Passwords - Have we advanced since 1979?

APOPKA, Fla. - April 15, 2013 - PRLog -- Jerrold Schiff – Organic Search Engine Optimization

http://www.schiffkey.com/schiffkeynews.htm

Passwords

Back in 1979, Professor Carroll, from the University of Western Ontario was on a local cable show, to answer questions regarding computing. The call-in show wasn’t going well, so I picked up the phone and asked, knowing his favourite topic: “Just how secure is the use of your Social Number, and how extensive is it being used?”

Well, this got the professor grinning. He only had an hour show!!! The time was well spent.

Fast forward to 2013. Passwords are everywhere. You may need a password for starting a computer or smart phone. Banks, hospitals, doctor offices,  internet, cable, and financial organizations all require authentication (verification that you are who you claim to be).

A password can be the last four numbers of your Social (the most common use). And there are rules for passwords that start from “four digits” to any number of alpha-numeric* characters, including special characters such as * & # and punctuation. Passwords can be broken, of course. Using computer programs or social engineering (notes stuck to your computer!).

And it doesn’t stop there! Once the person on the phone gets some general info, such as account number, name, address and social – they might stretch it with “Mother’s maiden name” or “First childhood pet”. It just gets worse!

If you’ve followed this so far, you’ve guessed the main problem with passwords.

Once your info is on record with a company, it is now in their computer, and can be accessed by customer support. Now, it is open to humans. It is open to corporate theft. It is open to changing by anyone who knows “enough” about you. Your password, and authentication is NOT SAFE.

Have we done anything to keep information safe in 35 years? NO – just made it worse !

Is there any hope?

What about fingerprints?

You may have seen laptops equipped with scanners. But the technology isn’t there yet. Other laptops use facial recognition software. The fingerprint would have to reside anywhere, with any company, that needed verification. And it would have to be accessible by phone, which is the most common way we try to do business and fix things with customer support.

Time to give up hope? Maybe not !

In the news this week, was an article on breath. It seems that your breath has its own unique “fingerprint”. Jumping forward, we would have to turn smart phones into breathalyzers. You’ve probably already heard of devices to see if you are “legally impaired” – but what about for personal identification? This just might get us closer to an authentication method that you don’t have to REMEMBER, to write down, to repeat from memory, or to change every 6 weeks or from company to company.

Does breath resolve the issue? I am sure there are plenty of ways to social re-engineer methods to use this against us. But, anything that nails an individual to ONE password that you don’t have to remember is a nice step forward. Even if it is wishful thinking in our lifetime!

Footnotes: *alpha numeric

Alpha refers to letters a thru z or A thru Z.

Numeric refers to numbers 0 thru 9

Special characters commonly used are @, *, !, , .

Normally, computer programs request “6-8 alpha-numeric characters, with at least one special character and one capital”

I witnessed a four year old boy explain his password:  p0o9i8    Look at your keyboard. He typed in “p” and went up and to the left of the keyboard !!!!   How easy is that to remember??? Brilliant.

Here is a light hearted joke: What is “DopeyDocSleepyBashfulWashington” ?? 4 characters and a capital.