Passwords are not enough to protect online accounts

As history shows, businesses that should know better sometimes have some password security mishaps.

After a major security breach makes headlines, the common advice is to change passwords and make the new one uncrackable. The only problem with designing a tough-to-crack passcode is that it’s even more difficult to remember. Many experts would say that is the sacrifice users have to make for improved security, but is it really a viable option?Rachel Swaby, a contributor for The Atlantic and Gizmodo, doesn’t think so. Most experts suggest using a 14-character string at minimum, which doesn’t sound too bad for only a few sites. However, many users regularly access as many as 40 password-requiring websites. And, of course, no one should reuse a password because that’s also a bad security practice! Trying to remember that many 14-character passwords sounds a little more unreasonable, but what may be more telling is the fact that most passwords are less than five characters long.

As Swaby’s article pointed out, the current username/password-only system isn’t working. As new technology evolves that can crack even more complex combinations of numbers, letters, foreign symbols and squiggly lines, the situation will only get worse. But there is some hope for online security. Many innovators are already working on new systems that are not only more convenient, but also tougher for cyber criminals to hack.

“Touch-based operations get even more close to home,” Swaby wrote. “Nasir Memon, a professor of computer science engineering at [New York University’s] Polytechnic Institute is taking our offline verification system, our signature, and making it an online one. His iPhone app, called iSignOn, learns your finger’s path across the screen, unlocking when the shape and speed of the signature is repeated. The app is also a password manager, so once you’re in, it will open the doors to a bunch of frequently used services.”

In addition, Swaby reported that Memon is working on integrating biometric technology with tablet devices. A brute force program may be able to crack a weak password in a few seconds, but it could be a little more difficult to steal someone’s fingerprint. And today’s technology has allowed biometrics to be more cost effective than in the past.

Weak password practices among businesses
It’s a little unfair to address the poor security password practices of the average internet user without also placing some blame on web services. As InformationWeek columnist Mathew Schwartz pointed out in August, many of the businesses users entrust with their data don’t take steps to effectively protect that information. Schwartz cited the example of Tesco, the fourth largest retailer in the world, which stored user passwords unencrypted – a practice that undermines any other good password security measures that may have been in place.

Would you feel comfortable using biometrics or a signature based system to login to your online accounts?

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.