I have never met anyone that likes using passwords, nor for that matter likes remembering 20 different passwords. If you're like me you've got different passwords for everything (i.e. Email, Social Medias, Bank, Debit card, Blog sites, Different boxes, Smart Phones, etc) it becomes overwhelming and hard to not reuse the same password. Not to mention "secret questions" because they ask us personal questions that anyone could find out with a few google searches.
I remember reading an article on what a "secure" password consists of assuming there was such thing as a secure password. This article based "secure" passwords on the basis of brute forcing and rainbow tables. With todays technology and the ability to tap into the ungodly power of a GPU it wouldn't take long to crack an 8-12 character password. The moral of the article was that you need a 20+ character password, and no it doesn't even need to be mixed cases with numbers and special characters. You could simply have a password like "ThisPasswordIsSuperCool" and it would suffice as what that article would consider a secure password. While based on only brute forcing and using rainbow tables would be true, there are other variables to consider. The article was interesting but failed to touch on other important issues.
Another of my favorite blog posts I've read on this very subject is titled Fuck Passwords. This guy has gone above and beyond what I do for generating passwords, but in the same respect the fact we have to just use passwords makes us just as insecure as the next guy.
Aren't passwords all we have?
No! For basic security there should be at minimum 2-form authentication. For good security there should be 3-form. For security measures based on the level of security you need it should go in this order: Something you know; something you have; something you are.
-------------------------------------------------------------------------------------------------
Something You Know: A user name, password, pin
Something You Have: A smart card
Something You Are: Biometrics (Finger print, retina scan, face recognition, etc)
-------------------------------------------------------------------------------------------------
Now we all know this is a bit extreme for what most people do on the internet. Could you imagine having to use a finger print, user name, password and smart card just to log into Facebook? I certainly don't see why we can't have something more for even Facebook though. Google sure thinks so, they recently have been looking into a the development of a secure ID ring that proves you are who you say you are online. You can check that article out here: Google aims to replace passwords with ID ring
In conclusion, passwords have been rendered useless in todays age. They're no longer secure, and no longer protect us as they were set out to do.
No comments:
Post a Comment