by Yvonne DiVita [for 2012, like us on Facebook and share your Wednesday Widsom]
From a Great article in the NY Times (may require a registration) "Passwords are a pain to remember. What if a quick wiggle of five fingers on a screen could log you in instead? Or speaking a simple phrase?"
When I saw the article above, it caught my eye immediately. I don't know about you, but I have at least a dozen different passwords. Some I use over and over, until it's time to change them. Yes, I try to change them yearly. But, it's annoying, it's time consuming, and it's frustration, because I can't remember which passwords go to which account sometimes.
A good many of us write out passwords on sticky notes and put them around our computer monitors. I don't see anything wrong with that (although I don't do it - I have tons of phone numbers on sticky notes around my monitors, but no passwords). Seriously, isn't your actual, physical monitor less likely to be breached, than your harddrive, or online account?
Yesterday the news announced that Apple had been breached. Apple? If Apple can't keep hackers out, who can? And, the U.S. Army? Honestly, it's more disturbing that they can be hacked than the fact that a random store I shop at might be hacked. This means I spend a bit of every day worrying about my bank account and credit card accounts online. The convenience puts me at risk - yet, I have them. Who doesn't?
The article noted here says, "Despite their resilience, passwords are weak, notably because their users have limited memories and a weakness for blurting out secrets. Most people need dozens of them, and they tend to pick ones that are so complex they need to be written down, or so simple they can be easily guessed. Recently, criminals have become adept at stealing passwords by sneaking malicious software onto computers or tricking users into typing them into an illegitimate site." <sigh>
The article notes how easy it is for hackers to obtain your password via your computer, but not what happens if you have your passwords written down somehwere...safe. I ask again, why isn't that an option? No one is going around blurting her password out to untrustworthy friends or inviting strangers in to see the sticky notes on her computer monitor. Seriously...
They conclude their article with the idea of password-plus. I'm just thankful someone is actually working on this. It's a problem that needs a solution - sooner than later.
I expect some folks will call the solutions too much of a good thing, or Big Brother invading our lives, but... I, for one, welcome it.
As they say, "But even if a user has been authorized at the start of a session, what if someone else gains access to her computer an hour later? Darpa, the Defense Department’s technology research arm, has invited security researchers to develop ways to verify a user every instant, based on the way the individual uses the machine — “for example, how the user handles the mouse and how the user crafts written language in an e-mail or document,” it explains on its Web site.
"Each of these techniques is driven by the notion that a password alone is an insufficient means to verify online identity. Think of them as a fortification: a password-plus."
Until then, Microsoft recommends chaning your password often and using a series of characters, not something easily remembered, like your birthday or your graduation date. Or, your kids' birthdays or their first day of kindergarten. Or, anything memorable.
And we're back to the reason passwords are so annoying.