A password is like a house key. It’s job is to secure the lock on your door. If you were to lose your key and a burglar got a hold of it and broke into your house, would it be the key’s fault?
The key is merely doing its other job of allowing entry. The blame rests on the burglar, or the fact that you managed to lose your key.
The same goes for passwords. Blaming passwords for security problems isn’t looking at the whole problem. How the hackers are able to steal vast amounts of data is the real issue.
When deciding how to protect users, it boils down to a choice between security and usability. Most of the time, the choice leans towards usability to make it easier for users. No one likes being locked out of their accounts.
Multi-Factor Authentication Gives You Better Security
More services, however, are adopting the option of a multi-factor authentication system as a heightened security measure. This system requires the combination of several things in order for access to be granted to your data.
Google, for example, has adopted a two-factor verification system which requires two things. One is something you have, in this case a verification code sent to your smartphone. It could also be a physical smart card or token you plug into your device. The second verification is something you know, such as your password or PIN.
A third possible verification for multiple factor authentication is something you are, like Apple’s iPhone option of using your fingerprint. Other possibilities include face, palm, or eye (retinal or iris) scanning.
Making the shift from service utilization to service security will give you greater data protection. Requiring users to adopt added layers of security will assure heightened security. Leaving users in charge of changing their behavior to create better and safer passwords, for example, is a doomed mission.
How Do Our Passwords Fail?
Passwords are guessed, recycled from password dump sites, cracked through brute force attacks, stolen with a remotely installed keylogger, or totally reset by a hacker.
Because guessing is the simplest method, it’s hard to believe that people continue to use predictable, shoddy passwords. There are free password-cracking tools that are available to anyone who wants to try and break in, often with helpful YouTube videos so any novice can do it.
Passwords are reused with wild abandon. You know you do it. You create the perfect combination of letters and numbers, and every time you need to devise a new password for a new account, you fall back on your handy password creation.
Thanks to the inundation of password “hashes,” encrypted but readily crackable passwords that are dumped online for anyone’s consumption, your reused password makes for easy entry into multiple accounts through a single point of failure.
The invention of the cloud makes the ability to trick customer service reps into resetting passwords easier than ever. A hacker can find all sorts of personal information about you online and then use that to gain entry, first into one account, then into another.
The password is not dead, but we need to change our terrible password habits. Strengthen your password and create different versions for different accounts. Use multi-factor verification whenever it is offered. Keep your password keys safe so they can do their job.
Do your part to save the password from death.