech/could-computer-over-reliance-be-the-death-of-us-all/  Another Week, Another Systems Malfunction, 3 July 2012 http://blog.mailbigfile.com/social/another-week-another-systems-malfunction/  Scams Are Out to Get You, Online and Off, 21 May 2012 http://blog.mailbigfile.com/social/scams-get-online/  Image: Naomi IBUKI No Security Is Perfect on the Internet

No Security Is Perfect on the Internet
 

Speculation is mounting that Apple are just about to be doing away with the need for passwords to operate devices.

It is suggested that a new iPhone will be operated by pressing a finger against the handset. Google Android are experimenting with voice recognition, iris scanners and behavioural biometrics to achieve the same thing. The way people swipe, tap keys or move their eyes and even heartbeats are unique to individuals.

The same technology could not only unlock a phone or tablet, but open bank accounts, emails or anywhere that a password is demanded.

Enough is Enough?

The Fido Alliance (Fast Identity Online) is consortium of web firms dedicated to killing off the password. Techies all over are working hard to consign it to history.

Poul-Henning Kamp, the man who invented the widely used password encryption tool MD5crypt, spoke to Rebecca Greenfield of The Atlantic Wire in June 2012 after major password hacks at financial institutions.

He said that his creation is no longer safe. ‘I implore everybody to migrate to a stronger password scrambler without undue delay.’ He thought that all sites with more than 50,000 passwords to protect should come up with their own unique encryption algorithms. It’s safe to say that hasn’t happened everywhere.

The Bane of Our Lives

The password has become so complicated that many people are effectively excluded from technology. Apart from being a rather outdated security risk in themselves (people write most of them down somewhere or they are blindingly obvious to anybody who knows the user, such as through social media. Computer programs to unlock passwords are commonplace.

It’s thought that the average person used thirteen different passwords on 50 sites in 2007; so there must be twice that number now, given the way things grow exponentially on the net. With encouragement if not requirement to make passwords complex employing a range of symbols, lower/upper cases, carry no personal data and be quite long, inevitably they will be hard to remember.

People are also advised not to use the same password twice, and some sites require regular updating. Plus, most sites also demand usernames/ID as well, and they may not be simply your name. Questions from your memorable data are usually easier to recall, but only if the spellings, gaps and punctuation are identical every time.

Of course, no system is foolproof. The problems of scanners being fooled by photos, of too much background noise confusing voice recognition and even of criminals severing fingers from victims to get prints are legion and presumably are being tackled.

The Era Has to  End

Last November, Tyler Falk wrote about the necessity for the password to be terminated. He said those with 7-20 character passwords with plenty of numbers, symbols and uppercase rating ‘very strong’ smugly mock those who still use ‘password123’ as their key to the net. Both are equally at risk, he argued.

He quoted Matt Honan, senior writer at Wired magazine who had long, robust alphanumeric passwords and still saw his accounts all hacked with the loss of years of documents, photos because they were daisy-chained together. Honan and Falk are among those increasing numbers now terrified of ‘our password-centric web’.

Storing information in the cloud has actually exacerbated the problem, Falk thought. Tricking into resetting passwords and using publicly available data from one service allows access to another. So what did he suggest?

‘The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.’

He acknowledged that would make privacy advocates very jumpy, as it ‘sounds creepy.’ But for him and many others, the alternative is ‘chaos and theft’. We have entrusted everything to a broken system, so we have to acknowledge that fact and then fix it!

So, does it boil down to better security or better privacy?

Also worth accessing:

The Atlantic Wire, Rebecca Greenfield, How secret is my password?  June 2012

Smart Planet, Tyler Falk, The end of the password era, November 2012

When Campaigning for Web Freedom Gets Real, Dirty and Personal, 11 February 2013

Cyber Attack in the UK Set to Be the Biggest Growth Industry, 21 January 2013

It’s the Season to Give Away Lots of Valuable Personal Data, 5 December 2012

What If the Cloud Was a Country, How Green Would It Be? 20 February 2013

Could Computer Over-Reliance Be the Death of Us All? 30 July 2012

Another Week, Another Systems Malfunction, 3 July 2012

Scams Are Out to Get You, Online and Off, 21 May 2012

Image: Naomi IBUKI