Waging the War on Passwords

We have seen large password hacks recently including: LinkedIn, eHarmony, and Yahoo. Hacks so large some in the industry call this the Password Wars. Unfortunately for the general public—we are losing. However, before the trumpets play, let’s give them a fight. Our feature blogger Darren Leroux has touched on this subject before and inspired me to really take a look at innovations that may change the way you secure your information. 

Suffice it to say, passwords have run their course and are becoming easier to crack. Technology grows at an intense rate and the intelligence of the technology that is commercially available today is very high—perfect weapons of destruction for the resourceful hacker. A blog site, Ars Technica, explains how,  “a PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them.“

Even though, theoretically, passwords are supposed to be random, due to the human thought process of online users, the passwords follow a certain pattern. Humans are, of course, creatures of habit. Some of these tendencies include capital letters at the beginnings of passwords and numbers at the end as seen in the notorious RockYou hack in 2010.

So who is fighting for the home team? I am interested to see what may come out of FIDO alliance (Fast Identity Online)—a consortium of vendors looking for alternatives to password protection. The alliance looks for innovative techniques that employ simpler, stronger authentication.

Some current alternative authentication techniques being developed include:

  • Google’s Ring-like Physical Token –A USB-based token authentication technology. To gain access, the user plugs it into their device and launches the Chrome browser which in turn automatically logs him/her into his/her Google account by virtue of the token being detected. Rumours on the blogosphere speculate that these tokens will be ergonomic and possibly wearable.
  • DARPA’s Active Authentication scheme—creates an authentication system that tracks how the user uses their device; after which these patterns are analyzed and a fingerprint is created off of that. This technology is still in its initial stages of research but looks promising. It may analyze the length of time for which keys are pressed, the style of language of the user and patterns in the mouse usage. Perhaps it’s my paranoia regarding the idea of “Big brother”, but I’m excited to see what secondary benefits a technology like this may contribute to innovation and data mining.
  • Two factor authentication—this method adds another level of security that combines your password and an additional authentication mechanism (like a one-time code that is sent via text message).

This is an interesting area of research spawning during an era of dwindling password security. Nonetheless, train yourself and your colleagues to, at minimum, create better passwords till these innovations get modernized.

Previous Post
Enlightening Conversations
Next Post
7 Myths of Encryption

Related Posts

RSA 2017: Protecting Data Everywhere

The RSA Conference began in 1991 as a forum for cryptographers to gather and share the latest industry knowledge. In 1997 – just 6 years later – WinMagic launched into the data security market – offering software full disk encryption.…

PCI DSS 3.0 and Encryption

Version 3.0 of PCI DSS (Payment Card Industry Data Security Standard) was released in November 2013 and now that version 2.0 became inactive at the end of last year all organizations should have made the transition to version 3.0. (more…)

Educating with Data Security

Education institutions have numerous important and sensitive documents stored that they are responsible for. This sensitive information belongs to students, parents and faculty and comes in the form of loans, financial records, employment records, etc. (more…)
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu